Recently, there have been several reports of how people have lost money, sometimes even crores, due to illegal SIM swapping. SIM swapping has gained popularity among cybercriminals as an effective way to get past two-step verifications. Typically in SIM swapping a cybercriminal obtains a duplicate of your SIM card. However, in order to do this, they need access to your personal data such as ID, phone number and full name, email ID, birth date, etc, which they can get hold of using regular phishing techniques.
Then they can simply contact the mobile operator and impersonate you over the phone or the internet or even by visiting a physical store. Once they have a duplicate SIM, they can also get OTPs and verifications for the user’s bank account, etc. This is exactly how many of them are able to steal money from accounts, which is what has happened in the past.
According to Check Point Threat Intelligence Report, an organisation in India is being attacked on average 1783 times per week in the last 6 months, compared to 1645 attacks per organization in APAC region. The intention here is to steal personal data, which can be used by cybercriminals later. Further, India’s Computer Emergency Response Team (CERT-In) reports that the total number of phishing incidents in India has increased from 280 in 2020 to 523 in 2021, as have the number of ransomware attacks.
But how can users protect themselves against SIM swapping? Here are some tips shared by Check Point researchers.
Look out for loss of signal: One easy way to find out that there is a duplicate SIM card is that you will completely lose your mobile signal. This is because you will now have a phone with a SIM card with no access to a mobile network. As a result, you will no longer be able to make or receive calls and texts. If this happens, you need to contact the authorities immediately and your mobile operator so that they can deactivate the SIM being used by the cybercriminals, and start the process of recovering your data. If you do note that this happens, try to contact your bank as well to block any transactions immediately and alert them of a possible SIM fraud.
Be careful with personal data: This is the information that cybercriminals need to duplicate your SIM. This is why it’s so important to be careful about the websites you visit. Make sure the site in question is official and that it has all the various security measures in place, such as an encrypted connection.
Look out for the padlock symbol in the address bar, which shows that it has a valid security certificate and that the URL begins with HTTPS://, if it does not include the final -S://, it could be a risky page. Do not enter personal information on any site that asks for it, especially for sites whose links you might receive on a WhatsApp message.
Be aware of phishing: Look out for emails and text messages with spelling mistakes even if you know the sender. Pay close attention to the domain name to make sure it’s genuine. The same applies to strange-looking links or attachments. Often, these types of details are signs of a phishing attack.