SIM Swap Fraud occur when fraudsters attempt to obtain duplicate SIM cards from telecom operators under the guise of a lost SIM or through collusion with their representatives, and then access such confidential information sent by the bank.
How do hackers perform SIM swaps?
A SIM-swapping scam is typically carried out in two steps.
- Before causing any harm, the hacker will need to know a great deal about the victim. Private information about a person falls into one of the following categories: Passwords and usernames, date of birth, and the last four digits of credit card numbers are all examples of sensitive information.
- The hacker may use social engineering to trick the victim into disclosing their information, or they may steal it from an already-existing data breach. Once an attacker gains access, your accounts are vulnerable to being hacked and accessed without your knowledge.
The SIM Swap Fraud’s Modus Operandi:
- The fraudster obtains the victim’s bank account information and registered mobile phone number through social engineering techniques such as phishing, vishing, smishing, and so on.
- Following that, he/she goes to a mobile operator’s retail outlet and poses as the victim, armed with a fake ID proof, to have the original SIM blocked.
- Following verification, the operator deactivates the genuine customer’s (victim’s) SIM card and issues a new SIM card to the imposter (fraudster).
- With the new SIM, the fraudster can now obtain OTPs to conduct fraudulent transactions on the victim’s accounts using the banking details obtained through Phishing / Vishing tactics.
How to protect yourself from fraud?
- Beware of social engineering tactics (vishing, phishing, smishing) which aim to steal your confidential and personal data.
- If your mobile number is inactive / out of range, inquire with your mobile operator immediately.
- To avoid the worst-case scenario, immediately change your bank account password.
- Register for regular SMS as well as e-mail alerts for your banking transactions. (This way, even if your SIM is de-activated, you shall continue to receive the alerts via your email)
- Periodically access your bank account statement to ensure that the transactions reflecting in the statement have indeed been made by you.
- In case of a fraud, contact phone banking immediately to have your account blocked and avoid further fraud.
Examples of SIM-swapping frauds
A group of cybercriminals stole the identities of numerous Instagram users in 2018. When these unwitting victims logged into their accounts, they were unexpectedly locked out. When these unfortunate individuals attempted to re-enter their passwords, they discovered that they were no longer the owners of their profiles. Hackers created a new email and phone number.
A SIM-swapping attack was used to hack Jack Dorsey, the CEO of Twitter and Square. In August 2019, hackers gained access to his account. They used his compromised account to post racist messages and bomb threats. This was obviously a major embarrassment for both Dorsey and Twitter.
Warning signs you have been SIM swapped
When you are subjected to a SIM-swapping attack, symptoms appear quickly. As a result, you must act quickly. Here are a few red flags that you have been SIM swapped:
- Your social media account begins to act strangely, and you notice posts that you never made. This is what happened to Jack Dorsey, and it could happen to anyone.
- Another sign that you are a victim of SIM-swapping fraud is a lack of signal on your phone network. You cannot use your mobile phone to make phone calls or send text messages. Furthermore, your SIM card will not display the name of your service provider.
- Some wireless carrier services use client email to send notifications. For example, if your email account is not compromised yet, you will receive a notification via email. Now you know that your new SIM card got activated even though you never requested a new SIM card.
- Another sign of SIM-swapping fraud is that you no longer have control over your accounts. It’s because the attacker changed your account information.
How to protect personal information online
Staying safe in today’s world is no easy task. From the minute you turn on your phone and log into all of your social media accounts, you are vulnerable. It can be overwhelming how many ways hackers try to get our personal information or money. So, to stay protected as best you can from this type of fraud, follow these simple tips:
- A firewall is a defensive measure that guards your computer and other devices against unauthorised access. It accomplishes this by preventing any incoming data from reaching the machine until it has been analysed. To be more effective, both software-based and hardware-based firewalls should always have an active antivirus programme installed.
- Antivirus software is required to ensure the security of your company’s data and assets. However, determining which ones can provide the best protection against hackers and malware threats is difficult. It is preferable to read reviews or solicit feedback from friends. It never hurts to be overly cautious.
- Avoid clicking on pop-ups. Dangerous pop-ups can fool you. By clicking on one, you may be directed to a site that is not suitable for browsing. It may also contain malware or spyware in the form of advertisements.
- If you see a warning before visiting a website, it means the site has been compromised in some way. If this occurs to you, look for information elsewhere. Do not click on any links on that page that could further compromise your device.
- You can never be too cautious. It’s always better to be safe than sorry. Never open an attachment if you have no idea who sent it or what it is for.
- Links on the Internet are frequently designed to trick you into clicking on them. Make sure not to click on any of these unless they are from someone in your contacts. Check that the link goes directly where it should go without detours.
- Do not fall victim to phishing scams. Phishers frequently impersonate legitimate organisations, such as banks and other financial institutions with which you may have an account. They will attempt to gain access to sensitive data such as passwords, granting them easy access to bank accounts.
- Take care with the personal information you post on social media. The more intimate details about your life that are available, the more likely it is that a SIM-swapping fraud will be successful. Attackers use this information against unwitting victims by guessing passwords and answers to security questions such as “What was my first car?” So be cautious about what you post online.
By reporting your SIM swapping incident, you can help prevent it from happening to other people in the future. Typically, the local police won’t be able to do much, so instead, report it to the Cyber Crime Reporting Portal or Else Contact Cyber Crime Investigator: Mayank Rajkumar
Also Read: How To Be Safe Online?