No name, no hyperlink, no Clue: This Bengaluru youth loses ₹7.2 lakh in SIM swap fraud
A 27-year-old Bengaluru resident misplaced ₹7.2 lakh from his checking account in a classy SIM-swap fraud that unfolded with out a single cellphone name, suspicious hyperlink or direct interplay with scammers, as per reported by The 420.
In line with cybersecurity consultants, the fraudsters managed to switch the sufferer’s cell quantity to a different SIM card with out his information, permitting them to intercept banking One-Time Passwords (OTPs) and transaction alerts. The incident highlights a rising risk wherein criminals can acquire entry to financial institution accounts with out tricking victims into clicking malicious hyperlinks or sharing delicate data.
Do not Miss: ‘Cockroaches rocked’: Prakash Raj helps CJP’s Protest demanding Dharmendra Pradhan’s resignation
No name, no hyperlink: How the fraud unfolded
In a typical SIM-swap assault, fraudsters switch a goal’s cell quantity to a SIM card underneath their management. As soon as the switch is full, all OTPs and banking notifications are routed to the brand new gadget, giving criminals entry to on-line banking providers. As a result of the compromise takes place on the telecom community degree, victims typically stay unaware till cash has already been withdrawn from their accounts.
The SIM lock characteristic many customers overlook
To cut back the chance of such assaults, safety consultants suggest enabling a SIM lock on smartphones. The characteristic requires a Private Identification Quantity (PIN) earlier than the SIM can hook up with a community, including an additional layer of safety even when a SIM card is cloned, stolen or fraudulently ported.
On Android units, customers can activate the characteristic by going to Settings, then Safety & Privateness, choosing Extra Safety Settings and enabling the SIM Card Lock possibility. The gadget will then immediate customers to create a PIN. Consultants warning that getting into an incorrect PIN 3 times can lock the SIM, requiring a Private Unlocking Key (PUK) from the telecom operator to revive entry.
For iPhone customers, the setting may be enabled via Settings, then Mobile, adopted by the SIM PIN part. Safety professionals advise towards utilizing simply guessable combos comparable to “0000” or “1234” as PINs.
Why consultants are shifting away from SMS-based OTPs
Consultants additionally suggest shifting away from SMS-based two-factor authentication for crucial accounts comparable to Gmail and web banking. As an alternative, customers ought to contemplate devoted authentication apps like Google Authenticator or Microsoft Authenticator. Not like SMS OTPs, these functions generate time-sensitive codes immediately on the gadget, making them resistant to interception via SIM-swap assaults.
The warning signal you need to by no means ignore
Shoppers are additionally urged to pay shut consideration to sudden and unexplained lack of cell community service. If mobile connectivity disappears and doesn’t return after restarting the cellphone or toggling Airplane Mode, customers ought to instantly contact their telecom supplier. The place doable, they need to go to an authorised retail outlet so technicians can confirm whether or not the quantity has been fraudulently ported and situation a substitute SIM if essential.
The Bengaluru case serves as a reminder that cybercriminals not want victims to click on on suspicious hyperlinks or share passwords. In some instances, merely taking management of a cell quantity may be sufficient to empty a checking account.
