What is SIM swap cyberattack on bank accounts?« Back to Questions List

SIM swap is an advanced variety of phishing cyberattack in which customers using mobile phones for internet banking are the targets. In SIM swap fraud, attackers obtain a duplicate SIM without the knowledge of original SIM holder and then carry out online banking transactions by utilising the duplicate SIM.  It can be considered as a fraud related digital banking. 

Phishing fraud is an email based cyberattack. Phishing is used to collect sensitive information like passwords, usernames, card number, CVV number and other details by sending a legitimate looking email. The details are then utilised for malicious purposes. In SIM swap attack, the attacker initially collects the banking/ card details of an individual through phishing attack or hacking. He also collects personal details from social media. The fraudster then approaches the mobile network operator, submits fake KYC documents, succeeds in fooling them and gets the original SIM cancelled and de-activated. He obtains a duplicate SIM and gets it activated. Since the original SIM is cancelled, all calls and messages to the original number is received in the mobile phone with the duplicate SIM. 

The SIM swap fraudster is now in possession of online banking/card details, mobile number and personal details of the victim.  The fraudster now initiates a banking transaction. Majority of the online banking transactions are completed with the One Time Password (OTP) sent to the registered mobile number. Here, the fraudster gets the OTP in the mobile phone with the duplicate SIM. Thus fraudster succeeds in carrying out transactions in the victim's account without any knowledge of the account holder. 

For banks, it is very difficult to detect the fraud as they do not have any mechanism to differentiate a duplicate SIM from an original SIM and whether the request is from a new mobile phone. However, they are regularly fine tuning their processes to prevent cyber frauds. This is with the intention of avoiding reputation loss, legal claims and wastage of time, money and manpower behind follow up. They are adopting methods like identifying device type, assessing locational data and customer behavior. Even then, it is essential for the customers to be vigilant to avoid such attacks. Some of the precautions that customers can take care are:
1. Be vigilant to protect personal details. Never reveal personal details, bank account details, passwords etc to third parties. 
2. Never reveal card/ account details even to persons pretending to be bank officials as. Banks never seeks such details from customers. 
3. Fraudsters urtilise personal details available in social media often to carry out such frauds. Ensure that proper privacy settings are in place to avoid snooping by cyber fraudsters. 
4. Contact mobile service provider immediately, if your service is discontinued abruptly or go out of range. 
5. Register with bank for e-mail and mobile alerts so that you get details of transactions both via e-mail and SMS.
6. Check the bank account statements on regular basis. This may help you to identify already occured frauds and avoid further damage, but may not be of much use to prevent frauds.
7. Try to have separate e-mail ID and mobile number for banking transactions alone and keep them secret.
8. Use only reliable and proven e-com sites for carrying out e-com transactions.

SIM Swap fraud occurs as fraudsters take advantage of lack of vigilance on the part of mobile service providers, banks and customers. Hence, the best way to avoid such frauds is by improving cautiousness and adopting best practices by all stake holders involved. Different types of cyberattacks

Cyber security strategies to safeguard from cyberattacks

Why does a tube light have a glow delay compared to CFL?