Yes,
you read that headline right! Your smartphone can betray you and cause
you to lose your hard-earned money in your bank. You must stop that
tragic loss and this is all about what you must not do and what you
should do. You must have heard of SIM swapping or SIM cloning. In one of
the recent cases involving SIM swapping, a man lost as much as Rs 93
lakh from his bank account.
The cases of SIM swapping has been on the rise in recent times. This is also a kind of cybercrime just like phishing and vishing. Most of these crimes are aimed at financial fraud. No matter which telecom company's SIM you are using, be it Vodafone Idea, Reliance Jio, Airtel, BSNL or any other, a little mistake on your part may cost you your hard earned money.
What’s SIM Swapping?
Cloning of SIM or SIM swapping is a technique using which a malicious actor can create a duplicate of a SIM card in such a way that both the original and the cloned SIM, work at the same time without the knowledge of the mobile subscriber
"SIM Swapping means registering a new SIM card with your mobile number. A person with your authentic details will contact the telecom company, provide your all the authentic details and get a new sim card with your mobile number," said Manish Kumawat, Director at Cryptus Cyber Security.
Kumawat added that the original SIM will soon become invalid. "Scammers use the new SIM to get the OTPs from the bank or any social networking sites, whatever they want to get access," he said.
How do the scammers work?
Kumawat explained the working of the scammers and described the process by which the SIM swapping happens.
Some fake telecom company person or scammers call you as telecom person, they ask user’s information which is required to get a new sim with the same number of the user. They will convince you to give them the unique SIM code and will ask you to Press 1 to confirm.
They connect the same call to the telecom server at the same time. When user Press 1 to confirm, the telecom company confirm that yes you have lost your SIM card and another blank SIM card will be registered as the new SIM with the same number.
"Scammers actually look for numbers which are officially registered with your bank account. If successfully swapped the SIM, they use it to transfer money from your bank account. Banks confirm the OTP code to transfer the money. Once done scammers destroy the SIM cards with no trace left and the bank which they use to get money in the bank account," said Kumawat.
Can it be done over a phone call?
"SIM cloning is a time taking process especially for GSM SIM cards (which are mostly used today) and that too with complete physical access to the target SIM along with sophisticated hardware. As far as cloning SIM over a phone call, no public studies/researches as of now, have revealed a way to clone a SIM card over a phone call as SIM cloning requires the unique sim id (IMSI) and the encryption key(Ki) both of which are physically stored inside the SIM card," said Ankush Johar, Director at Infosec Ventures.
How to identify whether the SIM has been cloned or not?
An important step of staying safe is to identify if your card has been cloned. The following pointer may hint at that:
* Your phone went missing for a few hours
* Unknown calls on the telephone bill
* Phone busy even when not in a call
* Frequent network disconnections/cross connections
* Too many wrong number calls
In the case of above-mentioned pointers, you should immediately inform your telecom operator and nearest police station.
However, is there any way to stay safe from these kinds of frauds?
Prabesh Choudhary, Director at Cryptus Cyber Security, said that there are a number of ways by which one can stay safe from these kind of scams.
"Scammers generally scare the user that their number will be deactivated or telco may issue disconnection of service order. In such a case, visit your nearest telecom service store with your concern. Do not share any detail over the phone," said Choudhary.
Below are some dos and don't that you must follow:
1. If you will get a call from a telecom company if they are trying to ask the SIM card number for a routine check-up or new schemes. Say No if they ask for some sensitive detail.
2. Remember no one from any company asks you about any confidential information.
3. Scammers generally ask you the 20-digit sim card number. If someone asking you this number on phone call it means, Its definitely a scammer.
4. They will request you to press 1 for authenticating the process, They connect the same call to telecom server and authenticate the swapping process.
5. No bank employee will ask you such kind of information on a phone call so aware of it.
The cases of SIM swapping has been on the rise in recent times. This is also a kind of cybercrime just like phishing and vishing. Most of these crimes are aimed at financial fraud. No matter which telecom company's SIM you are using, be it Vodafone Idea, Reliance Jio, Airtel, BSNL or any other, a little mistake on your part may cost you your hard earned money.
What’s SIM Swapping?
Cloning of SIM or SIM swapping is a technique using which a malicious actor can create a duplicate of a SIM card in such a way that both the original and the cloned SIM, work at the same time without the knowledge of the mobile subscriber
"SIM Swapping means registering a new SIM card with your mobile number. A person with your authentic details will contact the telecom company, provide your all the authentic details and get a new sim card with your mobile number," said Manish Kumawat, Director at Cryptus Cyber Security.
Kumawat added that the original SIM will soon become invalid. "Scammers use the new SIM to get the OTPs from the bank or any social networking sites, whatever they want to get access," he said.
How do the scammers work?
Kumawat explained the working of the scammers and described the process by which the SIM swapping happens.
Some fake telecom company person or scammers call you as telecom person, they ask user’s information which is required to get a new sim with the same number of the user. They will convince you to give them the unique SIM code and will ask you to Press 1 to confirm.
They connect the same call to the telecom server at the same time. When user Press 1 to confirm, the telecom company confirm that yes you have lost your SIM card and another blank SIM card will be registered as the new SIM with the same number.
"Scammers actually look for numbers which are officially registered with your bank account. If successfully swapped the SIM, they use it to transfer money from your bank account. Banks confirm the OTP code to transfer the money. Once done scammers destroy the SIM cards with no trace left and the bank which they use to get money in the bank account," said Kumawat.
Can it be done over a phone call?
"SIM cloning is a time taking process especially for GSM SIM cards (which are mostly used today) and that too with complete physical access to the target SIM along with sophisticated hardware. As far as cloning SIM over a phone call, no public studies/researches as of now, have revealed a way to clone a SIM card over a phone call as SIM cloning requires the unique sim id (IMSI) and the encryption key(Ki) both of which are physically stored inside the SIM card," said Ankush Johar, Director at Infosec Ventures.
How to identify whether the SIM has been cloned or not?
An important step of staying safe is to identify if your card has been cloned. The following pointer may hint at that:
* Your phone went missing for a few hours
* Unknown calls on the telephone bill
* Phone busy even when not in a call
* Frequent network disconnections/cross connections
* Too many wrong number calls
In the case of above-mentioned pointers, you should immediately inform your telecom operator and nearest police station.
However, is there any way to stay safe from these kinds of frauds?
Prabesh Choudhary, Director at Cryptus Cyber Security, said that there are a number of ways by which one can stay safe from these kind of scams.
"Scammers generally scare the user that their number will be deactivated or telco may issue disconnection of service order. In such a case, visit your nearest telecom service store with your concern. Do not share any detail over the phone," said Choudhary.
Below are some dos and don't that you must follow:
1. If you will get a call from a telecom company if they are trying to ask the SIM card number for a routine check-up or new schemes. Say No if they ask for some sensitive detail.
2. Remember no one from any company asks you about any confidential information.
3. Scammers generally ask you the 20-digit sim card number. If someone asking you this number on phone call it means, Its definitely a scammer.
4. They will request you to press 1 for authenticating the process, They connect the same call to telecom server and authenticate the swapping process.
5. No bank employee will ask you such kind of information on a phone call so aware of it.
