What it is ?
SIM cards, or Subscriber Identity Module cards, are chips inserted in mobile phones for a unique identification number. SIM swapping scam- also known as SIM splitting, simjacking, sim hijacking, or port-out scamming- is any fraudulent activity that seeks control over phone-based authentication. In other words, cybercriminals use SIM cards to hijack one’s mobile phone number, thereby gaining access to one’s sensitive personal data and accounts.
How it works ?
A SIM swap scam occurs when scammers gain control over one’s phone number would be valuable to fraudsters. In order to gain this control, scammers gather personal information via phishing emails, malware, the dark web, or social media research.
Thereafter, the scammers call the victim’s mobile carrier, pretending to be the victim and claiming to have lost or damaged their (as in, the victim’s) SIM card. The customer service representative is asked to activate a new SIM card in the fraudster’s possession. And so, the victim’s phone number is ported or transferred to another SIM in the fraudster’s possession. Meanwhile, the victim would not be able to call or text, and would face what they might assume to be “network issues”. Fraudsters are able to answer security questions that the customer service would ask for using the data gathered via phishing or other means.
Upon gaining access to and control over the victim’s phone number, fraudsters can then easily access the victim’s correspondence with banks- they can then initiate password resets for any of the victim’s accounts, for all that is required is confirmation of a code sent to the mobile number.
How it can be Prevented ?
- Beware of phishing emails and other ways attackers may try to access your personal data to help them convince your bank or cell phone carrier that they are you.
- Boost your cellphone’s account security with a unique, strong password and strong questions-and-answers (Q&A) that only you know.
- If your phone carrier allows you to set a separate passcode or PIN for your communications, consider doing it. It could provide an additional layer of protection.
- Don’t build your security and identity authentication solely around your phone number. This includes text messaging (SMS), which is not encrypted.
What to do when you realize you’ve been scammed ?
- Contact your bank’s home branch and ask to debit-freeze your account
- Report the incident at the nearest cyber cell or cyber police station in your district/city.
- If unable to report the incident in person, visit the website for National Cyber Crime Reporting Portal (https://cybercrime.gov.in) and submit your complaint. A step-by-step procedure for filing a complaint on this portal is available here.
What are Legal outcomes for SIM Swapping Scam ?
In a recent case of SIM swap fraud registered at the Pune cybercrime cell, a 45-year-old man residing in Kothrud, Pune, was duped of Rs 18,25,500. A case under Sections 419 (personation) and 420 (cheating) of Indian Penal Code along with Sections 66(c) and 66 (d) of Information Technology Act was registered at Kothrud police station.
Alison Grace Johansen, SIM swap fraud explained and how to help protect yourself, NORTON (2020), https://us.norton.com/internetsecurity-mobile-sim-swap-fraud.html
Srushti Iyer, SIM Card Swapping Fraud, THE CYBER BLOG INDIA (2020), https://cyberblogindia.in/sim-card-swapping-fraud/
Pune man duped of Rs 18 lakh in SIM swap fraud, HINDUSTAN TIMES (2020), https://www.hindustantimes.com/cities/pune-man-duped-of-rs-18-lakh-in-sim-swap-fraud/story-tIdkcJxfRAibxv95o5Ir1N.html