What is SIM Swap fraud?
SIM swap fraud is a malpractice where the perpetrators falsely acquire a SIM card in your name, issued with your mobile number. The primary aim behind this fraud is to have access to security alerts such as One Time Passwords (OTP) which you receive on your registered phone number to proceed with almost all kinds of financial transactions online.
How Do SIM Swap frauds Work?
SIM swap is a second phase of an entire scam planned by an attacker. The first phase consists of gathering personal information about the targeted victim. In most cases, the attacker accomplishes this, with the help of a phishing attack.
The phishing attack is to gather personal and banking information about the victim. This may include name, address, date of birth, phone number, driving license number, net banking ID and password, ATM PIN, CVV number, etc. This attack may be launched in the following ways:
Phishing email – attacker sends a fake email to the victim containing a form or a link to a spoofed website to capture personal information.
Vishing (voice phishing) – attacker calls the victim, posing as a bank executive or an official of a reputed company.
SMiShing (SMS phishing) – attacker sends fake SMSs to the victim containing links to a fake website or a malware that can steal user information.
Once the attacker has the all required user data, they approach the victim’s mobile service provider with forged identity documents. They get a new SIM card by reporting a loss of mobile device or a damaged SIM card. This way, the phone number of the genuine customer gets deactivated. Using the stolen banking information, the attacker can then easily conduct illegal financial transactions, now that they have access to the OTP.
Security Tips to Avoid Falling Prey to SIM-Swap Frauds
1. The most important measure is to ensure that your phone’s connection is working normally. If your SIM gets deactivated without any known reason, then report it to your mobile operator immediately.
2. Never give away personal or financial information over emails, phones, SMSs, online chat platforms like WhatsApp, or any media for that matter.
3. Switching off your phone for a long period of time for reasons such as unwanted calls or SMSs could be dangerous. These calls could be a ploy of the attacker to trick you into turning off your phone, so that you remain unaware of any connectivity issues.
4. If your bank offers SMS and email alerts for all your banking activities, then opt for both the options.
5. Check your bank statements regularly to ensure that there are no irregularities.
6. Most websites ask for your phone number among other information to let you use their services. In such scenarios, avoid giving away your real name, actual date of birth, and your phone number which is registered with your bank.
7. Avoid making your phone number public on social media sites.
8. As phishing is used as the main weapon in this type of scams, consider having anti-phishing and anti-malware protection on your PC and smartphone.
It can be safely assumed that incidents of SIM swap frauds will increase with time and could become more advanced. Your safety depends on how vigilant and updated you are about the growing threats in the world of Internet.