mail-box-lead-generation

written by | February 25, 2022

SIM Swap Fraud – What it is and how you can stay safe

×

Table of Content


As India's telecom sector developed, telephone-related services such as phone banking are more readily available over the phone. Better technology necessitated better infrastructure, and with SIM cards, transformation became a requirement. To access 4G services, users must replace their old 3G SIM card with a service provider's 4G SIM card. This is a genuine case of a SIM swap.

The customer then requests the service provider to disable their old SIM and replace it with a fresh one activated in a few hours. Mobile phones are jam-packed with apps and information, including contact lists, photographs, and more like emails and Short Message Services (SMS). SMS is used to communicate financial information such as Automated Teller Machine Alerts for ATM withdrawals and one-time passwords that banks send out like one-time passwords (OTPs) for net banking transactions. This makes users especially vulnerable to SIM swapping. 

Did you know? Several high-profile hacks have taken place using SIM swapping, consisting of a few on the social media websites like Instagram and Twitter. In 2019, Twitter CEO Jack Dorsey's Twitter account was hacked through this method.

What is SIM swap fraud?

Mobile numbers have become a customer's identity, and many services, including banking services, are now available via mobile. Many security features have been built around mobile numbers, such as transaction messages, One-Time Passwords for financial transactions, Net Secure Code, and so on. Such information is critical for scamsters who wish to defraud customers. In SIM-Swap Frauds, fraudsters attempt to obtain duplicate SIM cards from telecom carriers under the guise of a misplaced SIM or with the help of their personnel and then gain access to the bank's secret information.

Also read: What is Bharat BillPay?

How does SIM fraud work?

Fraudsters use the SIM switch approach to steal your financial info by blocking off your SIM card and changing it with a fake one. They do that through your carrier provider, and they get a brand-new SIM card for your registered cell range from your provider company. This way, as soon as the SIM is swapped, they get access to your OTPs, financial accounts, and card-related messages, which they use to commit the fraud. 

There are two steps to this fraud, Net banking fraud and SIM Swap

  • Net banking Fraud: Fraudsters ship you an innocent-looking Trojan or malware and get access to your bank account basic details and your cell number. Then they call you and pose as your provider or company seller and ask for your information.
  • Sim Swap Fraud: Many unsuspecting victims give away their information without a second thought. The fraudsters approach the provider company (posing as you, with mock papers) to switch the SIM. After verification, the provider company deactivates the old SIM in your cell. The fraudsters get a brand-new active cell SIM card. And then your SIM card has no network. Afterwards, all of your financial SMS, OTP messages, and different financial alerts or transaction confirmations arrive on the new active card, and it falls into the hands of fraudsters. 

It is a 2-step fraud in which the fraudsters first get your financial institution info through phishing emails or malware or Trojans, after which they block your SIM through the SIM swap approach. 

SIM swapping involves a user being targeted. Attackers collect as much information as possible on the victim. The attackers then impersonate the victim and requests for a new SIM card. The attacker now controls a device with the user SIM and thereby gains access to the victim’s bank accounts.

The method adopted for SIM Swap Fraud

The fraudster acquires the victim's bank account details and registered mobile phone number through social engineering techniques such as phishing, vishing, and smishing. Then, masquerading as the victim with a fake ID, they go to the cell operator's store to have the genuine SIM banned. Following verification, the operator deactivates the real customer's (victim's) SIM card and issues a new SIM card to the fictitious client (fraudster). Now, utilizing the banking information obtained through Phishing/Vishing operations, the fraudster can obtain OTPs with the new SIM and perform fraudulent transactions on the victim's debts. 

Also read: Know About AEPS - Aadhaar Enabled Payment System

What should we know about SIM Swap Fraud?

Phishing is an email fraud approach wherein fraudsters send out genuine-looking emails or internet site links. It is a try to acquire your private and financial information. As far as step two goes, do not give away your information to anyone for any reason whatsoever. If you notice no carrier for your SIM, contact the carrier issuer at the earliest. Like it or not, there is not anything much you may do out of your side other than being extra vigilant.

How can we protect ourselves from this fraud?

  • Be wary of social engineering techniques like vishing, phishing, and smishing, which are designed to steal your personal and private information.
  • Inquire with your cell operator right away if your phone number is inactive or out of range for unspecified reasons or for a long time.
  • Change your bank account password as soon as possible to avoid the worst-case situation. 
  • You can sign up for email alerts in addition to regular SMS for your banking transactions. This ensures that even if your SIM is deactivated, you will continue to get alerts through email.
  • Check your bank account statement regularly to ensure that you made the transactions listed therein.
  • In the event of fraud, reach out to your bank as soon as possible to get your account frozen and prevent further fraud.

​​​​​​​​​​​​​​​​​​​​​​​​​​​​Some famous incidents/frauds involving SIM swap fraud

Several high-profile hacks have taken place using SIM swapping, consisting of a few on the social media websites like Instagram and Twitter. In 2019, Twitter CEO Jack Dorsey's Twitter account was hacked through SIM swapping.

In May 2020, a lawsuit was filed towards an 18-year-old Irvington High School senior in Irvington, New York, Ellis Pinsky, who was accused with 20 co-conspirators of swindling virtual currency investor Michael Terpin – the founder and chief government officer of Transform Group. An amount of $23.8 million in 2018 was siphoned when the accused was 15 years old through the usage of information stolen from smartphones through SIM swaps. The lawsuit was filed in federal court in White Plains, New York, and requested triple damages.

SIM Swap frauds are on the rise in India as well. Several SIM card swapping have been reported in the last few years. One of the latest instance of such a case was that of Abhishek Chaudhary, the manager of Sugal and Damini Utilities Private Limited, who was allegedly involved in transferring money from bank accounts by transferring sims, with one victim reporting ₹ 9.94 Lakhs were siphoned from their bank account.

Also read: IMPS (Immediate Payment Service)- What is IMPS Transfer, IMPS Payment, Timings & Limit

Conclusion

We hope that this article is useful for you in knowing about the SIM swap fraud, its meaning, the method adopted by fraudsters, and how to prevent this fraud. In case of any clarification, you can contact us at Khatabook.

Kindly report the case to either your card issuing bank or reach out to the nearest Cybercrime. Send an email to cybercell@khatabook.com to report the case.

Important: Never share OTPs, PINs, or any other codes that you receive via SMS or other channels. Never share your Account Number or Credit and Debit Card details on a public platform.

FAQs

Q: What is a Sim Swap Attack?

Ans:

SIM swap attacks use a common flaw in mobile phones and authentication. SIM swap hacks specifically target phone numbers to steal passwords, bank information, cryptocurrency, and other important goods. Phone numbers are at the centre of customer verification for various enterprises, particularly those that have switched to the internet. You can use a one-time SMS code to reset passwords on many websites. All a fraudster needs to attack this type of account successfully is access to the target's mobile phone number—nothing more.

Q: What are the signs of a victim of SIM Swap Fraud?

Ans:

Staying ahead of SIM swapping frauds might be difficult, and it's critical to notice warning indications so that you can promptly disable the fraudsters' access.

• You are unable to make or receive calls or texts.

• You've been notified that there's been activity elsewhere.

• You can't get into your accounts.

Q: What is simjacking?

Ans:

SIM swapping, also known as SIMjacking, SIM hijacking, and SIM splitting, is a scam in which a fraudster persuades your mobile provider to move your number to a new SIM card in their control.

Q: What makes these scams so dangerous?

Ans:

SIM swap scams usually aim to gain access to one or more of the target's online accounts. The attacker behind the assault also counts on the victim's usage of two-factor authentication via phone calls and text messages (2FA). If this is the case, they can wreak havoc on their victims' digital and personal lives, including emptying bank accounts and maxing out credit cards, destroying their reputation and credit with banks. Attackers might also gain access to their victim's social media accounts and obtain private messages or conversations, which could be harmful in the long term. Alternatively, they may send disrespectful comments and status updates to their victims, damaging their reputation.

Q: Can SIM swap fraud lead to payment disputes?

Ans:

SIM swap fraud is a more profitable venture for thieves than credit card fraud. They can drain funds directly from a victim's bank account using a hijacked phone number, eliminating the need to make fraudulent purchases that they then have to figure out how to liquidate for cash.

Q: What are some best ways to protect yourself from SIM swap fraud?

Ans:

Following are the most effective ways to do the same:

  • Calling your carrier's customer support number right away can assist you in figuring out what's wrong.
  • Many carriers allow you to encrypt your account with a PIN or other measures that make it tougher for fraudsters to sweet-talk their way into accessing your account. • You can use Google Authenticator to produce the same sort of codes you'd send by SMS without the vulnerability to SIM swapping.
  • However, Google Authenticator has some drawbacks, the most significant of which is that it is tethered to the phone. 
  • Biometric data, such as facial recognition software or a fingerprint, is another two-factor authentication. Fingerprint login is now available in qualified apps on both Android and iOS, and some 3rd services offer to authenticate users by asking them to take a quick selfie.

Q: How does sim swap fraud work?

Ans:

In most cases, a fraudster would use phishing emails to persuade a victim to reveal information that will allow them to obtain access to their accounts. They contact the phone provider, pretending to be the victim, and request a SIM card transfer to a new handset once they have what they need.

If they succeed, the victim's phone number and any other data on the SIM card are transferred to a new card in the fraudster's control almost instantaneously. Now, if the victim's phone number is called or texted, the fraudster's phone will receive it, allowing them to circumvent authentication techniques that rely on phone contact quickly.

Q: What is SIM swapping?

Ans:

SIM swapping is a way for someone to steal your mobile phone number. It happens when a criminal tricks your cell phone provider into transferring your phone number to their SIM card (the small, plastic chip inside a mobile device that keeps information about a cell phone user).

Disclaimer :
The information, product and services provided on this website are provided on an “as is” and “as available” basis without any warranty or representation, express or implied. Khatabook Blogs are meant purely for educational discussion of financial products and services. Khatabook does not make a guarantee that the service will meet your requirements, or that it will be uninterrupted, timely and secure, and that errors, if any, will be corrected. The material and information contained herein is for general information purposes only. Consult a professional before relying on the information to make any legal, financial or business decisions. Use this information strictly at your own risk. Khatabook will not be liable for any false, inaccurate or incomplete information present on the website. Although every effort is made to ensure that the information contained in this website is updated, relevant and accurate, Khatabook makes no guarantees about the completeness, reliability, accuracy, suitability or availability with respect to the website or the information, product, services or related graphics contained on the website for any purpose. Khatabook will not be liable for the website being temporarily unavailable, due to any technical issues or otherwise, beyond its control and for any loss or damage suffered as a result of the use of or access to, or inability to use or access to this website whatsoever.
×
mail-box-lead-generation
Get Started
Access Tally data on Your Mobile
Error: Invalid Phone Number

Are you a licensed Tally user?

Disclaimer :
The information, product and services provided on this website are provided on an “as is” and “as available” basis without any warranty or representation, express or implied. Khatabook Blogs are meant purely for educational discussion of financial products and services. Khatabook does not make a guarantee that the service will meet your requirements, or that it will be uninterrupted, timely and secure, and that errors, if any, will be corrected. The material and information contained herein is for general information purposes only. Consult a professional before relying on the information to make any legal, financial or business decisions. Use this information strictly at your own risk. Khatabook will not be liable for any false, inaccurate or incomplete information present on the website. Although every effort is made to ensure that the information contained in this website is updated, relevant and accurate, Khatabook makes no guarantees about the completeness, reliability, accuracy, suitability or availability with respect to the website or the information, product, services or related graphics contained on the website for any purpose. Khatabook will not be liable for the website being temporarily unavailable, due to any technical issues or otherwise, beyond its control and for any loss or damage suffered as a result of the use of or access to, or inability to use or access to this website whatsoever.