Home >Money >Personal Finance >How to avoid being a victim of SIM swap fraud

Earlier this month, Twitter co-founder and chief executive officer Jack Dorsey was in the news for becoming a victim of a SIM swap fraud. In this type of fraud, the original SIM is cloned, and the duplicate is misused to get access to the victim’s mobile phone and, thereby, to the victim’s online bank account from where funds are transferred to the fraudster’s account. For Dorsey, the issue was resolved quickly without any financial damage, but when ordinary investors become the victims of such a fraud, the damage may be difficult to control and it may take them time to recover the stolen money.

SIM swap fraud is increasing in India too. For instance, in June, a senior citizen reportedly lost 25 lakh from his bank account to a SIM swap fraud. “SIM swap in cyber space fraud is the latest technique adopted by cyber criminals to gain access to the customer’s bank accounts, credit cards and other personal data," said Dhananjayulu Dhaddhala, vice-president and business head, Giesecke+Devrient Mobile Security India, a global firm that offers security technologies.

We tell you how SIM swap fraud is carried and what you can do to protect yourself from it.

What is Sim Swap?

There are times when you need to get your SIM swapped. Say, you have a SIM card which isn’t working properly. In that case, you will need to ask the service provider for another SIM with the same number. Once you put in the request, the service provider will deactivate your old SIM and activate the new SIM in a few hours. In such cases, the new SIM will have all the data from the old SIM such as contact lists, SMSes, emails, apps, messages, photos and other media.

Fraudsters get the SIM swapped when they want to steal personal data—obviously, without your consent—to misuse it. “Fraudsters obtain your personal information through a wide variety of techniques, like shimming, vishing and phishing. Once that’s done, they immediately contact your mobile operator, block your existing SIM card, and obtain a new SIM card," said Aditya Kumar, founder, a technology firm that provides digital lending solutions.

How does the fraud play out? Typically, the fraudster calls you and poses as your service provider and offers some fake upgrades or information related to services. To make you eligible for these upgrades, the fraudsters ask you to confirm a few important details. You then get an SMS or email with some kind of Trojan or malware, which can easily access your basic bank details, among other information. Once the fraudsters have your data, they approach your service provider, posing as you, along with some fake documents, and fills in the SIM swap request. On verification of the fake papers, the company deactivates the old SIM, and issues the new SIM to the fraudster. The new SIM is activated within a few hours. In the meantime, your SIM will show no signal or network. Since the deactivation usually happens at night, you wouldn’t be alerted to your mobile phone having no network. “Once the SIM is swapped and the fraudster is in possession of the new SIM card, the fraudster will have access to the victim’s phone number and will be able to operate his bank account etc. Since the victim will be unable to use the mobile services during the period, he will not be able to receive alerts or OTPs from banks or credit card companies," said Dhaddhala.

In short, through SIM swap, fraudsters can access all your mobile data, including all new SMSes and OTPs generated by him for wiping your bank account clean.

What you can do

Being vigilant about the information you reveal to others is the most important thing. In case you don’t have a network on your mobile and have not received SMSes for a substantial amount of time, get in touch with your service provider. Some service providers send text alerts before a SIM swap, which means you might want to read SMSes sent by your service provider carefully going forward.

Sanjay Katkar, joint managing director and chief technology officer, Quick Heal Technologies Ltd, an IT security solutions provider, said, “There are a few things you can do as a precautionary measure. Avoid making your phone number public on social media sites. As phishing is used as the main weapon in this type of scam, install anti-phishing and anti-malware protection on your devices. If your bank offers SMS and email alerts for all your banking activities, then opt for both the options."

Always use genuine softwares on your computers and smartphones. Never tamper with the security settings of your phones and update anti-virus protection regularly to prevent malware attacks.

Rajesh Mirjankar, managing director and chief executive officer, InfrasoftTech, a fintech specializing in digital solutions and software for banking, financial services and insurance sectors, said, “Avoid ‘click baits’ and beware of any unsolicited emails, texts or even calls asking for personal or financial information, even if they claim to be calling from your trusted bank or institution. Use sophisticated authorization tools or apps, where a specific piece of code is used to authenticate your identity and not merely an SMS. That way fraudsters will not be able to access accounts as the app will reside on your personal phone and will require your action." In other words, be mindful of the kind of apps you download on your phone.

“Finally, switching off your phone for long periods for reasons such as unwanted calls or SMSes could be dangerous. These calls could be a ploy to trick you into turning off your phone, so that you remain unaware of any connectivity issues," added Katkar.

Another thing you can do is avoid using your phone number as a recovery option for your passwords and account. To access codes, personal identification numbers and similar information, use another email ID, which is not linked with your phone number. Be careful about your personal data to avoid SIM swap fraud.

Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.

Never miss a story! Stay connected and informed with Mint. Download our App Now!!

Edit Profile
My ReadsRedeem a Gift CardLogout