Know everything about SIM swap scam and how to prevent it

To protect yourself from frauds, never disclose confidential information and be alert about your mobile phone connections.

The growing use of mobile banking has exposed users to different kinds of frauds. There have also been reports of people losing money to SIM swap. This is a relatively new-age con job.

So, lets explore into what this ‘SIM swap’ is and how you can prevent it. 

Two-step fraud 

SIM swap is what its name suggests. The conman swaps your registered mobile’s SIM card with his, gets all the confidential messages and passwords that were meant for you, and then puts through financial transactions to enrich himself.

It’s a two-step fraud — extraction of personal information followed by impersonation. In the first step, the fraudster gets your personal information through a variety of modes such as phishing (fraudulent mails), vishing (fraudulent phone calls), SMiShing (fraudulent phone messages), social engineering (gathering information surreptitiously from you or your circle of contacts), malware (fraudulent software), hacking into electronic devices and websites, and shoulder-surfing when you enter data in electronic devices.

In the next step, the fraudster uses this personal information to create your fake ID, impersonates you, cancels your genuine SIM card and gets a duplicate SIM card from the mobile operator — this is done on various pretexts, including losing the mobile phone, getting a new phone or the old SIM card getting damaged. Now, all calls and messages, meant for you, including transaction authorisations and confirmations, goes to the conman.

This lets the conman beat the ‘two-factor authentication’ security architecture mandated by the RBI for most electronic transactions. 

First, your personal information, say, credit card or debit card details, including the three-digit CVV or bank account details, including PIN/passwords or answers to security questions, has been extracted. Next, the conman also has access to the second-level security check, say, the one-time password (OTP) that is now delivered to the mobile having the duplicate SIM card. This allows him to put through a range of fraudulent transactions such as unauthorised fund transfers and online purchases.

Read | SIM swap scam: Airtel subscriber loses fancy number

Precautions and prevention 

There are a few dos and don’ts that can be followed to protect yourself from SIM swap frauds and to contain damage. 

One, never disclose your confidential information such as internet banking user id, PIN, passwords and card CVV numbers. Be careful what personal details you share on social media; refrain from putting up your phone number on such platforms. 

Use only genuine software on your computers and mobile phones; do not tamper with security settings of your mobile phones, and update anti-virus protection regularly to prevent malware attacks.

Do not respond to unknown mails or calls, especially those that seek your account or card details or phone number. Responses to seemingly innocuous mails or calls could help fraudsters anticipate likely answers to security questions.

Be alert about your mobile phone connection. If your mobile phone service stops for unknown reasons, check with your mobile operator immediately and notify your bank as well. Register for both SMS and e-mail alerts for details about every financial transaction. 

This two-channel check will help to keep you up to date with transactions and thus, alert you to hanky-panky over e-mail even if your SIM card has been compromised.

A trick employed by fraudsters is to flood you with nuisance calls in the hope that you switch off the phone or put it on silent mode to prevent you from noticing the lost connectivity when the SIM is swapped. In case you get such calls, don’t switch off the phone; rather, don’t answer such calls. Check with your mobile operator if it sends you an SMS to alert you in case of a SIM card change request; this can help you stop the fraud in quick time.