In a recent news, it was reported by the Primitive founding Partner, Dovey Wan, Zhoujianfu, who is a Chinese investor and also the founder of Dreamhost had lost money to a SIM swap attack. The investor lost $45, 000,000 i.e. about 100,000 Bitcoin Cash (BCH) worth $30 million and also 1547 Bitcoin (digital currency) (BTC) worth $15 million.
India is not spared too, SIM swap frauds are on the increase, and all these related SIM swap frauds are directed towards withdrawal of money from linked bank accounts or e-wallet accounts. A reported case was booked under the IT Act/IPC in which a senior citizen lost ₹25 lakh from his bank account to a SIM swap fraud.
What is a SIM Swap
In this, a cyber-criminal steals a certain amount of your personal data, including your phone number. He contacts a different carrier, pretending to be you, and claims to have lost the SIM along with the phone (it also happen that he reports a destroyed or defective SIM). He convinces the carrier to supply a new SIM, disconnects the “old” line, and then transfers “his” apps and information from the cloud or will now direct the bank transaction by virtue of the SIM and Mobile Number being available with the criminal.
How to avoid being a victim of SIM swap fraud
1. The service provider or in other words your mobile carrier is first to be cautioned. Firstly, never leave a SIM on your name unattended. Secondly, if the SIM is not in use, deactivate it. Thirdly, if you have a SIM and do sparingly use it and that too if the same SIM or Number is linked to a Banking or E-wallet Account, remember to keep it active. Fourthly, if the SIM is deactivated, contact the carrier immediately. Fifthly, always maintain a web-login to manage a SIM/Mobile Number account. Lastly, a cybercriminal may trick your carrier into switching SIMs; there are means to protect from potential identity thieves. One of the most popular ways is setting up a passcode or PIN for your mobile account.
2. Secure your personal information. The cyber criminals’ first initial is to get access to the personal information, that includes Date of Birth, Mother’s Maiden Name, etc; that will be useful to prove the identity to the carrier service provider and also for additional authentication at banks.
3. Additional authentication/precaution on the bank or e-wallet accounts should be made like: two-factor-authentication (2FA), capping on transactions, additional e-mail authentication, multi-factor-authentication (MFA), etc. these actions will ensure that the cyber criminal is made to encounter barriers at each stage of his/her attack.