Illustration: Sudhir Shetty
Illustration: Sudhir Shetty

SIM swap fraud: What you should know

  • Fraudsters use SIM swap method to steal your financial details
  • Your SIM card can be blocked and exchanged with a fake one through your operator

Mumbai: Recently, a Mumbai-based businessman was cheated of 1.86 crore in a subscriber identity module (SIM) swap fraud. The Bandra-kurla Complex cyber police’s call centre has confirmed the incident. If you are wondering what SIM swap fraud is, here is what you should know:

What is SIM swap?

The simple meaning of the word swap is exchanging one thing for another.

Ritesh Bhatia, a cyber-security expert says, “Say you have a 3G SIM card and want to upgrade to a 4G SIM card. What you do in such a case is that you swap your 3G SIM for a 4G SIM from the service provider. This is what an authentic SIM swap is."

Here you are putting the request to your service provider who deactivates your old SIM and gives you a new SIM, which activates within a few hours. Our mobile phones are loaded with information, right from your contact lists, photos, emails, and Short Message Services (SMSS) to financial details such as Automated Teller Machine (ATM) withdrawals alerts and one time passwords (OTPs) sent by banks for net banking transactions.

Fraudsters use SIM swap technique to steal your financial details by blocking your SIM card and exchanging it with a fake one. They do this through your service provider. They get a brand new SIM card for your registered mobile number from your service provider. This means once the SIM is swapped they get access to your OTPS, financial accounts and card related alerts, which they use to commit the fraud.

How does this work?

There are two steps to this fraud, SIM swap and net banking fraud. Mayur Joshi, CEO, Indiaforensic.com, a company engaged in the prevention, detection, and investigation of frauds, says, “Fraudsters send you a harmless looking Trojan or malware and get access to your basic bank account basic details and your mobile number. Then they call you and pose as you service provider agents and ask for your details."

You’d be surprised to know how many unsuspecting victims easily give away the details without a second thought. The fraudsters approach the service provider (posing as you, with fake papers), request to swap the SIM. After verification, the service provider deactivates the old SIM, which is in your mobile. The fraudsters get a new active mobile SIM card. And, since your SIM card has no network.

Joshi says, “Then all your financial SMSS, OTP alerts, and other financial alerts or transactions confirmations are sent to the new active card and it falls into the hands of fraudsters."

Imagine the number of financial agents out there who have your KYC documents and mobile number.

“This is a two-step fraud where the fraudsters first get your bank details through phishing emails or malware or Trojans and then they block your SIM through the SIM swap technique," Joshi said.

By the time your SIM shows no service, and you find out from the service provider that there was a SIM swap request and you visit the branch with KYC to figure out what’s the real issue, the fraudster has stolen your money from your bank account.

What you should know

There are two parts to this fraud. To deal with the first step is to follow the basic online security hygiene against phishing. (See box)

Remember, phishing is a kind of e-mail fraud technique in which the fraudster sends out genuine-looking emails or website links in an attempt to gather your personal and financial information.

As far as step two goes, don’t give away your details to anyone whatsoever. If you see no service on your SIM, contact the service provider at the earliest. If your SIM has been deactivating at midnight, you can’t do much about it really.

Like it or not, there’s nothing much you can do from your side, apart from being more vigilant.

Close