What is SIM Swap Fraud & How to prevent it?

The telecom and financial services have drastically changed over the last 15-20 yrs. and this means that you can do lots of things over your phone now. You don’t need to go to bank for everything. Now your mobile itself is a bank and it will let you transfer money to anyone and transact with just a click of the button.

While this is wonderful news, it’s also a bad news because various kind of cyber frauds have started happening from last few years. Today I am going to share about one such fraud called as “SIM Swap Fraud”

I also requested one of person I know personally who actually lost money because of this fraud, and I requested him to jot down what exactly happened and steps they took after the fraud happened.

What is SIM Swap Fraud?

SIM swap fraud is a very sophisticated type of cyber fraud, where the attacker first blocks your sim card, and then gets a duplicate sim issued and gets access to all OTP/SMS which are required to make the transactions. This also means that they put a request to your mobile company with forged documents or online and if you have not secured your data/documents – it’s not very tough to get it done.

On top of it, if you do not act fast or take things lightly – the chances of fraud getting successful is very high.

People have lost amounts ranging from few Lacs to few crores. Just have a look at the below screenshot

The sim swap frauds are also known as SIM splitting, SIM jacking, SIM hijacking, or port-out scamming in different countries.

A real life case of an NRI who lost money from his bank account

So a few weeks back, one of the NRI readers of this blog mailed me asking for help on a fraud which happened in his bank account and he lost money.

Luckily the amount was just in thousands. I looked at his email and soon realized that this is a case of SIM SWAP fraud. While he has not got the money till now, I asked him to share the entire incident with all of us so that we can learn from this incident.

Please go through his experience which I got by email.

Hello Manish,

Greetings and appreciate your thoughtfulness to create awareness to this fraud,

So the story goes this way

My wife has a savings account in ICICI and me being NRI she travels to visit me for more than 5 months in a year as such I had linked my Sisters Phone number for net banking and all was going well. as local numbers don’t work in the country I live.

Recently my sister was having issues with idea sim card and she had registered a complaint with idea, and she was told a customer care will coordinate with her. then there was the lockdown and curfew and banks shops etc all closed.

One day a person called her and said he was from idea customer care and she needs to upgrade her sim from 3G to 4G and to do that she needs to text him a code and a sim card no a 20 digit number, due to lockdown since idea center is closed this is her option, which she did, she got a call back saying it will take about 4 hours for this upgrade and she may not get coverage until then.

my email was linked to that ICICI account and I got an email that there was a failed attempt to access my online account.

I replied to ICICI customer care and there was no reply. ( Got reply after two days, Standard written email do not share otp, password etc with any one and if suspicious report to ICIC customer care)

But I was able to log into net banking and did not find anything suspicious.

The next day I was off and was not online to check emails for full day in the evening I saw 8 emails from ICICI auto emails, password changed, new beneficiary added, OTP sent to Registered mobile, amount transferred to beneficiary account. balance in my account is now zero.

Now it’s a Saturday bank is closed, Lockdown cannot go out, customer care lines are busy and on hold for 25 min, and finally when she got on line with customer care they said she is not calling from registered mobile and they cannot help us.

The damage was done. The hacker took control of the sim and was getting OTP and had reseted the password using registered phone number.

The complaints we made

Sister went to idea and narrated the incident and idea said this normally does not happen this way and only authorized person in idea can do the sim swap and said they will investigate it

Wife went to police to complain, they are clueless on this matter and were more interested on knowing the fraud for their personal reason and challenging wife stating what she was telling can never happen and they never heard of such case and there must me something else which has happened and not sim swap. but when my wife raised her tone they took the complaint and said they will forward it to cyber branch.

Till date no positive lead.

Wife went to bank to complain, they saw the log and found the transaction is done through correct channel and there is no fraud, Password changed by registered mobile, otp sent to registered mobile and all things done legally without breach..

However as there was a police complain they traced the beneficiary account and put a freeze and lien on that account (In case he deposits money that money will be directly transferred to my account).

We changed the mobile number and now my wife gave her new local number, and they said not to use the account for some time till the investigation is over.

that night wife get a call from ICICI customer care saying we have registered your complain and your money will be transferred to your account tomorrow.

Wife goes to ICIC and meets manager she say no this case is not solved and normally it takes more than 15days for this and this call is not from us.

Wonder how the hacker got this number which was just given to ICICI, also though ICICI said they deleted the old phone number and registered the new phone number my sister is still getting messages when we complain to ICICI they say it cannot be and when shown proof via screen shots said we will forward to our IT dept.

So till date this is the final summary

Idea mobile operator claims no responsibility of damage done to bank account but their responsibility is to give control of the sim card back to my sister in 24 hours and they did it

Bank does not take any responsibility as the transaction was done by the registered mobile number

Police claims it was out carelessness to give the 20 digit number to the hacker and they can do nothing

I Learnt a very good lesson and will be more careful in these matters.

Jerry

From the real life incident of the above, I can see that it’s a bit of everything. Some bad luck, some carelessness, some ignorance and a lot of smart work by fraudster. These sim swap frauds are not easy to achieve as there are lots of things which needs to happen.

Let us now look at exactly what are the steps which are involved into Sim swap fraud.

4 Steps of Sim Swap Fraud – How it can happen to you?

Let’s understand how exactly a sim swap fraud happens through 4 steps process

Step 1 – Fraudster steals your important data

In this first step, the fraudster gets your personal information like your PAN number, Bank account number, phone number, your net banking password, and any other details which are essential for an online transaction. These things can be acquired using various methods like Email/Phone/SMS frauds or by hacking into your personal devices .

Sometimes there can be data theft by getting access to your documents which might be lying with someone (imagine you give your laptop for repair and some file has all the data or imagine you leave your bank statement at a Xerox shop)

Step 2 – Placing a request for SIM Swap with your SIM company

The next step is quite important and the main step, where the fraudster places the request for sim swap with your sim company by posing a fake identity and giving all relevant documents or through online mode.

Here the person may also call you to inform you about you posing as the sim company representative and tells you a lie that your sim will be active in some time as there is an upgrade going on or something like that.

You will generally get a sms or email from sim company telling you that your sim swap request will be complete soon.

DONT IGNORE THIS SMS at any cost. This is exactly where a customer mind presence is required and you have to act fast. A lot of people who do not understand how thing work online fall prey to it. Imagine if your 70 yr old father gets this kind of sms, he might not understand exactly what it is!

Step 3 – Doing the transaction

Once the sim swap request is processed, the game is almost over because the fraudster now has all the login details and the main thing – THE NEW PHONE NUMBER which is linked to the net banking/card.

Now all they have to do is add a beneficiary and complete the transaction

Step 4 – The fraud happens

And finally, the OTP comes to the new phone number and the transaction is complete. This is the point, where you loose the money and getting it back it quite tough. I strongly suggest that you read these 21 tips you should follow to secure your banking transactions

Some Safety Tips which can prevent you from such Frauds –

• If your network is lost for a very long time like more than 20-30 min, be alert and enquire about it from your mobile operator
• If you ever get a sms/email alerting you that your sim swap request is received, make sure you contact your bank immediately and report this incident. If possible login to your net banking and change your passwords the same moment
• Never share your the 20 digits mentioned on the back of sim card to anyone ever on call. This 20 digits are required for a successful sim swap
• Don’t entertain anyone asking for any kind of OTP or your accounts details
• Register for Alerts (SMS and Email) so that whenever there is any activity on your bank account you will receive an alert.
• Always check your bank statements and online banking transaction history regularly to help identify any issues or irregularities.
• Have strong passwords in your phone and computers. Don’t keep simple passwords which can be guessed by others
• If there is any cyber fraud, immediately inform the cyber cell or the best thing is to file a FIR in local police station.
• Don’t root your phone, if you are not a tech expert.
• Don’t install unverified apps on your mobile or laptop. A lot of these programs can read your computer or phone data
• Don’t leave your important documents Xerox here and there. At times we feel, nothing will happen – but bad things happen!

Do watch this video on preventing sim swap fraud!

Don’t be over confident that it can’t happen to you

Whenever we come to hear about these types of frauds any kind of fraud, the first thought as an investor comes to our mind is that no matter what happens, I will not fall prey to any such frauds.

This is nothing but overconfidence. Be alert and always pay attention to small signals which might be pointing to this kind of frauds, especially when you keep too much money in your bank account.