SIM SWAP ATTACK
As most of the account details are connected to an individuals’ mobile number, the attacker tries to gain access to the SIM card or obtain a duplicate SIM card for carrying out transactions on such duplicate SIM. Using the SIM swap technique, the attacker gathers personal information by practices such as phishing, vishing, smishing, and more, and uses the same to get a new sim card issued in the customers’ name. Post which, the attacker gets all the requisite information using this sim card, including OTPs, which they use to conduct fraudulent transactions from the customers’ bank accounts.
Modus operandi of SMShing:
- Attacker obtains bank account details and mobile numbers posted by the customer on a website as a complaint/feedback.
- Attacker then registers the mobile phone number of the customer through phishing and now the customer becomes an unaware victim.
- Attacker approaches victim’s mobile service provider with his/her fake identity proof and, claiming loss of handset or SIM damage, seeks a duplicate SIM card.
- Following verification, the original SIM is deactivated and a new one is issued to the attacker who then initiates financial transactions from the victim’s bank account and receives payment confirmation requests on the duplicate SIM.
- Since the original SIM has been deactivated, the victim remains unaware of fraudulent transactions.
Security measures:
- Do not share any personal or confidential details with unverified numbers or send emails and messages from suspicious addresses.
- Never share the number mentioned on the reverse of your SIM card with a stranger. The stranger could be a fraudster aiming to use your account for illicit activities for which you could be held liable.
- Be cautious while sharing your phone number on social media or any other website.
- Never neglect any SMS sent by the mobile service operator regarding any SIM Swap request
- Check your bank account alerts and statements regularly and report in case of any inconsistent transaction or activity. You may send an email to info@amcblanand.com
Always remember Jo Satark, Wohi Surakshit!
To report a fraud, write to us at
info@amcblanand.com