Beware of the ‘SIM SWAP’ fraud

swatkats

Skilled
A fraud called SIM SWAP has started.

To initiate the SIM exchange request, a person posing as a Telecom Customer Service Officer will call you claiming to be from a particular mobile service provider and inform you that there is a problem with your current SIM. S/He may even say that your SIM needs to be upgraded. The person may also SMS you a 20-digit SIM Card number which will be under his/ her possession and not yours.

The fraudster will ask you to forward the number to the telecom service provider and will instruct you to reply ‘1’ to the confirmation SMS, that the telecom service provider will send. Fraudster will also tell you that it will take 24 hours to get the new SIM and during this period your SIM will remain de-activated. However, once the confirmation is provided i.e. you reply ‘1’, your existing SIM card will get de-activated and a new SIM card, with your mobile number, which is with the fraudster will get activated.

Using your mobile number, fraudster will then access One-Time Passwords (OTPs) and Unique Registration Numbers (URNs) for all your bank accounts linked with your mobile number and may do fraudulent transactions. You will not be aware of these transactions, as the SIM in your possession is de-activated and you will not get any information from the bank.

Screenshot_2018.png.png


Here’s how you can stay secured:

  1. Never reveal your personal and bank account details over the phone
  2. Remember that bank representatives will never ask for personal bank details
  3. Do not disclose your mobile number on unknown websites
  4. Check with your mobile operator if you face any uncertain functioning of your phone
  5. Do not share SMS alerts (such as OTP) with anyone.
  6. Keep a regular track of your bank statements to monitor your transactions
  7. Register for instant alerts that inform you of any activity regarding your account
  8. Do not respond to communication asking you to block your SIM.
  9. Stay alert for a safe and worry-free banking experience.


Source: ICICI BANK
 
I still don't know how people can believe themselves to be so important(or believe those calling them to be so customer friendly,remember this is India) that someone from bank/mobile provider/aadhaar/income tax will actually bother to call you to "help you avoid issues by acting in advance".
 
Using your mobile number, fraudster will then access One-Time Passwords (OTPs) and Unique Registration Numbers (URNs) for all your bank accounts linked with your mobile number and may do fraudulent transactions. You will not be aware of these transactions, as the SIM in your possession is de-activated and you will not get any information from the bank.

How? that means they should know all bank account numbers, transaction passwords, user id's and passwords, etc to even do this.
Lets suppose someone stole the sim using this method and wants to buy something from Amazon. Where is he going to get bank account number linked with mobile number from? From those 3rd party Aadhaar software? That means he should have possession of aadhaar number before hand. Even if he has bank account number, aadhhar, and mobile cloned, he will still need the bank user id and password to make a successful transaction. Where is he going to get those from? Even changing bank password requires logging to bank portal with user id and password or requires knowledge of bank account's debit card information, phone banking pin etc.

This article is just exaggerating imo.
 
How? that means they should know all bank account numbers, transaction passwords, user id's and passwords, etc to even do this.
Lets suppose someone stole the sim using this method and wants to buy something from Amazon. Where is he going to get bank account number linked with mobile number from? From those 3rd party Aadhaar software? That means he should have possession of aadhaar number before hand. Even if he has bank account number, aadhhar, and mobile cloned, he will still need the bank user id and password to make a successful transaction. Where is he going to get those from? Even changing bank password requires logging to bank portal with user id and password or requires knowledge of bank account's debit card information, phone banking pin etc.

This article is just exaggerating imo.
Don't make the mistake of taking this lightly. People have actually turned it into a cottage industry(just goes on to show potential of Indian people even if in wrong direction,another proof why India needs more & not less privatization). These people have extensive network of digital wallets & bank accounts all opened using poor people IDs or fake IDs. Bank account info is regularly leaked from those working in bank/their contractor customer support agencies.
https://www.thehindu.com/news/natio...er-con-artists-of-jamtara/article19476173.ece
https://timesofindia.indiatimes.com...rom-jharkhand-police/articleshow/56529071.cms
https://www.hindustantimes.com/luck...ployee-held/story-1yvTeeFIiCTvmR4NzYXJSJ.html
 
How? that means they should know all bank account numbers, transaction passwords, user id's and passwords, etc to even do this.
Lets suppose someone stole the sim using this method and wants to buy something from Amazon. Where is he going to get bank account number linked with mobile number from? From those 3rd party Aadhaar software? That means he should have possession of aadhaar number before hand. Even if he has bank account number, aadhhar, and mobile cloned, he will still need the bank user id and password to make a successful transaction. Where is he going to get those from? Even changing bank password requires logging to bank portal with user id and password or requires knowledge of bank account's debit card information, phone banking pin etc.

This article is just exaggerating imo.

Actually, for most wallets, all you need is the mobile number. So not an issue. As for bank accounts - if you have UPI enabled, then that's all.
 
A fraud called SIM SWAP has started.

To initiate the SIM exchange request, a person posing as a Telecom Customer Service Officer will call you claiming to be from a particular mobile service provider and inform you that there is a problem with your current SIM. S/He may even say that your SIM needs to be upgraded. The person may also SMS you a 20-digit SIM Card number which will be under his/ her possession and not yours.

The fraudster will ask you to forward the number to the telecom service provider and will instruct you to reply ‘1’ to the confirmation SMS, that the telecom service provider will send. Fraudster will also tell you that it will take 24 hours to get the new SIM and during this period your SIM will remain de-activated. However, once the confirmation is provided i.e. you reply ‘1’, your existing SIM card will get de-activated and a new SIM card, with your mobile number, which is with the fraudster will get activated.

Using your mobile number, fraudster will then access One-Time Passwords (OTPs) and Unique Registration Numbers (URNs) for all your bank accounts linked with your mobile number and may do fraudulent transactions. You will not be aware of these transactions, as the SIM in your possession is de-activated and you will not get any information from the bank.

View attachment 76029

Here’s how you can stay secured:

  1. Never reveal your personal and bank account details over the phone
  2. Remember that bank representatives will never ask for personal bank details
  3. Do not disclose your mobile number on unknown websites
  4. Check with your mobile operator if you face any uncertain functioning of your phone
  5. Do not share SMS alerts (such as OTP) with anyone.
  6. Keep a regular track of your bank statements to monitor your transactions
  7. Register for instant alerts that inform you of any activity regarding your account
  8. Do not respond to communication asking you to block your SIM.
  9. Stay alert for a safe and worry-free banking experience.


Source: ICICI BANK


Recently there was Whatsapp audio forward, where the caller confessed how all this has been done (alsmost same as mentioned above). The SIM replacement needs to be done with more secured way fr sure.

Can one attach the audio clip here? I will add if its allowed / available in my phone.
 
As long as there is a mobile no. linked to a supported bank account(almost all major banks) that account is already UPI enabled. One can set/reset UPI pin by knowing debit card details(last 4/6 digit number & validity date) without even knowing pin.
 
How? that means they should know all bank account numbers, transaction passwords, user id's and passwords, etc to even do this.

Lets suppose someone stole the sim using this method and wants to buy something from Amazon. Where is he going to get bank account number linked with mobile number from? From those 3rd party Aadhaar software? That means he should have possession of aadhaar number before hand. Even if he has bank account number, aadhhar, and mobile cloned, he will still need the bank user id and password to make a successful transaction. Where is he going to get those from? Even changing bank password requires logging to bank portal with user id and password or requires knowledge of bank account's debit card information, phone banking pin etc.

This article is just exaggerating imo.

sim swap.JPG
[DOUBLEPOST=1533597121][/DOUBLEPOST]
Actually, for most wallets, all you need is the mobile number. So not an issue. As for bank accounts - if you have UPI enabled, then that's all.
Better not to use these UPI apps then ?

https://www.hindustantimes.com/luck...ployee-held/story-1yvTeeFIiCTvmR4NzYXJSJ.html
 
Last edited:
But if you replace a sim, sms is disabled for 24 hours by all service providers. In 24 hours, the person's whose sim was swapped will surely find out something is wrong when he does not get any messages and calls. mobile operators also send an sms regarding this on old number saying sim will stop working and sms will not work for 24 hours.

maybe the article is confusing it with sim cloning where sim can be cloned using sim cloning hardware. So a malicious person only needs one input from real sim holder and his sim will start getting duplicate sms and otp from mobile providers.
 
even in sim upgrade, sms is disabled for 24 hours. I had upgraded my sim in July and did not get nor could i send any sms for 24 hours. i could browse and watch internet using data plan on same sim.
 
even in sim upgrade, sms is disabled for 24 hours. I had upgraded my sim in July and did not get nor could i send any sms for 24 hours. i could browse and watch internet using data plan on same sim.
This was on Airtel network... Right ?

Idea and Jio does not block anything for 24 hours.
 
This was on Airtel network... Right ?

Idea and Jio does not block anything for 24 hours.
My father's phone was stolen on Sunday. The Vodafone Customer Care Center refused to issue a new SIM without a FIR so kudos to them...

Once he got the new SIM SMS was not working for 24 hrs as well.
 
That's their system which takes time to activate the sim card, Airtel takes around 8 hours to activate, Idea and Jio takes max 15 mins.
My father's phone was stolen on Sunday. The Vodafone Customer Care Center refused to issue a new SIM without a FIR so kudos to them...

Once he got the new SIM SMS was not working for 24 hrs as well.
 
That's their system which takes time to activate the sim card, Airtel takes around 8 hours to activate, Idea and Jio takes max 15 mins.
Nope. The SIM was activated (i.e. network was available) by the time he reached home in around 30 mins or so. He was trying to activate Whatsapp and the OTP was not coming through. I sent him a test SMS and that didn't go through as well. Calls/Internet were working though.
 
This was on Airtel network... Right ?

Idea and Jio does not block anything for 24 hours.

Mine was Vodafone. I have Idea sim too which I had upgraded last year. I searched though the old messages and did not find anything regarding sim block for 24 hrs in Idea.
Probably, its a new rule by TRAI to save customers from losing money to such frauds. I've seen questions of blocking of sms by Airtel on Quora. If Idea and Jio don't do it, maybe they're breaking TRAI rules.

https://www.quora.com/Why-am-I-unable-to-send-receive-an-SMS-after-upgrading-my-Airtel-3G-SIM-to-4G
 
In First place, How do these Idiots know who has that much of money? Insider has a role always!!! ;)
That's the problem, insider here is nexus between bankoperators, service centers of mobile networks and the fraudsters

MO
"The fraudsters turn into tele-callers and introduce themselves as representative from your bank or telecom service provider. You will be informed that within half an hour, your SIM card will be blocked as the KYC is not updated. After they create a panic situation, they will leave you with only one option, that is, to copypaste a text which they had sent on your mobile number. You will be asked to forward it on the official customer care number. Once you do so, your SIM will be blocked within 15 minutes."

Senior officials claim that with the help of the operators from telecom service provider, the fraudsters manage to get blank SIM cards. In the meantime, the other gang members identify the target and access all their personal bank information using the nexus with the banks.

Extracting all the information, one of the members will make a call to the target and inform about blocking of the SIM card.

Once the target is convinced to send the SMS, that actually carried the 16 digit number of the new SIM card (which is already in possession of the fraudsters), the original SIM card with the victim is deactivated forever.

As a result, the gang gets access to all the bank account details and other potential areas where mobile number is used to receive the OTP or other security passwords.

Within minutes, the gang members, who are usually stationed outside Delhi, do account transactions through mobile banking without victim's knowledge.

https://www.indiatoday.in/mail-toda...ng-dupes-man-of-rs-13-lakh-1274908-2018-07-02
 
Back
Top