One of the worst things that could happen to a mobile user is the SIM Swap scam and worse, there have been instances. Like in any other scam, the fraudster targets their victim’s mobile number to get access to their personal information for illegitimate gains, such as to extract money. We have heard this happen to a digital wallet user in Nepal and more recently, a Delhi-based advocate fell prey to this. Let’s learn about what SIM Swap is, how it works, what you should do when this happens, and more.
Table of contents
What is a SIM Swap scam?
A SIM Swap is a situation when an unknown person, likely a scammer takes control of a phone number by faking as its original owner. The fraudster does this to access personal details to make financial gains. The scammer in such a context asks a carrier to port the target number into their own to facilitate their unlawful design. For this, they try to convince the carrier that they are the rightful owner of the SIM card.
Scammers use the victim’s personal information visible on social media or buy if possible from the dark web to ease their way. Attackers can also use phishing, emails, and links to persuade the victim into giving away their details. SIM Swapping has different names too. It is also called “SIM jacking” or “SIM card hacking.” Recommended: NTA Will Soon Implement Mobile Number Portability
Using the victim’s data, they can convince the telco to transfer the target number to another SIM profile. Once they get the SIM number, they bypass any two-factor authentication attached to the number. Then they easily gain control of the victim’s phone and accounts. When this happens, the attacker can access mail, banking details, credit/debit card info, social media accounts and details, etc. Most often, the money and vital personal details are at stake.
Recommended for you: Ntc requests customers to use SIM cards registered in their name to ensure safety on digital platforms
SIM Swap Scam in Nepal
SIM Swap or phone scams are possible for any mobile phone user. If you have ever heard of a “red-colored” number calling or got suspicious links on your social media feed, then those are ways to gain access to your vital personal data. Mails and messages announcing cash prizes or containing unofficial links urging you to send your data are additional ways scammers try to fraud you.
Recently, there was news of an eSewa user losing money after falling prey to a SIM Swap fraud. Poor SIM car registration procedure allowed the fraudster to gain unauthorized access and extract money from the victim’s eSewa account. An inadvertent sharing of personal information can allow scammers to gain access to our social media or bank accounts. One can only be alert not to let this happen. Something similar happened to the Delhi woman we mentioned above. We have details on it below down the lines.
Besides, you may also want to know about the one-ring fake missed calls “Wangiri scam” and another phone scam in Nepal. In both these cases, scammers used fake calls to victimize their targets. These prove that Nepal is not untouched by SIM fraud instances. The instances are actually growing as more people resort to digital services.
How to prevent Sim Swap Scam?
Prevention is better than care. Here are the topmost vital protective measures you can employ in your behavior to ward off SIM Swap scams:
- Don’t share your personal information: Never share your personal data with anyone. It’s the most important factor to save yourself from falling prey to a SIM Swap fraud. The extent of misuse by the attacker has no limit. It’s safe not to divulge our important data with ourselves.
- Use your SIM only: You must ensure that the SIM card you are using is in your own name. If the owner is a different person, if close to you, that means you don’t have the authority to manage it in other matters except for just calling, SMS, and data. In case, you need to transfer ownership, swap the SIM for the new one, your carrier provider first determines if the SIM is under your name. Because after using it for a long, it’s possible to ignore or forget who is it registered to. But this very thing is too important. Be your SIM card’s legitimate owner. Stop Selling Recycled SIM Cards, SC Issues an Interim Order!
- Careful with receiving calls: Receiving calls from unsaved numbers isn’t necessarily harmful however, attackers use this to extract your details. Since SIM Swap requires telcos’ original owner’s info, fraudsters try to extract details that allow them to convince the service provider to port the existing number to another. Therefore, always determine who you are talking with but still keep your passwords, date of birth, and other vitals to yourselves.
- Never share OTPs and passwords: The worst you can do is share your OTP and passwords which gives scammers direct access to your social media, mobile banking apps, digital wallets, and other digital services. And you know what could transpire after that. In fact, you should have practice of changing your passwords in between to escape easy guesses.
- Beware of phishing links, messages, and emails: Scammers use different methods to extract and fish out their targets’ personal info. One of their particular vehicles is phishing links and emails. You may see a tempting message announcing that you have won a prize and asking you to fill out a form to claim it. Then in your email’s inbox, you may get links from sources unknown. WhatsApp has become the favorite vehicle for scammers these days. Scammers send you a prize announcement and ask for your phone number, bank details, and other info that can be used for SIM Swapping. Always follow the right sources for information, and never click or tap on links and messages that you can’t verify the rightful source. Just ignore and delete them. You should also block such numbers or sends for future security.
Do read: How to buy SIM card in Nepal?
What to do after a SIM Swap scam?
In case you become a victim of SIM card fraud, these are the first things you must do:
- Block your SIM card. As soon as you realize that you have been “SIM-Swapped”, turn off your phone, contact your mobile network provider, and ask them to disable your SIM card. This helps the fraudster from using the number for any purposes further which require an active SIM service. Learn: How to Block a SIM Card in Nepal on Ntc, Ncell, Smart
- Contact the bank: Contact your bank or digital wallet services to disable your accounts including credit/debit card services. Since the fraudster may already have access to your bank and mobile wallet accounts, call them to freeze accounts. You can also consider transferring the money to another account to keep it from rogue hands.
- Tighten your social media security: Chances are that you have used your phone number in your social media accounts. Remove them if possible and also disable Two-Factor Authentication (2FA). Change your passwords to lock the attacker out of your Facebook, Instagram, and other accounts.
- Log out of devices: There’s a feature in most services such as Facebook, Instagram, Gmail, etc., that lets you log out of active devices on which your account is live or on which you have signed in. After changing your password, or creating a new one, make sure that you “tick the option” to log out of all other devices. This at least forces the attacker to log in again and due to the changed passwords, the attacker may lose access to your social media accounts, and other digital services.
- Report it to the police: While contacting your carrier service is a priority, you will also need to call the police to nab the fraudster and prevent this from happening to others. Also, bringing the scammers to the judicial procedure discourages potential attackers from making any hacking attempts.
Check out: How to register your phone in MDMS in Nepal?
An Indian woman in Delhi fell victim to the SIM Swap fraud
A Delhi-based advocate recently fell victim to the SIM Swap scam. As per The Indian Express, the unnamed individual received 3 missed calls and lost lakhs of rupees from her bank account. The event unfolded on October 18.
The woman received calls from different unknown numbers and she hadn’t answered any of the calls. But still, she went on to lose hundreds of thousands of cash from her bank account.
It’s startling because the prey hadn’t shared any password, personal details, or OTP, said the Cyber Cell of Delhi Police. However, the remote hacker managed to access her personal information including the victim’s bank details. When the woman called the person from a different number, she was told that it was a courier delivery number.
The case is registered at the Cyber Cell. But so far, the police haven’t been able to pinpoint the rogue individuals behind this phone hacking.
Check out: Youth Arrested On Accusation Of “SIM Duplication” And Mobile Banking Misuse
Money was withdrawn from the victim’s bank account
An officer from Delhi Police shed light on what had happened. He said, “She had only shared her house address with the accused thinking she would be receiving a package from a friend and she even received it. Later, two messages from her banking services application about two withdrawals, without her knowledge, alarmed her. The advocate had not shared any banking details, OTP, or password. When she approached us, we found money was debited several times without her consent.”
In addition, the investigation also found out that the woman’s browser history displayed sites she hadn’t accessed and received phishing links.
“She also received SMSs about phishing links; a suspicious message of some UPI registration has also been found. The woman told us she was not dealing with UPI or any such website,” continued the officer.
He shared that the woman had received the scam call from a person who claimed to be an IFSO officer and requested her bank statement. She hadn’t divulged any detail though. The Delhi police are actively investigating the case and could soon derive the results.
SIM Swap scam could happen to any mobile user at any time. Be alert and conscious of any potential attacks and protect your credentials and resources.