Beware of the ‘SIM SWAP’ fraud

swatkats

Keeping TE Alive!
Veteran
Jul 16, 2011
3,795
1,623
201
Hyderabad
A fraud called SIM SWAP has started.

To initiate the SIM exchange request, a person posing as a Telecom Customer Service Officer will call you claiming to be from a particular mobile service provider and inform you that there is a problem with your current SIM. S/He may even say that your SIM needs to be upgraded. The person may also SMS you a 20-digit SIM Card number which will be under his/ her possession and not yours.

The fraudster will ask you to forward the number to the telecom service provider and will instruct you to reply ‘1’ to the confirmation SMS, that the telecom service provider will send. Fraudster will also tell you that it will take 24 hours to get the new SIM and during this period your SIM will remain de-activated. However, once the confirmation is provided i.e. you reply ‘1’, your existing SIM card will get de-activated and a new SIM card, with your mobile number, which is with the fraudster will get activated.

Using your mobile number, fraudster will then access One-Time Passwords (OTPs) and Unique Registration Numbers (URNs) for all your bank accounts linked with your mobile number and may do fraudulent transactions. You will not be aware of these transactions, as the SIM in your possession is de-activated and you will not get any information from the bank.

Screenshot_2018.png.png


Here’s how you can stay secured:

  1. Never reveal your personal and bank account details over the phone
  2. Remember that bank representatives will never ask for personal bank details
  3. Do not disclose your mobile number on unknown websites
  4. Check with your mobile operator if you face any uncertain functioning of your phone
  5. Do not share SMS alerts (such as OTP) with anyone.
  6. Keep a regular track of your bank statements to monitor your transactions
  7. Register for instant alerts that inform you of any activity regarding your account
  8. Do not respond to communication asking you to block your SIM.
  9. Stay alert for a safe and worry-free banking experience.


Source: ICICI BANK
 

guest_999

Active Member
Disciple
Apr 5, 2012
77
28
31
I still don't know how people can believe themselves to be so important(or believe those calling them to be so customer friendly,remember this is India) that someone from bank/mobile provider/aadhaar/income tax will actually bother to call you to "help you avoid issues by acting in advance".
 

6pack

Well-Known Member
ex-Mod
Sep 19, 2005
7,460
1,502
302
Using your mobile number, fraudster will then access One-Time Passwords (OTPs) and Unique Registration Numbers (URNs) for all your bank accounts linked with your mobile number and may do fraudulent transactions. You will not be aware of these transactions, as the SIM in your possession is de-activated and you will not get any information from the bank.
How? that means they should know all bank account numbers, transaction passwords, user id's and passwords, etc to even do this.
Lets suppose someone stole the sim using this method and wants to buy something from Amazon. Where is he going to get bank account number linked with mobile number from? From those 3rd party Aadhaar software? That means he should have possession of aadhaar number before hand. Even if he has bank account number, aadhhar, and mobile cloned, he will still need the bank user id and password to make a successful transaction. Where is he going to get those from? Even changing bank password requires logging to bank portal with user id and password or requires knowledge of bank account's debit card information, phone banking pin etc.

This article is just exaggerating imo.
 

guest_999

Active Member
Disciple
Apr 5, 2012
77
28
31
How? that means they should know all bank account numbers, transaction passwords, user id's and passwords, etc to even do this.
Lets suppose someone stole the sim using this method and wants to buy something from Amazon. Where is he going to get bank account number linked with mobile number from? From those 3rd party Aadhaar software? That means he should have possession of aadhaar number before hand. Even if he has bank account number, aadhhar, and mobile cloned, he will still need the bank user id and password to make a successful transaction. Where is he going to get those from? Even changing bank password requires logging to bank portal with user id and password or requires knowledge of bank account's debit card information, phone banking pin etc.

This article is just exaggerating imo.
Don't make the mistake of taking this lightly. People have actually turned it into a cottage industry(just goes on to show potential of Indian people even if in wrong direction,another proof why India needs more & not less privatization). These people have extensive network of digital wallets & bank accounts all opened using poor people IDs or fake IDs. Bank account info is regularly leaked from those working in bank/their contractor customer support agencies.
https://www.thehindu.com/news/national/other-states/the-cyber-con-artists-of-jamtara/article19476173.ece
https://timesofindia.indiatimes.com/city/aurangabad/most-tele-phishing-calls-from-jharkhand-police/articleshow/56529071.cms
https://www.hindustantimes.com/lucknow/stf-busts-upi-based-online-fraud-bank-employee-held/story-1yvTeeFIiCTvmR4NzYXJSJ.html
 

vivek.krishnan

If you cant see the green dot, I'm offline :P
Veteran
Dec 18, 2009
7,424
1,655
253
Ghatkopar, Mumbai
plus.google.com
How? that means they should know all bank account numbers, transaction passwords, user id's and passwords, etc to even do this.
Lets suppose someone stole the sim using this method and wants to buy something from Amazon. Where is he going to get bank account number linked with mobile number from? From those 3rd party Aadhaar software? That means he should have possession of aadhaar number before hand. Even if he has bank account number, aadhhar, and mobile cloned, he will still need the bank user id and password to make a successful transaction. Where is he going to get those from? Even changing bank password requires logging to bank portal with user id and password or requires knowledge of bank account's debit card information, phone banking pin etc.

This article is just exaggerating imo.
Actually, for most wallets, all you need is the mobile number. So not an issue. As for bank accounts - if you have UPI enabled, then that's all.
 
  • Like
Reactions: mh09ad5578

Vagabond

Well-Known Member
Adept
Dec 20, 2011
869
366
102
34
A fraud called SIM SWAP has started.

To initiate the SIM exchange request, a person posing as a Telecom Customer Service Officer will call you claiming to be from a particular mobile service provider and inform you that there is a problem with your current SIM. S/He may even say that your SIM needs to be upgraded. The person may also SMS you a 20-digit SIM Card number which will be under his/ her possession and not yours.

The fraudster will ask you to forward the number to the telecom service provider and will instruct you to reply ‘1’ to the confirmation SMS, that the telecom service provider will send. Fraudster will also tell you that it will take 24 hours to get the new SIM and during this period your SIM will remain de-activated. However, once the confirmation is provided i.e. you reply ‘1’, your existing SIM card will get de-activated and a new SIM card, with your mobile number, which is with the fraudster will get activated.

Using your mobile number, fraudster will then access One-Time Passwords (OTPs) and Unique Registration Numbers (URNs) for all your bank accounts linked with your mobile number and may do fraudulent transactions. You will not be aware of these transactions, as the SIM in your possession is de-activated and you will not get any information from the bank.

View attachment 76029

Here’s how you can stay secured:

  1. Never reveal your personal and bank account details over the phone
  2. Remember that bank representatives will never ask for personal bank details
  3. Do not disclose your mobile number on unknown websites
  4. Check with your mobile operator if you face any uncertain functioning of your phone
  5. Do not share SMS alerts (such as OTP) with anyone.
  6. Keep a regular track of your bank statements to monitor your transactions
  7. Register for instant alerts that inform you of any activity regarding your account
  8. Do not respond to communication asking you to block your SIM.
  9. Stay alert for a safe and worry-free banking experience.


Source: ICICI BANK

Recently there was Whatsapp audio forward, where the caller confessed how all this has been done (alsmost same as mentioned above). The SIM replacement needs to be done with more secured way fr sure.

Can one attach the audio clip here? I will add if its allowed / available in my phone.
 

guest_999

Active Member
Disciple
Apr 5, 2012
77
28
31
As long as there is a mobile no. linked to a supported bank account(almost all major banks) that account is already UPI enabled. One can set/reset UPI pin by knowing debit card details(last 4/6 digit number & validity date) without even knowing pin.
 

blr_p

Well-Known Member
Veteran
Apr 11, 2007
5,800
1,203
301
How? that means they should know all bank account numbers, transaction passwords, user id's and passwords, etc to even do this.

Lets suppose someone stole the sim using this method and wants to buy something from Amazon. Where is he going to get bank account number linked with mobile number from? From those 3rd party Aadhaar software? That means he should have possession of aadhaar number before hand. Even if he has bank account number, aadhhar, and mobile cloned, he will still need the bank user id and password to make a successful transaction. Where is he going to get those from? Even changing bank password requires logging to bank portal with user id and password or requires knowledge of bank account's debit card information, phone banking pin etc.

This article is just exaggerating imo.
sim swap.JPG
[DOUBLEPOST=1533597121][/DOUBLEPOST]
Actually, for most wallets, all you need is the mobile number. So not an issue. As for bank accounts - if you have UPI enabled, then that's all.
Better not to use these UPI apps then ?

https://www.hindustantimes.com/lucknow/stf-busts-upi-based-online-fraud-bank-employee-held/story-1yvTeeFIiCTvmR4NzYXJSJ.html
 
Last edited:

6pack

Well-Known Member
ex-Mod
Sep 19, 2005
7,460
1,502
302
But if you replace a sim, sms is disabled for 24 hours by all service providers. In 24 hours, the person's whose sim was swapped will surely find out something is wrong when he does not get any messages and calls. mobile operators also send an sms regarding this on old number saying sim will stop working and sms will not work for 24 hours.

maybe the article is confusing it with sim cloning where sim can be cloned using sim cloning hardware. So a malicious person only needs one input from real sim holder and his sim will start getting duplicate sms and otp from mobile providers.
 

6pack

Well-Known Member
ex-Mod
Sep 19, 2005
7,460
1,502
302
even in sim upgrade, sms is disabled for 24 hours. I had upgraded my sim in July and did not get nor could i send any sms for 24 hours. i could browse and watch internet using data plan on same sim.
 

rkkaranrk

Well-Known Member
Veteran
Mar 19, 2009
1,324
867
203
even in sim upgrade, sms is disabled for 24 hours. I had upgraded my sim in July and did not get nor could i send any sms for 24 hours. i could browse and watch internet using data plan on same sim.
This was on Airtel network... Right ?

Idea and Jio does not block anything for 24 hours.
 

Marcus Fenix

Well-Known Member
Veteran
Nov 22, 2010
1,038
289
122
Kolkata
This was on Airtel network... Right ?

Idea and Jio does not block anything for 24 hours.
My father's phone was stolen on Sunday. The Vodafone Customer Care Center refused to issue a new SIM without a FIR so kudos to them...

Once he got the new SIM SMS was not working for 24 hrs as well.
 

rkkaranrk

Well-Known Member
Veteran
Mar 19, 2009
1,324
867
203
That's their system which takes time to activate the sim card, Airtel takes around 8 hours to activate, Idea and Jio takes max 15 mins.
My father's phone was stolen on Sunday. The Vodafone Customer Care Center refused to issue a new SIM without a FIR so kudos to them...

Once he got the new SIM SMS was not working for 24 hrs as well.
 

logistopath

Molar Police
Super Mod
May 25, 2007
3,291
925
202
Erode
AFAIK, if you are changing/exchanging your sim for whatever reason, your SMS will not work for 24 hrs.
 

Marcus Fenix

Well-Known Member
Veteran
Nov 22, 2010
1,038
289
122
Kolkata
That's their system which takes time to activate the sim card, Airtel takes around 8 hours to activate, Idea and Jio takes max 15 mins.
Nope. The SIM was activated (i.e. network was available) by the time he reached home in around 30 mins or so. He was trying to activate Whatsapp and the OTP was not coming through. I sent him a test SMS and that didn't go through as well. Calls/Internet were working though.
 

6pack

Well-Known Member
ex-Mod
Sep 19, 2005
7,460
1,502
302
This was on Airtel network... Right ?

Idea and Jio does not block anything for 24 hours.
Mine was Vodafone. I have Idea sim too which I had upgraded last year. I searched though the old messages and did not find anything regarding sim block for 24 hrs in Idea.
Probably, its a new rule by TRAI to save customers from losing money to such frauds. I've seen questions of blocking of sms by Airtel on Quora. If Idea and Jio don't do it, maybe they're breaking TRAI rules.

https://www.quora.com/Why-am-I-unable-to-send-receive-an-SMS-after-upgrading-my-Airtel-3G-SIM-to-4G
 

blr_p

Well-Known Member
Veteran
Apr 11, 2007
5,800
1,203
301
In First place, How do these Idiots know who has that much of money? Insider has a role always!!! ;)
That's the problem, insider here is nexus between bankoperators, service centers of mobile networks and the fraudsters

MO
"The fraudsters turn into tele-callers and introduce themselves as representative from your bank or telecom service provider. You will be informed that within half an hour, your SIM card will be blocked as the KYC is not updated. After they create a panic situation, they will leave you with only one option, that is, to copypaste a text which they had sent on your mobile number. You will be asked to forward it on the official customer care number. Once you do so, your SIM will be blocked within 15 minutes."

Senior officials claim that with the help of the operators from telecom service provider, the fraudsters manage to get blank SIM cards. In the meantime, the other gang members identify the target and access all their personal bank information using the nexus with the banks.

Extracting all the information, one of the members will make a call to the target and inform about blocking of the SIM card.

Once the target is convinced to send the SMS, that actually carried the 16 digit number of the new SIM card (which is already in possession of the fraudsters), the original SIM card with the victim is deactivated forever.

As a result, the gang gets access to all the bank account details and other potential areas where mobile number is used to receive the OTP or other security passwords.

Within minutes, the gang members, who are usually stationed outside Delhi, do account transactions through mobile banking without victim's knowledge.

https://www.indiatoday.in/mail-today/story/sim-swapping-gang-dupes-man-of-rs-13-lakh-1274908-2018-07-02