SIM Swapping Frauds are at the Surge in India
The article ‘SIM Swapping Frauds are at the Surge in India’ by Rahul Shamota contemplates the fraud on the original sim of the user and the ways to be taken to protect the sim from being purloined. The author also describes the mechanism applied in the Sim Swap Fraud. Precise information regarding the efforts of the legislature has been added at the end of the article.
The identity of a person is the most precious thing a person can hold in his life, but what if a person’s own identity is not in his control? This is the threat that has been presented by information technology and in the digital world, there is very limited control of a person over his own identity.
The websites track their online traffic, and applications require permissions to almost every feature on a device, and integration of services over cross-platforms has posed the threat of data leaks. With the growing technology new methods and tools to commit fraud in the digital world are increasing day by day. One of the frauds that involve both digital fraud and also physical acts to complete the fraud is the fraud that is committed as sim swap fraud.
Sim Swap Fraud: Mechanism
Sim Swap Fraud generally means the sim card of the person who is the victim of the fraud is swapped with a fake sim by blocking the original sim. There are a few steps that are crucial in the commission of sim swap fraud and some are discussed below:
1. Stealing of the Personal and Financial Data of the Victim:
The very first step that is acted upon to commit fraud is stealing and gathering all the personal and financial data of the victim and it broadly includes the following:
a. Identification of Documents and related information: The first thing is that the offender committing the fraud collects all the necessary identification documents that are valid for getting a sim card being issued from the telecom service provider are collected which includes the government identification documents, electricity bill, rent agreement and due to the requirement of such documents to be submitted for availing a lot of services is necessary there are many persons and companies that are involved in selling the sensitive personal documents collected by them.
The most common source that provides a bundle of personal information and documents is the personal loan and credit facility apps on the internet. There are a lot of websites that provide instant credit and loan facilities but are nothing but a scam committed to collecting all the necessary documents under the pretext of the requirement to avail finance. Even many applications are available on the play store that only collects data and usually, no credit facility is provided and only a general response is provided that the application does not meet the internal policy of the company.
To safeguard oneself from these types of bogus websites and applications before submitting any document general search has to be done on the internet about the company, and in most cases, the user will find instantly that the app or website is a fraud as there are whistle-blowers who keep on sharing warning information about these apps and websites. Also, the user has to refrain from downloading an application that is not available on the Play store or Appstore and also refrain to visit any website of which the security certificate is informed expired by the browser.
Even if everything is right before sharing any information the user must check whether the application or website seems to be trusty or not by visiting the reviews and comments if any.
b. Stealing of bank information:
The next step is to steal the bank details of the victim and for this, the offender either uses the technique of fake apps and websites discussed above or resorts to phishing, spamming, unsolicited calls, and SMS asking to visit a particular website by the link in the mail or SMS and to update or reconfirm their personal details to have the uninterrupted banking facility. The website is a fake website created similar to the bank website with a tweak that all the confidential information of bank accounts submitted on these websites is stored to be used for committing the fraud
2. Making the user create a distance from the mobile device containing the sim: the next step in the sim swap fraud is making the user have a distance from the device used for operating the sim card that the offender is going to swap and there are various tactics followed for the same:
a. Continuously calling or sending SMS to the user about various irrelevant things so that in frustration the user switches off their mobile device so that while committing the fraud the user doesn’t receive any information or updates of transactions done from his account.
b. Sending a bogus message of interruption in services: another thing that the offender does is that SMS containing information about the interruption of services that will occur shortly is sent so that when the sim card lost service the user doesn’t arise suspicion.
The various protective measure that can be adopted by the users are:
a. Never switch off their mobile device unless the situation requires it.
b. If there is no service in the sim to check with nearby persons whether their network services are working or not if the user is in a network area.
c. Not to ignore service interruption messages if only the user has received a such message while other users of the same network have not received the same and get in touch with customer support and inform them about the same immediately.
3. Swapping of the sim:
The next step that is followed by the offender is to swap the sim of the user with a fake sim by submitting documents and information collected about the user and getting a new sim of the same number issued to commit the fraud.
4. Commission of the fraud:
Now as the offender has all the banking information with him and the sim of the user is also swapped with a fake sim the offender uses the information to gain access to the banking services of the user and commit fraud by transferring all the finances to numerous account and as the offender has the sim all the OTP will be received on the fake sim he is using and before the user arose suspicion or get the information about the financial transaction it is too late to stop the same.
Recent Legislative Development
Recently the department of telecommunication issued a notification on 14th November 2022 to all the sim service providers that in case of new sim card is issued in case of swapping or replacement then in addition to the process to be followed for the same, the SMS facility both income and outgoing will be barred for a period of 24 hours from the time of activation of new sim card and all the licensee are required to implement the instructions issued within 15 Days.
After implementation of these instructions, there will be a 24-hour time gap before the offender can use the sim to gain access to banking services as for any banking service, whether it is net banking or logging into UPI apps, requires OTP to be filled in case of net banking for login purpose and for login to UPI apps the user is required to send a message to activate UPI id and in the meantime when the user is not receiving any sim network services he has sufficient time to contact the service centre or customer support for help and if it found that the sim is swapped in unauthorized and fraudulently manner prompt action can be taken in regard to the same and the fake sim can be immediately cancelled, and potential fraud that might have occurred due to the same can be avoided.
Law Library: Notes and Study Material for LLB, LLM, Judiciary, and Entrance Exams