SIM SWAP Fraud: A Mumbai Businessman Gets Robbed Off Of 1.86 Crore Via Missed Calls

A terrifying banking fraud, the researchers are calling “SIM SWAP”, recently preyed upon a Mumbai based businessman.

Reportedly, Rs.1.86 crore were harvested from this man’s bank balance via 6 late night missed calls.

Numerous other such cases of “SIM-SWAPPING” have also come to light in the metro cities of Bengaluru, Delhi, Bombay and Kolkata and the police cyber-cells are working on them.

This baffling fraud is not just subjective to people with lack of cyber knowledge or lack of critical thinking, technologically active people could also easily get drowned in the scam.

This seemingly stupid and unbelievable method of scamming people is fairly obvious to other parts of the cyber-world.

Despite being quite fresh in India, it has already affected a lot of people around the country and has targeted a fair number of “not-so-aware” mobile phone users, leaving their bank accounts pretty light.

When users switch from their old generation SIM cards to the upgraded versions, meaning when they change their 3G cards to 4G they use a technology called, “SIM SWAP” to register the new SIM card.

This technology had also come into play when the older SIM cards got switched by nano cards.

SIM SWAP:- WHAT? AND HOW?

SIM SWAP is a technique of replacing the existing SIM card by a duplicate one.

It can only be done when the attacker knows the unique 20 digit SIM number embarked on the SIM card.

Either the SIM-con would persuade the user into telling them the number or would hack into it on their own.

WHAT HAPPENED TO THE VICTIM!

Reportedly, the scammers had gotten the access to the victim’s 20 digit card number and had set the SIM SWAP process on, in the night time.

The scam broadly takes place in 2 steps, the SIM SWAP being the second step of the scamming technique.

Already privy to the banking ID and passwords, all that’s left for the fraudulent cons to find is the OTP on the registered mobile number and behold, the transactions begin!

Possibly, the victim was previously victimised by a phishing attack and unawares, mentioned his real password and account ID into a fake website fabricated by the cons.

The businessman had received 6 missed calls between the hours of 11pm and 2 am. These calls were initiated from 2 separate numbers, one beginning from +44(UK’s code).

The calls weren’t attended to as his phone was on the silent mode. Almost all the money got withdrawn from around 14 bank accounts the man had across the country, except for the 20 lakhs he somehow managed to recover.

When a user SIM SWAPS or basically EXCHANGES SIM CARD, all they do is register their phone number with their new SIM card.

This way the phone number is harvested and once that’s done the OTPs could be easily received, opening avenues of online shopping and ludicrous transactions in the owner’s name.

SIM SWAP could also affect people who communicate about their passwords or IDs via cell phones.

The technique depends upon who is a part of the communication. In actual and legitimate SIM exchanges, the users are connected to the servers of service providing organizations like Vodafone or Airtel.

These operators have ‘specifically designed official USSD codes’ for the SIM Swap process.

But when the swapping is not done by the user, the 20 digit SIM card number might fall into wrong hands.

If the wrongly swapped SIM card falls into the hands of the scammer, the victim would fall into immense danger.

HOW THE SCAM GOES ABOUT

The user would get call from the scammer, pretending to be from Idea or Jio. The caller would then, engage the user by saying that the call is for improving the call experience.

Once, set and familiar, the caller would guide the user’s way to SIM exchange, all the way wanting to extract the 20 digit SIM code.

The caller would try all means possible and would trick the user with any trickery possible to haul those 20 digits out.

After having persuaded the user about the 20 digits, the caller would ask them to press 1 or confirm the SIM swap.

The fraudster would then actually initiate the SWAP, having extracted the 20 digit SIM code, they were after.

Meaning, if supposedly the user has an Airtel SIM, the fraudster will too use an Airtel SIM to officially go through with the SIM swap.

Airtel would then send a confirmation text to the user’s cell number. Airtel would be sure that the SIM swap has actually happened and the attacker would have the cell number.

The actual user’s mobile will be left with no signals at all, whereas the fraudster will have full signals on the SIM and complete control over the cell number.

The fraudster would then incessantly call to make the user switch off the phone, in order to get a window to complete the fraud. Once that’s done, the user wouldn’t have any idea about it.

 

Aadhar number could also be an important credential that you would never want to share over the phone.

Also, always keep a close check on your bank account, and if any weird activity is speculated, immediately contact the bank and put a stop to the questionable transaction.