You must have recently seen the news about a Delhi-based man who got repeatedly missed calls on his phone as well as blank calls with no one on the other end. And the next thing he knows, a huge sum of Rs. 50 lakh has been taken out of his bank account.
Typically, to use SIM-based authentication, one must agree using a one-time password (OTP) that one receive on his cell phone. However, in this instance, the missed call was sufficient to complete the complete the fraud. This was done through Sim-swap fraud. Today, in this article, we will know about this dangerous fraud and share some tips to keep you safe.
What is sim-swap fraud?
SIM swap fraud happens when fraudsters use your phone number to access your accounts by exploiting a flaw in two-factor authentication and verification.
SIM swapping occurs when fraudsters get in touch with the service provider of your cell phone and convince them to activate a SIM card that originally belongs to you. Once this happens, the fraudsters have access to your phone number. Anyone contacting this number by phone or text will speak to a scammer’s device, not your smartphone.
This is referred to as SIM swap fraud, and it indicates that fraudsters might use your username and password to access the website of your bank. To access your online account, you will then need to provide the two-factor authentication code that the bank will SMS to the phone number you provided. The issue? That number now connects to the smartphone or other device owned by scammers following a SIM change. They could then access your bank account using that code.
Fortunately, there are measures you may take to prevent SIM swapping. The main goal is to keep scammers from learning your username and password for your online bank or credit card accounts. Additionally, keeping an eye out for the most typical SIM swap fraud warning flags is helpful.
How does SIM swapping happen?
In a SIM swap scam, fraudster gain access to your phone by fooling your carrier into matching your phone number to a SIM card they own. In essence, these fraudsters seize possession of your cell phone number.
Scammers start by acquiring as much personal information about you as they can before using social engineering to take your number.
The fraudsters first call your mobile carrier while posing as you and complaining that their SIM card—which is actually yours—has been missing or damaged. They then request that the customer support agent activate a new SIM card that the fraudster is currently using. Your phone number will be transferred to the fraudster’s smartphone. All calls and texts that are supposed to go to you will instead go to the scammer’s mobile after your carrier fulfils this request.
Now, the question is that how are fraudsters able to respond to the security questions posed by your cell provider? When trying to identify if it’s you on the other end of the phone, your smartphone provider’s customer support representative will inquire how they can supply any personal information. The information that fraudsters have learned about you through phishing emails, spyware, or social media research will be helpful in this situation.
Once scammers have given your smartphone’s service providers the data they obtained from you or the dark web, they use it to persuade them to change your number to a new SIM card.
Your cellphone number is then obtained by these crooks, who can use it to access your phone conversations with banks and other businesses, particularly your text messages. They can then get any codes or password resets for any of your accounts that are called or texted to that phone. They’re in, that’s all.
How do scammers get your information?
You can receive an email from a scammer who poses as your smartphone provider. You might be required to click a link in this email in order to keep your account active. When you do, a new page appears and requests that you enter personal data, such as your name, birthdate, and passwords. The webpage might even request your Aadhar number. You have given the fraudsters access to the information they require to con your mobile phone carrier into a SIM swap scam after you complete this out and click “Send.”
Other scammers manage to get you to click on email links that instal malware on your computer and record every keystroke you make, including any passwords or security question answers. Once more, this gives the fraudsters the info they require to pull off a successful SIM swap.
On the dark web, fraudsters might purchase your financial and personal information. Additionally, this would give these fraudsters the knowledge they require to execute their scheme properly.
How do they tranfer your funds?
They might open a second bank account in your name at your bank, where there might be less stringent security checks because you’re already a customer. It’s possible that transfers between those accounts in your name won’t raise any red flags.
Role of social media:
When trying to conclude a SIM swap scam, scammers may utilise the information they learn about you from your social media profiles to pass off as you.
As an example of an answer to your security questions, mention your mother’s maiden name or your pet name. Your Facebook profile may contain that information, which a fraudster may access.
How can you protect yourself from SIM Swap fraud?
Fortunately, there are steps you can do to help prevent falling victim to a SIM swap as well as those of your service providers. fraud.
- Be on the lookout for phishing emails and other attempts by criminals to gain access to your personal information so they can pose as you to your bank or mobile provider. Don’t click on links in emails you receive from unknown senders. Also keep in mind that your bank, cable company, credit card company, and other service providers won’t email you asking for your personal or financial information.
- Use a strong, one-of-a-kind password along with strong security questions and answers that only you know to increase the account security on your telephone.
- Consider setting a unique passcode or PIN for your communications if your phone provider permits you to do so. It might offer an additional layer of defence.
- Avoid basing all aspects of your identity authentication on your phone number. This applies to SMS text messages as well, which are not encrypted.
- You can use a two-factor authentication tool like Google Authenticator that connects to your actual device rather than your phone number.
- Ask your banks and cell provider if they can work together to incorporate user alerts and additional checks when SIM cards are supplied, for example, and to share their information of SIM swap activity.
- Some banks call back clients to confirm that they are who they claim to be and to apprehend identity thieves.