SIM Swap Frauds : Without asking for OTP your account can be looted!!!

SIM swap frauds happens when a fraudster takes control of someone’s phone number. Recently in the newspaper, head of a company in Bangalore lost fifty lakh rupees and a trader in Kolkata lost one and a half crore rupees, without them giving OTP or consenting to it. In both cases the modus operandi or method used by the thieves was the SIM-SWAP fraud method. Nowadays, most of the banking transactions are done through smart phone with mobile number and OTP as the basis for all banking transactions and everyone’s mobile identity and details are stored in the SIM card. Thieves use this as a basis to perform SIM-SWAP fraud and loot the amount from the victim’s bank account.

How the Sim Swap frauds is done(modus operandi) :–

Thieves first obtain bank accounts, Aadhaar and PAN information of the victim through phishing (collecting details via a call from the bank for a loan or creditcard or via a software malware), then they visit the telecom service provider office(usually in tier-3 city or place where ekyc is not mandatory or process is not followed fully) and mention that their mobile is lost and they want a duplicate SIM card. Apply with the documents collected previously and get a duplicate sim card. The mobile phone company deactivates the original SIM card and activates the new SIM card and from that moment onwards all the victim’s OTP and other messages start going to the thief’s phone. The thief changes the password of the victim’s bank accounts and transfers all the cash to his own bank accounts. By the time the victim comes to know about the fraud and lodge a complaint with the police to block the thief’s bank account, the thief would have emptied all the money from those bank accounts. Since the transferred bank accounts were opened with fake documents, the police will not get any clue about the thief’s whereabouts.

Usually there will be insiders help in most of these crimes and the target victims are usually those who are technically challenged or senior citizens and the crime usually happens on second/fourth Saturday or long holiday weekends so that they get more than 24 hours to carry out the crime without raising alarm.

Prevention steps people can take on SIM Swap Frauds :-

• Link email address on to your bank account number and opt for email updates along with sms

• Use a strong password and double-factor authentication system for all your bank accounts and associate an email address.

• Do not share your bank account user ID and other confidential important information with anyone.

• If your mobile calls are not working as expected, check your email for any bank account activity, notify the bank immediately if there is any activity that you are not aware of, reset your bank account password and revise the transaction limit.

• Do not click on any link or open any messages(email/sms/Whatsapp/facebook/twitter) from unknown or suspicious person

• When giving out your identification documents(aadhar/voter id etc), please mention on the photocopy the reason why you are giving the document

• If you have to give aadhar card photocopy, please give only the printout containing masked aadhar number available on aadhar website.

If you are a victim of SIM Swap Fraud :-

If your mobile supports e-SIM you can immediately change the e-SIM to prevent SIM-swap fraud. As per RBI guidelines, if you file a complaint with your bank or cyber police about the incident without delay and you are not negligent, you can get your money refunded. You can take legal action against the telecom company and the bank to get your money back. Telecom regulator has issued guidelines to bar sms for 24 hours on any sim card change to minimize the fraud.

Sources/References :-

1. RBI guidelines on Unauthorised Electronic Banking Transactions : https://www.rbi.org.in/scripts/NotificationUser.aspx…

2. Bar on SMS for 24 hours on sim card issue/re-issue: https://dot.gov.in/…/SIM%20Exchange%2024%20Hours…