The old ‘SIM swapping fraud’, where fraudsters would take control of your mobile number by tricking you and your telecom provider, has evolved into something more sinister, deadly and slimy – the eSIM fraud – where fraudsters do not need to get physical access to your SIM.
The hack is executed remotely, and recently, a 44-year-old woman in Noida was duped of Rs 27 lakh after falling victim to this hacking scam on the pretext of converting her physical SIM card into an embedded SIM (eSIM). The accused also took a loan of Rs 7.40 lakh on her name using her hacked mobile number.
Advertisement
What is eSIM Fraud?
eSIM is a digital SIM built into mobile devices which eliminates the need for a removable physical SIM card. The growing adaptability of eSIM technology, which offers a more integrated way to manage mobile connectivity, has also introduced new security challenges.
eSIM cards, unlike physical SIM cards, cannot be easily swapped or tampered with, but they can be reprogrammed remotely. Scammers exploit this by tricking unsuspecting users into surrendering control of their mobile number, often through phishing schemes.
How The Scam Unfolded For The Noida Victim
On August 31, 2024, Jyotsana Bhatia, a resident of Sector 82, Noida, and an employee at a private firm, received a WhatsApp call from someone posing as a customer care executive from her telecom service provider. The scammer introduced her to a ‘new eSIM feature’, and told her it would make mobile connectivity more secure for her in case of a phone loss.
Advertisement
Over the call, the scammer convinced Bhatia to activate the eSIM feature by following a set of instructions. She was asked to enter a code sent to her via SMS. The moment she followed through with the instructions, her phone number was deactivated.
Despite assurances from the fraudster that a new SIM card would be delivered by September 1, 2024, it never arrived. When Bhatia realised something was amiss, she contacted the customer care helpline, who advised her to visit a service centre for a duplicate SIM card. She managed to get her phone number back on September 3, 2024, but by then, it was already too late.
Bhatia began receiving messages from her bank indicating suspicious activity. To her horror, the scammer had used her deactivated mobile number to access her mobile banking applications. The accused liquidated her fixed deposit, siphoned off money from two of her bank accounts, and took out a loan of Rs 7.40 lakh on her name. In total, the scammer drained Rs 27 lakh from her accounts through multiple transactions.
Bhatia later filed an FIR with the police under sections 318(4) (cheating) and 319(2) (cheating by personation) of the Bharatiya Nyaya Sanhita, along with relevant sections of the IT Act. The matter is currently being investigated.
Advertisement
How To Avoid eSIM Fraud?
In Bhatia’s case, the scammer first called her on ‘WhatsApp’ and then convinced her to follow specific steps that ultimately handed control of her mobile number to them. Once they had access to her phone number, they were able to intercept one-time passwords (OTPs) and verification codes needed to access online banking and other sensitive accounts.
Here are a few things to be aware of to keep yourself safe from such scams:
1] Be Skeptical of Unsolicited Calls or Messages: Scammers often pose as customer service representatives but reach out to you via unofficial means of communication. For instance, a genuine customer care person would typically never directly call you on WhatsApp for an update. Therefore, you must always verify the caller’s identity by calling your service provider directly through official contact numbers rather than responding to unsolicited calls or messages.
Advertisement
2] Double-Check Instructions Before Following Them: If you are asked to ‘immediately’ follow through with some actions on your phone or in your SIM card application, especially by someone calling you unexpectedly, double-check their instructions with your service provider. Ideally, do not go through with such unexpected updates until they you have received communication about executing such actions through multiple official channels, such as email, calls from official number and verified texts.
3] Don’t Share OTPs or Verification Codes: Never share OTPs or other verification codes received on your phone. Legitimate telecom companies or banks will never ask for these codes over a phone call or message.
Advertisement
4] Monitor Your Bank Accounts and Mobile Activity: Regularly monitor your bank account for unusual transactions. If you notice any unusual activity, such as your phone number being deactivated without your request, contact your bank and telecom provider immediately.
5] Enable Two-Factor Authentication (2FA): Use two-factor authentication for your online accounts whenever possible. This adds an extra layer of security by requiring two forms of identification, such as a password and a code sent to your phone and a series of personal questions that only you can answer.
6] Report Suspected Fraud Immediately: If you suspect that you have been targeted by an eSIM or SIM swap scam, report it immediately to both your telecom provider and the police. Time is crucial in preventing financial losses in such scams.
Advertisement
What To Do If You Are A Victim?
However, if you have already fallen victim to any such eSIM card scam, you must act fast and take the following actions.
1] Contact Your Telecom Provider: Request the immediate deactivation of the SIM and ask for a duplicate/replacement SIM card for the time being.
2] Inform Your Bank: Call your bank to block all transactions from your accounts and change your account access credentials.
3] File a Police Complaint: Lodge an FIR with the cybercrime branch of the police to initiate an official investigation and prevent any further financial losses.
As digital scams continue to evolve with rapidly evolving technology, you need to be extra cautious before believing any unsolicited communication asking you to execute sudden ‘updates’ on your SIM or your account.
