Monday 28 January 2013

SIM SWAP FRAUD

What is SIM SWAP Fraud?

While executing Net banking & Mobile Banking, in addition to username and password, One Time Password (OTP) is also required.

OTP is received in the mobile no. and email id registered with the Bank.

The fraudster gets the username, password, and mobile no. in some fraudulent manner and places request to replace the SIM and executes the unauthorized Banking transaction after getting the new SIM card.

Modus Operandi:
The fraudster needs to get OTP and prevent the SMS alert from the Bank to your registered mobile to carry out his fraudulent online transactions.

The steps the fraudster may follow:

  1. Fraudster requests your Mobile service provider for replacement of SIM card citing reasons like loss of SIM or Mobile Handset etc with fraudulent documents.
  2. The Mobile service provider deactivates the SIM and issues a new SIM; the delivery of which is taken by the fraudster on some pretext.
  3. Fraudster uses your username, password and OTP received in the new SIM.
  4. Executes the transaction/s get the SMS alert from Bank in the new SIM.
  5. All this while, the real SIM holder is not aware of the transactions happening in his bank account.
  6. During this time of cyber robbery, the SIM of real owner gets deactivated or the Mobile will not get signal or simply mobile will not work. Consider this as red flag.

SIM SWAP Fraud News – A Must Read

  1. http://www.hindustantimes.com/India-news/Mumbai/Man-s-SIM-changed-account-hacked/Article1-970770.aspx#.UPfJKPE1r_E.facebook
  2. http://simswapcybercrimefraud.blogspot.in/2013/01/sim-swap-cyber-fraud-by-airtel-official.html
  3. http://www.indianexpress.com/news/gang-hacks-engineer-s-bank-account-diverts-calls-to-keep-him-in-dark/1059403/0
  4. https://www.facebook.com/SimSwapCyberCrimeFraud?fref=ts
  5. http://www.deccanherald.com/content/307014/a-sim-can-empty-your.html
  6. http://ibnlive.in.com/news/cyber-fraud-two-more-held/251301-60-122.html
  7. http://www.computerworld.com/s/article/9225143/Cybercriminals_bypass_e_banking_protections_with_fraudulent_SIM_cards
  8. http://cybercrimecomplaints.com/content/fraud-done-my-hdfc-salary-account-using-netbanking
  9. http://www.consumercourt.in/net-banking/46750-fraudulent-transactions-through-internet-banking-transfers-icici-bank-c.html
  10. http://www.indianexpress.com/news/sim-card-fraud-probe-sought-against-service-provider/638660


Safeguard: Some safeguard technique is given below which is not exhaustive.

  1. Keep handy (hard coy), Customer care no., Bank account no. etc. of your Bank and Mobile service provider so that you do not spend precious time searching the contact details during emergency.
  2. Keep a separate SIM for Internet Banking/Mobile Banking.
  3. Do not share this Mobile no. with anyone. Use it exclusively for Internet/Mobile Banking.
  4. Do not register this Mobile no. online with any website including social networking sites.
  5. If you find your mobile inactive for some time, contact your Bank immediately instead of Mobile service provider.
  6. Never switch off your mobile if it is used for Internet Banking/Mobile Banking.
  7. Never respond to unknown (phishing) emails.
  8. Change your banking passwords very frequently. (weekly)


SIM Card Deactivation Process:

The 3 major Mobile service providers in India states that as soon as they receive the request for replacement of SIM due to loss of Handset & SIM card the mobile service is immediately deactivated temporarily to prevent unauthorised transactions/calls and require verification of original identity documents while issuing new SIM card. 

The link is given below for ready reference.
Idea Cellular: http://www.ideacellular.com/wps/wcm/connect/aboutus/idea/punjab/activate_and_deactivate/prepaid_plans/activation?&Connection=Prepaid&circleID=PUN
Vodafone: http://www.vodafone.in/support/pages/phones_help.aspx
Airtel: http://www.airtel.in/wps/wcm/connect/airtel.in/airtel.in/home/foryou/mobile/prepaid+services/know+more/faqs/

In spite of the above policies for deactivation, in a case the SIM was deactivated just on the phone request.

The Mobile service provider should adhere to the defined policy very strictly to help in combating SIM SWAP FRAUD.

Quick action in case of SIM SWAP Fraud:

  1. Contact your Bank immediately and block your Net Banking, Mobile Banking, Debit card, Credit card etc.
  2. Then contact your Mobile service provider to block your SIM.
  3. Contact your nearest police station immediately with all the details and Cyber cell of your jurisdiction.

Mumbai police has conducted cyber safety month in January 2013 and issued a guidelines on cyber safety which will be useful to all of us. 

The link is given for ready reference.
http://www.mumbaipolice.org/cyber%20month/do's%20&%20don'ts%20of%20cyber%20safety.pdf

Conclusion: Till the time a solution is found to prevent this fraud, the customer should be very cautious and take all the necessary steps and be alert all the times.

Disclaimer: 

  1. This is just a discussion for academic purpose and does not constitute professional advice/service. 
  2. Various links related to news are given for ready reference only.
  3. Please seek professional advice for a particular situation.
     

You Are Visitor No.






View Venkatesh Rao's profile on LinkedIn