SIM swap fraud is a real scam that has already affected many people in the past. However, a misleading WhatsApp message, purporting to explain how the SIM swap fraud is carried out, has gone viral on the instant messaging app.
In June, 2019, Reliance Communications and Vodafone Idea were ordered to compensate their customers for an amount of Rs. 8.5 lakh and Rs. 12.2 lakh, respectively, after they fell victim to a SIM swap fraud.
Since then, social media and instant messengers have been livid with misinformation regarding the scam that could potentially wipe out funds from your account.
Viral Message On SIM Swap
On June 25, 2019, BOOM received a message on its helpline that pretended to give a detailed account of how the SIM swap fraud is carried out to wipe out bank accounts by "hacking someone's phone".
The WhatsApp message made the following claims:
- Your network will momentarily go blind/ zero/ no signal/ zero bars and after a while a call will come through.
- A person on the other end of the call will tell you that he is calling from your cell phone company and that there is a problem in your mobile phone.
- You will be instructed to dial 1 on your phone to get the network back.
- After this, the network will appear suddenly and go blind again almost immediately.
- At this point, your phone will be hacked and within a second your bank account will be emptied.
Upon investigating, we found out that although SIM swap fraud is real, the process of the fraud mentioned in message is completely false.
BOOM reached out to Indiaforensic, a Pune-based organization engaged in fraud examination in India, to confirm if the victim receives a call or the phone of the victim is hacked in the process of a SIM swap fraud.
"SIM swap does now involve hacking of someone's phone, nor will you receive a call. Such steps are part of other scams, maybe, but SIM swap does not include such methods," said a spokesperson of Indiaforensic.
How SIM Swap Fraud Really Works
In order to find out how the SIM swap is done BOOM got in touch with Brijesh Singh, Inspector General of Police of Cyber Cell, Government of Maharashtra.
According to Singh, there are multiple steps taken to carry out the scam.
Step 1: Stealing Bank Details
According to Singh, the first step requires acquiring crucial details of your bank account, which can be stolen through phishing or trojans/malwares. Using the bank details, the fraudster can login to the bank account, but will not be able to transfer funds, as it would require an OTP.
This is where Step 2 and 3 come in.
Step 2: Forging Identity Document
The next step will require the fraudster to forge identity documents of the victim. This can be any document that is accepted by telephone service providers.
Step 3: SIM Swap
SIM swap is a legitimate process which is done by telephone service providers to provide new SIM cards to replace old ones.
This can be done for several reasons such as replacing a damaged SIM card, or while changing a 3G SIM to 4G, etc.
Using the forged documents, the fraudster then approaches the telephone service provider of the victim and requests for a new SIM card.
"Post customer verification, mobile service provider will deactivate the old SIM card which is in customer’s possession and issue a new SIM card to the fraudster. There will be no network on customer’s handset. Now, customer will not receive any SMS, which includes information such as alerts, OTP, URN etc. on the phone," explained Singh.
All those messages will now go the the fraudster, who has the new SIM card. The SIM Swap is done. The victim will soon notice that he/she does not have network on their phone anymore, their SIM card being deactivated.
The time taken for them to report this to their telephone service provider is usually enough for the fraudster to initiate transfer of funds.
Draining Out The Account
Using the net-banking login details acquired through phishing/malwares, and the newly acquired SIM card of the victim, the fraudster can now login and transfer funds from the victim's bank account to a destination account.
While performing transfers, there will be an OTP generated, which shall be received by the fraudster possessing the newly swapped SIM.
Using the OTP, the fraudster can now authorise the transfer from the victim's account to a destination account.
Steps To Prevent SIM Swap Fraud
Victims can protect their bank account/net-banking/debit and credit card details by verifying the website security, every time they enter such sensitive details online.
The site's security can be verified by checking the certificate details, which is on the left side of the address bar.
Victims can also prevent themselves from falling prey to phishing attacks by scrutinising dubious emails that require them to click on unsecured links and provide their bank account/net-banking/debit and credit card details.
SIM swapping itself cannot be prevented by the victim, as they are usually unaware of fraudsters obtaining forged documents to swap a SIM.
As a worst case scenario, in case you do notice that you have suddenly lost network on your phone, do reach out to your telephone service provider and bank immediately, to report a possibility of SIM swap fraud.
However telephone companies could improve their verification process of identity documents in cases of SIM swaps, to better detect forged documents.
BOOM reached out to Vodafone Idea and Airtel to enquire on the steps taken by them to prevent fraudulent SIM swaps. The article will be updated upon receiving a response.