Skip to main content

e-SIM fraud : All you need to know about e-SIM and SIM swapping fraud

Awareness is necessity

Ever heard about the place, Jamtara? Many of you must have seen the famous series "Jamtara: Sab ka number ayega" on Netflix. It is located near Jharkhand's capital Ranchi. This place has become a hub for phishing and bank fraud.

Recently, Jamtara has come in the limelight because this place's fraudsters have started a new type of crime/ fraud, i.e. e-SIM fraud.


Do you know what eSIM is?

e-SIM stands for the "Embedded Subscriber Identity Module." You don't need to buy a telecom operator's SIM card separately and insert it into your mobile. e-SIM is a part of your smartphone's hardware. This e-SIM chip comes pre-installed on your smartphone. Its working is the same as our standard SIM, which saves information like IMSI number, some contact details etc. e-SIM is re-writable means previous telecom operator related details can be erased and new information can be written again by a new telecom operator.

This type of fraud can empty your bank accounts in seconds. This e-SIM fraud racket has started to spread all over India in recent times. Five people have been arrested in connection with the e-SIM racket. Police have suspected that they have access to over 300 nationalized and private bank around Punjab, Jharkhand, Haryana, West Bengal, Telangana and Bihar.

What are the tricks used by fraudsters to attack?

Below is the modus operandi of the e-SIM fraud racket explained by INDIATV news in their article.

  1. Jamtara's fraudsters first collect a series of mobile numbers. Then these thugs send a message stating that "your card will be blocked in 24hours if KYC details are not updated."
  2. Then they contact them via call imposing as customer care executive of any telecom operator that provides e-SIM service. In India, it is mainly airtel.
  3. Users are then asked to forward an email ID (sent by the fraudsters) to that particular telecom operator's customer care.
  4. The email ID belongs to the scammers so that they can register their email IDs to access the user's bank information. Once the message is sent, an auto-generated message is received regarding the e-SIM activation.
  5. Then another message is received containing a link to a Google form asking users to fill in details for the KYC updating. Once users fill in their details that include the bank account number.
  6. The e-SIM is activated, and a QR code is sent to the fraudsters (via email) to access the user's phone number as the physical SIM card gets blocked.
    7. This way, the scammers can use the phone number to get OTPs and enter the banking details in e-wallets to steal money from people.

Recent cases related to e-SIM swapping fraud

In India, people aren't aware of e-SIM, and fraudsters are taking advantage of this. The scammers are swapping the physical SIM which is present in the victim's mobile device with eSIM of the same number that will be with scammers.

The cyber cell of Hyderabad has received more than three complaints received between 14/07/2020 to 22/7/2020 regarding the same type of fraud. Modus Operandi is the same in all cases. At last, the victim received an auto-generated message from Airtel SIM card got blocked, and an amount of Rs.9, 20,897/- has been deducted from his bank accounts. Similar kinds of two cases occurred in the same month where the amount of Rs.5, 94,799/- and Rs.1, 03,990/- were deducted from the victims' accounts. Hence, the victims have requested the police to take necessary action.

How to stay safe from eSIM scam?

  1. Don't believe any fraudulent messages. Telecom companies never send such messages until you have requested to convert your SIM to e-SIM.
  2. Never submit bank details, passwords through Google forms or over calls.
  3. If someone calls you to ask about KYC details or update it, DO NOT give any details.
  4. Read auto-generated emails and messages carefully.
  5. If any updates or changes are to be done in KYC, visit the nearby store.
  6. Never share your computer screen or mobile screen with unknown by using Any desk or Team Viewer applications.
  7. DO NOT forward any emails or messages as instructed by the fraudsters. If you feel it is any scam or suspicious activity, contact the customer care and send "NO SIM" to 121 to stop the e-SIM activation process.

So the motive behind this article is to spread awareness about this kind of eSIM scams. As cybercriminals are becoming very smart day by day, they are using new ideas to make people fool.

Labels:

Comments

Post a Comment

Please do not enter any spam link here.

Popular posts from this blog

Exploiting and Securing GitLab: Lessons from a TryHackMe Lab

Perimeter security isn’t enough—because sometimes the threat is already inside. In this blog post, I’m sharing what I learned from a hands-on TryHackMe lab on GitLab security . It revealed how a simple internal misconfiguration—like open registration or overly permissive repo access—can lead to major data exposure inside an organization. I’ll walk you through the red team perspective on exploiting a misconfigured GitLab instance , and then flip the script to explain how you can secure your own internal build systems . Scenario: Inside the Walls of a Large Organization Think of a large organization—like a bank—with thousands of employees and multiple teams handling development, IT operations, and security. To keep intellectual property (IP) secure, these organizations often host self-managed GitLab instances on their internal network. But here’s where things can go wrong: GitLab is hosted internally Allows anyone on the internal network to register Has some projects...
Post a Comment
Read more

Email Security Deep Dive: 13 Steps to Keep Your Emails Safe

Email Security Checklist The Email Security Checklist 1. Enable SPF (Sender Policy Framework) What it is: SPF is like a guest list for your email domain. It tells the world that only specific servers are allowed to send email for your domain. How it works: Publish an SPF record in DNS. When someone receives an email claiming to be from your domain, their mail server checks if the sending IP is listed in the SPF record. If the IP is not listed, the email is rejected or marked as spam. Example SPF record: v=spf1 ip4:203.0.113.0/24 include:_spf.google.com -all Only servers in the specified IP range and Google’s mail servers can send emails for this domain. Others are rejected. Points to Note: Prevents attackers from spoofing your domain and sending phishing or spam emails. 2. Enable DKIM (DomainKeys Identified Mail) What it is: DKIM is a digital signature for each email, ensuring that the message hasn’t been tampered with. Ho...
Post a Comment
Read more

Do you know, by blindly following trends and using hashtags you can be the victim of cyber crime? : #couplechallenge

Awareness is necessity "Nohashtag challenges" Nowadays, #couplechallenge, #smilechallenge, #chirichchallenge trending on social media platforms. But do you know the history of hashtags? Lets see, how hashtag was invented. Chris Messina a product designer who has been working in Silicon Valley created the idea of hashtag. He and his small group of colleagues were thinking that twitter needs some kind of frame work. He got the idea of hashtag from internet chat room that had pound symbol in front of them. His main idea to create hashtag was for the internet and wanted that anybody writing text on internet be able to participate in global conversation. In 2007, he asked one of his friends to use #sandiego for his tweets and this way the use of hashtag started. In 2009, Twitter added the option of hashtag to its search bar. And this way hashtag became a trend. This trend then being followed by other apps like tumbler, Facebook, instag...
Post a Comment
Read more

પ્રાઇઝ સ્કેમ: જો તમારે ઇનામ મેળવવા માટે ચૂકવણી કરવી પડતી હોય તો તે ઇનામ નથી

Awareness is necessity શું તમને ક્યારેય કોઈ કોલ્સ આવ્યા છે કે જેમાં તમે કોઈ પણ ઓનલાઇન શોપિંગ વેબસાઇટમાંથી ઇનામ અથવા લોટરી જીતી લીધી હોય તેવું કહે છે? શક્યતા છે કે આ કોલ્સ ફ્રોડ છે. સાયબર સ્વયંસેવક તરીકે, મેં આ પ્રકારની છેતરપિંડીઓના કેટલાક કેસ નું અધ્યયન કર્યું છે. ચાલો સમજીએ કે આ પ્રકારની છેતરપિંડી કેવી રીતે થાય છે? !! છેતરપિંડી કરનાર તમને કોઈપણ વિશ્વસનીય ઓનલાઇન શોપિંગ સાઇટમાંથી કર્મચારી હોવાનુ કહે છે.તેઓ તમને સાઇટ પરથી તમારી છેલ્લી ખરીદી વિશેની વિગતો, ઉત્પાદન અને ઓર્ડર ની વિગતો સાથે તમને મનાવવાનો પ્રયાસ કરે છે. જ્યારે કોઈ વ્યક્તિ માને છે કે છેતરપિંડી કરનાર ઓનલાઇન સાઇટનો કર્મચારી છે, ત્યારે તેઓ તમને વિવિધ ઇનામો જેવા કે લેપટોપ, ટીવી, મોબાઇલ ફોન વિશે આકર્ષક યોજનાઓ આપે છે અને તમારી પાસેથી એક ઇનામ પસંદ કરવાનો વિકલ્પ આપે છે.જ્યારે તમે થોડી રુચિ બતાવો અને ઇનામ પસંદ કરો ત્યારે ઉલ્લેખિત ઇનામમાંથી, તેઓ તમને SMS તરીકે એક લિંક મોકલે છે.મોકલેલી લિંક એ છેતરપિંડીની લિંક છે જે તમારી વિગતો જેવી કે બેંક વિગતો તેમજ વ્યક્તિગત માહિતી માટે પૂછે છે.નોંધણી કરતી વખતે, તે તમને તમારા સ્થા...
Post a Comment
Read more

OLX fraud : Beware of this new fraud/scam of 'Army men'

Awareness is necessity Nowadays, OLX related frauds are increasing, such as share OLX password/OTP, QR code scams, Paytm link scam etc. The most occurring cases are related to Army personnel. Instead of writing all the things, it will be better to watch the video by a YouTuber, Mr. Rohit R Gaba and lets see How fraudster makes fools to people as Army personnel. Here, in the video, the fraudster talked about QR code. Let's understand what a QR code is and how fraud can be occurred by QR code. QR code ( Quick Response code ), We can store so much information within it in text form. I made one QR code that stores information such as a person's name, aadhar card number, etc. We can store any data with the QR code. Same fraudster store bank details and malicious code so that when you scan that QR code, the money will be debit from the account directly. How to protect ourselves from online OLX frauds? Always prefer face to face meetings with buyers or sellers and ...
Post a Comment
Read more