Skip to main content

e-SIM fraud : All you need to know about e-SIM and SIM swapping fraud

Awareness is necessity

Ever heard about the place, Jamtara? Many of you must have seen the famous series "Jamtara: Sab ka number ayega" on Netflix. It is located near Jharkhand's capital Ranchi. This place has become a hub for phishing and bank fraud.

Recently, Jamtara has come in the limelight because this place's fraudsters have started a new type of crime/ fraud, i.e. e-SIM fraud.


Do you know what eSIM is?

e-SIM stands for the "Embedded Subscriber Identity Module." You don't need to buy a telecom operator's SIM card separately and insert it into your mobile. e-SIM is a part of your smartphone's hardware. This e-SIM chip comes pre-installed on your smartphone. Its working is the same as our standard SIM, which saves information like IMSI number, some contact details etc. e-SIM is re-writable means previous telecom operator related details can be erased and new information can be written again by a new telecom operator.

This type of fraud can empty your bank accounts in seconds. This e-SIM fraud racket has started to spread all over India in recent times. Five people have been arrested in connection with the e-SIM racket. Police have suspected that they have access to over 300 nationalized and private bank around Punjab, Jharkhand, Haryana, West Bengal, Telangana and Bihar.

What are the tricks used by fraudsters to attack?

Below is the modus operandi of the e-SIM fraud racket explained by INDIATV news in their article.

  1. Jamtara's fraudsters first collect a series of mobile numbers. Then these thugs send a message stating that "your card will be blocked in 24hours if KYC details are not updated."
  2. Then they contact them via call imposing as customer care executive of any telecom operator that provides e-SIM service. In India, it is mainly airtel.
  3. Users are then asked to forward an email ID (sent by the fraudsters) to that particular telecom operator's customer care.
  4. The email ID belongs to the scammers so that they can register their email IDs to access the user's bank information. Once the message is sent, an auto-generated message is received regarding the e-SIM activation.
  5. Then another message is received containing a link to a Google form asking users to fill in details for the KYC updating. Once users fill in their details that include the bank account number.
  6. The e-SIM is activated, and a QR code is sent to the fraudsters (via email) to access the user's phone number as the physical SIM card gets blocked.
    7. This way, the scammers can use the phone number to get OTPs and enter the banking details in e-wallets to steal money from people.

Recent cases related to e-SIM swapping fraud

In India, people aren't aware of e-SIM, and fraudsters are taking advantage of this. The scammers are swapping the physical SIM which is present in the victim's mobile device with eSIM of the same number that will be with scammers.

The cyber cell of Hyderabad has received more than three complaints received between 14/07/2020 to 22/7/2020 regarding the same type of fraud. Modus Operandi is the same in all cases. At last, the victim received an auto-generated message from Airtel SIM card got blocked, and an amount of Rs.9, 20,897/- has been deducted from his bank accounts. Similar kinds of two cases occurred in the same month where the amount of Rs.5, 94,799/- and Rs.1, 03,990/- were deducted from the victims' accounts. Hence, the victims have requested the police to take necessary action.

How to stay safe from eSIM scam?

  1. Don't believe any fraudulent messages. Telecom companies never send such messages until you have requested to convert your SIM to e-SIM.
  2. Never submit bank details, passwords through Google forms or over calls.
  3. If someone calls you to ask about KYC details or update it, DO NOT give any details.
  4. Read auto-generated emails and messages carefully.
  5. If any updates or changes are to be done in KYC, visit the nearby store.
  6. Never share your computer screen or mobile screen with unknown by using Any desk or Team Viewer applications.
  7. DO NOT forward any emails or messages as instructed by the fraudsters. If you feel it is any scam or suspicious activity, contact the customer care and send "NO SIM" to 121 to stop the e-SIM activation process.

So the motive behind this article is to spread awareness about this kind of eSIM scams. As cybercriminals are becoming very smart day by day, they are using new ideas to make people fool.

Labels:

Comments

Post a Comment

Please do not enter any spam link here.

Popular posts from this blog

How to Pass CompTIA Security+ SY0-701 in 2 Months (839 Score Breakdown + Resources)

How I Scored 839/900 on CompTIA Security+ SY0-701 — 2-Month Prep Strategy That Actually Worked Score: 839/900  |  Exam: CompTIA Security+ SY0-701  |  Prep Time: 2 Months  |  Total Questions: 76 (including 3 PBQs) I'm not going to sugarcoat it — CompTIA Security+ is not easy, but it is very passable with the right strategy. I cleared it with an 839 out of 900, and in this post I'll share exactly how I did it, domain by domain, so you can replicate the approach without wasting time. My 2-Month Study Plan Month 1 — Domain-by-domain study: Read, take notes, and build comparison tables and mnemonics for tricky concepts. Month 2 — Heavy practice testing: Full focus on practice tests and PBQ simulations. Time management drills every session. The biggest mistake people make is spending 90% of their time reading and only 10% practicing. I flipped that in month 2 — and it made all the difference. Domain 1 — General Security Concepts What to focu...
Post a Comment
Read more

Every SOC Analyst Must Know These Windows Event IDs — Here's Why

Imagine you are the security guard of a massive office building. Every time someone enters, leaves, opens a cabinet, or tries to break in — it gets recorded in a logbook. Now imagine if that logbook could automatically tell you when something suspicious happened. That is exactly what Windows Event Logs are — the logbook of your Windows system, and for a SOC analyst, it is the single most important source of truth. In this blog, we will break down Windows Event Logs from scratch — what they are, how to read them, how to query them like a pro using PowerShell, and most importantly, which Event IDs you must memorize for your SOC analyst interview. Let's dive in. 1. What Are Windows Event Logs? Windows Event Logs are records that Windows automatically creates whenever something significant happens on the system — a user logs in, a service crashes, a file is accessed, an audit policy changes, a script runs. Think...
Post a Comment
Read more

Splunk in Plain English — A Practical SOC Guide

Imagine you are a detective, and every device on your network — servers, laptops, firewalls, cloud systems — is leaving footprints everywhere. The problem is there are millions of footprints every single day, scattered across thousands of different files. Your job is to find the one set of footprints that does not belong. That is exactly the problem Splunk solves. It is the platform that collects every footprint from every device, puts them in one place, and gives you the tools to find the suspicious ones — fast. In this blog, I will take you through Splunk from absolute scratch — what it is, how it works under the hood, how to write SPL queries like a pro, how to build dashboards and alerts, how to set up a SOC lab, and most importantly, the interview questions you will definitely face if you are going for a SOC analyst role. I have completed the TryHackMe Advanced Splunk rooms including SPL exploration, SOC lab setup, dashboards and reports, data manipula...
Post a Comment
Read more

Customer Care number frauds : Be careful regarding your google search

Awareness is necessity ALERT !! "Careful during searching on google for customer care number regarding online shopping, bank loan or online job search." The number you find on Google need not be real all the time. It can be a fake number. When you are looking for a customer care number, go to that particular site and search for their help centre section or contact us section. Don't search for such help centre numbers on other sites, as it can be fake. Here, I am sharing the latest case study of September 2020 regarding customer care fraud !! A person from Gujarat wanted to buy a mobile and he searched on an online website. Now he wanted to buy a mobile on the EMI installment, but he didn't know what was the procedure for EMI installment. He randomly searched on google for the customer care number of that online website and found a mobile number from some random website. He called that number, and the person on the other s...
Post a Comment
Read more

ઑનલાઇન બેંકિંગ છેતરપિંડી વિશે સાયબર સુરક્ષા ટીપ્સ

Awareness is necessity આજકાલ, ઓનલાઈન બેંકિંગ frauds દિવસેને દિવસે વધી રહી છે. ઈન્ટરનેટ ઉપયોગ, ઈન્ટરનેટ સુરક્ષા અને સાયબર ક્રાઈમ અંગે જાગૃતિ ક્રાઈમ ઘટાડવામાં મદદરૂપ થઈ શકે છે. તેથી અહીં કેટલીક Security guidelines પ્રદાન કરવામાં આવી છે જે તમારે બેંક ટ્રાન્ઝેક્શન દરમિયાન અનુસરવી જોઈએ. સેફ બેંક ટ્રાન્ઝેક્શન ટિપ્સ: SMS દ્વારા અથવા ઈમેઈલ દ્વારા મોકલવામાં આવેલ ATM PIN કોડ અને OTP "વન ટાઈમ પાસવર્ડ" કોઈપણ સાથે ક્યારેય જાહેર કરશો નહીં, પછી ભલે તે બેંકમાં કર્મચારી હોય, કારણ કે બેંક તમને તમારા ખાતા અથવા ક્રેડિટ કાર્ડના કોડ વિશે ક્યારેય પૂછતી નથી. બેંકિંગ વ્યવહારો કરવા માટે પબ્લિક કોમ્પ્યુટરનો ઉપયોગ કરવાનું ટાળો. જો તમે Public Wi-Fi દ્વારા ઈન્ટરનેટ સાથે જોડાયેલા હોવ તો ઈલેક્ટ્રોનિક બેંકિંગ વ્યવહારો કરવાનું ટાળો. વોટ્સએપ, ફેસબુક, ટેલિગ્રામ વગેરે પર, ઈમેઈલ, ચેટ્સ અથવા મેસેજમાં આપેલી કોઈપણ લિંક દ્વારા ખોલતી બેંકિંગ વેબસાઈટ પર બેંકની વિગતો અથવા ઓળખપત્ર ક્યારેય દાખલ કરશો નહીં. હંમેશા personal computer અને latest ઓપરેટિંગ સિસ્ટમ સાથે સ્થાપિત મોબાઇલ ઉપકરણો પર બેંકિંગ વ્યવહાર...
Post a Comment
Read more