SIM swap is an advanced variety of phishing cyberattack in which customers using mobile phones for internet banking are the targets. In SIM swap fraud, attackers obtain a duplicate SIM without the knowledge of original SIM holder and then carry out online banking transactions by utilising the duplicate SIM. It can be considered as a fraud related digital banking.
Phishing fraud is an email based cyberattack. Phishing is used to collect sensitive information like passwords, usernames, card number, CVV number and other details by sending a legitimate looking email. The details are then utilised for malicious purposes. In SIM swap attack, the attacker initially collects the banking/ card details of an individual through phishing attack or hacking. He also collects personal details from social media. The fraudster then approaches the mobile network operator, submits fake KYC documents, succeeds in fooling them and gets the original SIM cancelled and de-activated. He obtains a duplicate SIM and gets it activated. Since the original SIM is cancelled, all calls and messages to the original number is received in the mobile phone with the duplicate SIM.
The SIM swap fraudster is now in possession of online banking/card details, mobile number and personal details of the victim. The fraudster now initiates a banking transaction. Majority of the online banking transactions are completed with the One Time Password (OTP) sent to the registered mobile number. Here, the fraudster gets the OTP in the mobile phone with the duplicate SIM. Thus fraudster succeeds in carrying out transactions in the victim's account without any knowledge of the account holder.
For banks, it is very difficult to detect the fraud as they do not have any mechanism to differentiate a duplicate SIM from an original SIM and whether the request is from a new mobile phone. However, they are regularly fine tuning their processes to prevent cyber frauds. This is with the intention of avoiding reputation loss, legal claims and wastage of time, money and manpower behind follow up. They are adopting methods like identifying device type, assessing locational data and customer behavior. Even then, it is essential for the customers to be vigilant to avoid such attacks. Some of the precautions that customers can take care are:
SIM Swap fraud occurs as fraudsters take advantage of lack of vigilance on the part of mobile service providers, banks and customers. Hence, the best way to avoid such frauds is by improving cautiousness and adopting best practices by all stake holders involved. Different types of cyberattacks