Mumbai: Recently, a Mumbai-based businessman was cheated of ₹1.86 crore in a
subscriber identity module (SIM) swap fraud. The Bandra-kurla Complex cyber police’s call centre has confirmed the incident. If you are wondering what SIM swap fraud is, here is what you should know:
What is SIM swap?
The simple meaning of the word swap is exchanging one thing for another.
Ritesh Bhatia, a cyber-security expert says, “Say you have a 3G SIM card and want to upgrade to a 4G SIM card. What you do in such a case is that you swap your 3G SIM for a 4G SIM from the service provider. This is what an authentic SIM swap is."
Here you are putting the request to your service provider who deactivates your old SIM and gives you a new SIM, which activates within a few hours. Our mobile phones are loaded with information, right from your contact lists, photos, emails, and Short Message Services (SMSS) to financial details such as Automated Teller Machine (ATM) withdrawals alerts and
one time passwords (OTPs) sent by banks for
net banking transactions.
Fraudsters use SIM swap technique to steal your financial details by blocking your SIM card and exchanging it with a fake one. They do this through your service provider. They get a brand new SIM card for your registered mobile number from your service provider. This means once the SIM is swapped they get access to your OTPS, financial accounts and card related alerts, which they use to commit the fraud.
How does this work?
There are two steps to this fraud, SIM swap and net banking fraud. Mayur Joshi, CEO, Indiaforensic.com, a company engaged in the prevention, detection, and investigation of frauds, says, “Fraudsters send you a harmless looking Trojan or malware and get access to
your basic bank account basic details and your mobile number. Then they call you and pose as you service provider agents and ask for your details."
You’d be surprised to know how many unsuspecting victims easily give away the details without a second thought. The fraudsters approach the service provider (posing as you, with fake papers), request to swap the SIM. After verification, the service provider deactivates the old SIM, which is in your mobile. The fraudsters get a new active mobile SIM card. And, since your SIM card has no network.
Joshi says, “Then all your financial SMSS, OTP alerts, and other financial alerts or transactions confirmations are sent to the new active card and it falls into the hands of fraudsters."
Imagine the number of financial agents out there who have your
KYC documents and mobile number.
“This is a two-step fraud where the fraudsters first get your bank details through phishing emails or malware or Trojans and then they block your SIM through the SIM swap technique," Joshi said.
By the time your SIM shows no service, and you find out from the service provider that there was a SIM swap request and you visit the branch with KYC to figure out what’s the real issue, the fraudster has stolen your money from your bank account.