The bank has advised: 'never share your contact details publicly on any social media platform as it is sensitive personal information'
ICICI Bank has warned users of SIM-Swap fraud. In a Twitter post, the bank has advised: "never share your contact details publicly on any social media platform as it is sensitive personal information".
So what exactly is a SIM-Swap fraud for which the bank has issued an advisory?
According to the bank's website, under SIM swap/exchange, a fraudster manages to get a new SIM card issued for your registered mobile number through the mobile service provider. With the help of the new SIM card fraudster gets unique registration number or OTP (one-time password) and alerts required for doing financial transactions through your bank account.
To carry a SIM-Swap fraud, fraudsters first obtain your bank account details and mobile registration number. They get this through an attack known as phishing. For example, they can call you posing as the bank executive and get the account details. Many such details are also available on the dark web, where such data is sold for few rupees.
They can also install trojan or malware in your phone or computer by sending an email.
Once they get your registered mobile number and bank account details, they approach the SIM card issuer. Fraudsters can use any excuse to get the new SIM card like they have lost the mobile phone which had the SIM. Using forged documents, they obtain a new SIM from the cellular operator.
Once they obtain the new SIM card, the original one with the customer stops working. They use the new SIM card for unauthorised transactions.