Beware of SIM Card Swap Fraud

SIM swap fraud is a relatively new, sophisticated form of cyber fraud that allows hackers to gain access to bank accounts, credit card numbers, and other personal data. The SIM swap cases were reported in the US and Europe in 2013 and now it’s in trend in India. People have lost more than Rs 200 crores in these SIM swap scams.

Fraudsters use SIM swap method to steal your financial details. Your SIM card can be blocked and exchanged with a fake one through your operator. They get a brand new SIM card for your registered mobile number from your service provider. This means once the SIM is swapped they get access to your OTPs, financial accounts and card related alerts, which they use to commit the fraud.

What is a SIM swap fraud?

Nowadays, most of the banking services are available on the mobile phone. For online transactions, one needs One Time Password (OTP), Unique registration number (URN), 3D secure code etc. which is all provided through the registered phone number of users. 

SIM swap fraudsters would send phishing mail impersonating credit card companies/health insurers to take out legal names, dates of birth, addresses, and phone numbers of their targets. They also collect personal data of the users from social media platforms or through Trojans/Malware.

Next, they would call the mobile service provider of the victim and request a new SIM claiming they have lost mobile handset, or got a new handset or damaged SIM card. Using the manage to get a new SIM card issued for the registered mobile number of a user. Once a new SIM card is issued, the mobile service providers deactivate the old SIM card, which in SIM swap fraud case is in customers possession. Now, the victim will not receive any SMS on their phone.

Once criminals have access to a victim’s phone number, they target bank accounts. For most of the online banking services such as password reset, online money transferring (NEFT, RTGS etc.), you need One Time Password (OTP). Since they have access to victims mobile number they can easily use the URN/OTP & alerts required for doing financial transactions through the bank account.

How to be safe from SIM swap fraud?

• The first warning signal can be your mobile network. If your phone is out of network continuously for a few hours, it’s an alert and you should complain the same to your mobile operator immediately.
• Check your bank account statement regularly and also register for both email and SMS alerts for your banking transactions.
• The 20 digits SIM number mentioned on the back of the SIM card is crucial. Never share it with anyone.
• Do not put your mobile number on public display on social media or any other websites.

Precautions and prevention

There are a few dos and don’ts that can be followed to protect yourself from SIM swap frauds and to contain damage.

• One, never disclose your confidential information such as internet banking user id, PIN, passwords and card CVV numbers. Be careful what personal details you share on social media; refrain from putting up your phone number on such platforms.
• Use only genuine software on your computers and mobile phones; do not tamper with security setting of your mobile phones, and update anti-virus protection regularly to prevent malware attacks.
• Do not respond to unknown mails or calls, especially those that seek your account or card details or phone number. Responses to seemingly innocuous mails or calls could help fraudsters anticipate likely answers to security questions.
• Be alert about your mobile phone connection. If your mobile phone service stops for unknown reasons, check with your mobile operator immediately and notify your bank as well. Register for both SMS and e-mail alerts for details about every financial transaction.