Cyber sleuths bust SIM swap fraud; Airtel staffer among 6 nabbed
By- Ananya Yadav
We have zero tolerance if code of conduct violated: Airtel
An executive of telecom firm Airtel’s store at Tanuku (Andhra Pradesh) has been arrested by the Telangana Cyber Crime sleuths for abetting a SIM swap case. The clique transferred an amount of 1.85 lakh from the account of Ramakrishnam Raju, a resident of Miyapur (Hyderabad), from his HDFC Bank account. The Cyber Crime police arrested six persons in connection with the crime and produced them before a local court.
When approached, another Airtel executive said the telecom firm has a policy of zero tolerance in matters relating to violation of code of conduct defined for its employees and partners.“We are extending full assistance to the police authorities in this matter,” the executive said in a statement.
Cyber sleuths have said that the Airtel staffer at Tanuku explained to one of the accused how to get a SIM (of the victim) replaced. Following his advice, the accused created a fake email ID and sent a mail to the Airtel authorities, appealing them to replace and reactivate SIM card.Gaining access to the victim’s SIM would help the criminals know OTPs (one-time passwords) and other info that the banks send to its customers.The cops said that the accused had transferred money from the account of complainant by initiating OTP-based transactions. The cops have asked the telecom service providers not to issue and replace SIM cards without verifying the original documents, K Srinivas, Inspector of Police (Cyber Crimes), who is investigating the case, has said.
What is SIM swap fraud?
Your cellphone could provide a way for cybercriminals to access your financial accounts. The fraud is known as SIM swapping, and it can be used to take over your financial accounts. SIM swapping relies on phone-based authentication. In a successful SIM swap scam, cybercriminals could hijack your cell phone number and use it to gain access to your sensitive personal data and accounts.Here’s how it works. You might try to access one of your bank accounts that uses text-based two-factor authentication. That means you begin to access your account by entering your user name and password. Your bank then sends an access code to your cellphone for you to complete the log-in process.
But what if fraudsters are able to change the SIM card connected to your mobile number? That would give them control over that number — and they’d receive the access code to your account. It’s a good idea to learn about of SIM card swapping. That way you can help protect yourself against this type of fraud — or recognize if you’ve become a victim. Here’s what you need to know.
How do SIM swapping scams work?
A SIM swap scam — also known as SIM splitting, simjacking, sim hijacking, or port-out scamming — is a fraud that occurs when scammers take advantage of a weakness in two-factor authentication and verification in which the second step is a text message (SMS) or call to your mobile phone number.
First, some SIM-card basics. Cellphone subscriber identity module (SIM) cards are the storage for user data in Global System for Mobile (GSM) phones. Without a SIM card, your GSM phone wouldn’t be authorized to use a mobile network.
So having control over your cellphone number would be valuable to fraudsters. To steal your number, scammers start by gathering as much personal information on you as they can get and engaging in a bit of social engineering.
The scammers call your mobile carrier, impersonating you and claiming to have lost or damaged their (your) SIM card. They then ask the customer service representative to activate a new SIM card in the fraudster’s possession. This ports your telephone number to the fraudster’s device containing a different SIM. Or, they may claim that they need help switching to a new phone.
How are fraudsters able to answer your security questions? That’s where the data they’ve collected on you through phishing emails, malware, the dark web, or social media research becomes useful.
Once they gain access to and control over your cellphone number, fraudsters can then access your phone communications with banks and other organizations — in particular, your text messages. They can then receive any codes or password resets sent to that phone via call or text for any of your accounts. And that’s it: They’re in.
How do they get your money?
They might set up a second bank account in your name at your bank — where, because you’re already a bank customer, there may be less robust security checks. Transfers between those accounts in your name might not sound any alarms.