One of the most transformative changes in the world of global finance is the emergence of digital banking on smartphones in recent years. This has truly revolutionised the way people utilise their banking services, with almost every major financial service now being hosted on a dedicated mobile application or platform.
But these ease-of-access changes that are slowly taking over the financial world don't come without their vulnerabilities. Multiple cyber frauds utilise the minuscule cracks in the newly formed online banking systems to steal personal and financial resources from innocent victims. Banks have tried to curb these online frauds by introducing safety measures like two-factor authentications and One-Time Passwords (OTPs) to ensure safety in making online transactions. But what would happen if these same safety features provide a backdoor for fraudsters to gain access to the victim’s bank accounts?
SIM swap scams are one of the newer forms of online frauds that are taking over the world of online banking, with a number of high-profile hacks being done to gain access to the personal data of well-known individuals through an elaborate scam. It came into focus after the infamous hacking of Twitter CEO Jack Dorsey's Twitter account in 2019 through SIM Swap. Several major cases have followed, ranging from accessing online social accounts to losing millions of dollars through a SIM swap fraud in recent years. India has also seen an exponential rise in these scams, with people losing millions of rupees through these scams.
How does SIM swap attack work?
A SIM swap or simjacking is a fraud that basically involves a scammer gathering personal information about you often through social engineering or phishing and then getting in touch with your mobile carrier to report your SIM card as stolen.
In another technique, scammer may call you posing as a telecom representative and offer you to upgrade your 3G SIM to 4G or to upgrade your SIM to an eSIM. This would require you to send an SMS request to telecom operator. You will be deceived into initiating this SIM change request from your phone.
These techniques allow the scammer to obtain a new SIM card with your telephone number using the personal data that they stole from you previously. With your phone number in their hands, they can now gain access to all your financial data, including OTPs and password resets, and can also easily transfer funds from your bank into their own account. The worst part about this is that they can carry out every step of the SIM swap scam without even sounding any alarms. On activation of the new SIM, your phone will stop working and you will not be aware of any transactions made by the scammers in your bank accounts.
Signs that you might be a victim of an SIM swap fraud
- Unable to place calls or send texts: - If you are suddenly expressing difficulty in placing calls or sending texts, chances are that fraudsters might have deactivated your SIM and currently have access to your phone number.
- Service provider warning: - If your telecom provider notifies you that your SIM card or phone number is active in another device or that they have received a request to replace/upgrade SIM, there is a chance that you have fallen victim to a SIM swap attack.
- Unable to access accounts: - If log-in credentials on your bank or other online accounts have suddenly stopped working, fraudsters may have changed your passwords and gained access to your accounts through a SIM swap attack.
What to do in case of an SIM Swap fraud?
- Contact Telecom operator: - Immediately contact your telecom operator and block your SIM to prevent fraudster from making any new transactions.
- Inform your bank: - Inform your bank about your SIM swap attack and check recent transactions. Report if those transactions are not made by you. You can also block your cards, accounts to prevent any transactions.
- Complaint to Cyber cell: - Within 2 hours of discovery of fraud, you can call helpline 155260. After 2 hours, you can file the complaint on National Cyber Crime Reporting Portal. You can also report to your local cyber cell.
How can you prevent SIM Swap attack?
There are multiple ways through which you can protect yourself from falling victim to a SIM swap fraud.
- Awareness: - Be aware about sharing personal information with other parties and avoid making your personal phone number public in online communities.
- Online behaviour: - Be wary of phishing emails and fraudulent text messages or calls as they can source personal data about you by posing as a member of a prominent organisation.
- Bank and carrier alerts: -Keep track of alerts sent by your bank or mobile carrier as they can help you identify if your phone number and/or bank account has been compromised by a scam.
- Mobile network: - Losing mobile signal on your device is one of the first warning signs of a possible SIM swap attack. Pay attention to the carrier signal and other text alerts by your service provider that can alert you about a recent SIM swap on your phone number.
- Diversifying security options: - Avoid keeping your phone number as the sole recovery option for your online accounts and try using a separate email account that is not linked to your phone number to make it harder for a scammer to gain access to all your online accounts through a single SIM card swap.
- Authentication apps: - Try using dedicated authentication apps by Google or Microsoft that provide you with two-factor authentication without forcing you to rely on your phone number and OTPs to gain access to your accounts.
- Security apps: - Experts agree that one of the best ways to protect yourself from online frauds like SIM card swaps is by utilising an advanced security app like FinLock that can help you protect your personal and financial information and secure you against falling victim to multiple online scams and frauds. It also alerts you in case a request has been made from your phone to upgrade or change your SIM.
Rising number of online frauds like SIM card swaps has been affecting the lives of thousands of innocent people on a regular basis. The best way to protect yourself while enjoying the growing digitisation of banking services in countries like India is to be aware and take all the preventive steps to safeguard your online identity.