Almost every major Telecom Company in India, allows it’s users to swap sim numbers, or in simple words, get a new sim issued with the same number and get the previous one deactivated. The reason for doing it might vary from user to user. In order to ease out the process of doing the sim swap, companies have setup USSD codes, so that a user can easily go through the process, and the company also need not to assign extra manpower for this work.
But some miscreants, plan on to take an undue advantage of this facility. They have an aim of compromising private details of the legit user. Attackers have been using this method to dupe people of our country from a rationally long time. Recently a businessman, resident of Mahim, Mumbai was duped for Rs.1.86 Crore. He received around 6 missed calls from unknown numbers between 11:00 PM and 02:00 AM. In morning when he tried to dial those numbers, he found out that his sim, wasn’t operational. Upon contacting the sim operator, he found out that a request was made from his side, for a new sim at around 11:15 PM. The businessman was completely baffled up when he checked out his company’s account. The whole account was empty. He got to know that 28 transactions were made to transfer the amount in a total of 14 different accounts across the country. The bank was able to retrieve only Rs.20 Lakh and the rest of the amount was withdrawn by the miscreants overnight.
So How Do They Do It?
Every SIM Card has its own combination of 20 characters and digits, which is craved on the back side of the Card. This combination serves an important role in identifying the sim’s location and various other details associated with it.
The attackers generally call the user and confront them as a company’s professional executive. Their main motive is to know this number and initiate a sim swap. Once they get their hands on the number, they usually plan on to initiate the request at night time. At this time, the user generally doesn’t answer the calls. On the other hand, Telecom Operator takes 4-5 hours to complete the process. The whole work is done overnight and by morning, the access of the sim card is in the hands of these miscreants. With the mobile number they can easily access OTP’s and do whatever they want.
How to prevent this attack?
In conclusion, these are basic ways of preventing such attacks:
- Prevent opening Phishing Sites and spam e-mails, because your private data might get captured by these attackers anytime.
- All things considered, never try to maintain only a single mobile number as a recovery method for your bank accounts.
- Moreover, if you notice anything wrong with your sim card, contact your Telecom Operator ASAP.
- Never switch-off your phone if you are receiving a lot of unnecessary calls from company. Thus the company will assume that the sim swap request initiated, is totally legit!