Earlier this month, a North Delhi-based advocate fell victim to a 'SIM swap scam' after receiving missed calls, resulting in a financial loss. This incident follows previous cases, including a private school teacher and a South Delhi-based businessman who experienced similar scams, losing substantial sums of money.
The 'SIM swap scam' primarily involves the theft of personal information, including phone numbers, bank account details, and addresses, through phishing and vishing techniques. Cybercriminals use these details to acquire a duplicate SIM card by posing as victims at a mobile operator's retail outlet, reporting a fake theft of the victim's SIM card and mobile phone. Consequently, all activation messages and information are redirected to the fraudsters.
The victims receive multiple missed calls from the scammers as part of their strategy. The purpose of these calls is to prompt the victims to leave their phones unattended, as the scammers take control of the duplicated SIM. By doing this, the scammers can intercept banking authorization messages and OTPs, enabling them to initiate unauthorized transactions without immediate detection.
To withdraw money from victims' bank accounts, the fraudsters use the obtained personal details to log into bank portals and generate OTPs. Since the scammers have access to the victim's SIM card, they receive all OTPs, facilitating unauthorized transactions and theft of funds.
Fraudsters typically find victims by purchasing data from hackers involved in data breaches or from online portals where compromised data is available. Companies experiencing data breaches contribute to this problem, as they lose large volumes of customer data to hackers.
As of now, no arrests have been made in connection with these scams, as the fraudsters evade capture by discarding duplicate SIM cards and operating from various locations. Stolen funds are often converted into cryptocurrency, making it challenging for law enforcement to track these transactions.
To protect oneself from such scams, individuals should remain vigilant against phishing and vishing attacks, avoid ignoring messages or switching off phones after receiving multiple missed calls, change bank account passwords regularly, register for SMS and email alerts for banking transactions, and promptly contact bank authorities in case of suspected fraud to block the account and prevent further financial loss.