Thursday, January 15, 2015

Mobile Phone SIM Swap or SIM Exchange fraud and how to protect your selves?

Mobile Phone SIM Swap or SIM Exchange fraud and how to protect your selves? By Prashant Mali


I have clients who have lost Rs. 1,25 Crores to Rs. 30,000/- in SIM Exchange/Swap fraud and mind it no one was computer illiterate. As the name suggests, someone may buy a new SIM from the same network provider and start to operate all your banking transactions. The bank will not differentiate between you and the fraudster. Because the account is operating from the same number. Even mobile operator are also unable to track such frauds and sometimes abet the crime by faulty KYC Checking.

SIM Swap Fraud
Let us see each step one by one.
1) Fraudsters gather your information-The first step they do is to gather your personal information. Usually, they try to access your personal information by way of phishing, Vishing, Smishing or any through the Trojans / Malware. They try to gather your banking details.
2) Fraudsters visit mobile operator to block your SIM-They approach mobile operator with genuine customer fake ID proof and request operator to block the SIM. They provide the reason as loss of handset or SIM damage.
3) Issuance of new SIM to fraudster-After due verification, a mobile operator issues a new SIM with the same number to a fraudster. Because even for a mobile operator it is hard to find a genuine customer. They issue the duplicate SIM to a fraudster. Once this new duplicate SIM is issued, then the genuine customer mobile phone will be without a network. Therefore, a genuine customer stopped to receive the SMS alerts on the phone.
4) Fraudster accesses your bank account with new SIM-Fraudster then initiates financial transactions (from the banking details which he has already stolen) by generating a one-time password (OTP). This new password will be sent to the fraudster’s new SIM but not to a genuine customer. Hence, a genuine customer kept in dark.
How the fraudsters get bank details?
SIM swapping/exchange is usually phase two of a fraud attack. Initially, they send a phishing email (or other similar phishing attempts) to get all your banking details. These details can also be stolen using Trojans/Malware. They also work towards getting the victim’s personal information and may even go as far as stealing identity and creating fraudulent ID documents. In order to use all of this gathered information, they need access to the victim's mobile messages – hence the SIM swap. In some countries, notably India and Nigeria the fraudster will have to convince the victim to approve the SIM swap by pressing some keys.
Once this happens the victim's phone will lose connection to the network and the fraudster will receive all the SMS and voice calls intended for the victim. This allows the fraudster to intercept any one-time passwords sent via SMS or telephone calls sent to the victim; and thus to circumvent any security features of accounts (be they bank accounts, social media accounts etc.) that rely on SMS or telephone calls.

How to protect from such frauds?

If your phone is out of network continuously for a few hours specifically on weekends, then you have to take it seriously and be alert and complain the same to a mobile operator.
Never switch off your mobile for long periods to avoid unwanted calls. Instead, try not to pick them. Otherwise, activate DND (Do Not Disturb) facility for your SIM.
Regularly check your bank account statement.
Register for both email as well as SMS alerts.
Do not share your 20 digits SIM number mentioned on the back of your SIM with anyone
Do not display your mobile number on social media websites.

Advocate Prashant Mali handles these kinds of cases and is instrumental to win many cases against banks and telecom operators . 

6 comments:

  1. Very useful article. Thanks for sharing.

    ReplyDelete
  2. Hi, if we have email alert enabled...then what happens?

    ReplyDelete
  3. Thanks for sharing this insightful blog! Sim Exchange fraud is on the rise these days and many Smartphone users owing to lack of awareness have become the victim of it. Your step by step explanation of the fraud process is quite enlightening. Your tips to protect oneself from such complex cyber frauds will prove to be quite beneficial. The need of cybercrime security in this digital age of today cannot be overlooked. I lately came across this website https://cyber-cops.com/ that provides expert solutions to cybercrimes! Their solutions are at par with industry standards.

    ReplyDelete
  4. Hello there! I just want to offer you a big thumbs up for your great info you have right here on this post. I'll be coming back to your web site for more soon.Hack Instagram

    ReplyDelete

Navy man in Jail for 2 years for Child Pornography, cyber crime in India

Navy man gets 2 years Jail for Child Pornography, cyber crime in India : Cyber crime conviction By Prashant Mali In the case of D...