Scammers are always on the lookout for new scamming techniques. Although these people are not tech geniuses, in fact far from it, they are quick in figuring out new looting methods every now and then.
This time, these scammers have cooked up a completely novel technique of scamming innocent people off their money. The e-SIM scam. This scam came into light when five people were arrested from Haryana based on the complaints registered in Hyderabad. Out of five people arrested, four of them belonged to Jharkhand’s Jamtara, a district famous for its cybercriminals and scammers, even inspiring a popular Netflix web series.
The questions are raised again upon the security and safety of a common man over the internet. The questions are raised again on the loopholes that are present in the current banking system. Although the system is taking all the precautions and measures required to inform people about these scams, somewhere, it is also the responsibility of the general public to stay aware and updated on their own knowledge about these scams.
In this particular case, the scammers are swapping the physical SIM cards on the mobile device that is present with you, with an e-SIM of the same number that will be with the scammers.
What is an e-SIM?
A SIM stands for “Subscriber Identity Module”. It authenticates your identity to your network provider. As the name suggests, e-SIM cards do away with the physical cards because the SIM technology is built-in directly in your mobile devices.
An electronic or embedded SIM card (e-SIM) is a small chip that serves the purpose of authenticating your identity to your telecom service provider. e-SIM cards are preferred over the traditional ones because they offer an easier protocol of switching network providers. e-SIM is one of the new technologies that has started gaining traction as various telecom operators such as Airtel, Jio and Vodafone have started providing people with the option to go for one. Presently this technology of e-SIM is present only on certain devices mainly high-end devices such as Apple iPhones and flagship Andriod phones.
Modus operandi of the e-SIM fraud
According to the police, what sets this case apart from other phishing cases is “the novel modus operandi adopted, and mind-boggling layering done by apparently low-tech offenders”.
The initial stage of this scam begins by acquiring a series of mobile numbers, that they then use to log in to bank accounts. If any number prompts an OTP, that number is given a call by posing as a customer care executive of that mobile operator offering to upgrade SIM cards or Know Your Customer (KYC) details.
In some cases, the person is informed via a message that the mobile number will be blocked within 24 hours because your KYC (Know Your Customer) details have expired.
After this, the person is contacted via call and scammers offer the person an upgrade of their SIM card to an e-SIM.
Before proceeding further
At this point, it is very important for you to know the process of converting your Physical SIM to eSIM. Only after this part, you will be able to better understand the modus operandi of this novel scam. So, just for reference, let’s see how to convert a physical Airtel SIM to an e-SIM. This process is mentioned on their official website.
Step 1: For converting your physical SIM to eSIM, there are a few steps which you would need to go through:
- For initiation of the process, SMS eSIM<>registered email id to 121
- A) If your email id is valid, you will receive a SMS from 121, confirming the initiation of the process. You would need to reply back with “1” to confirm the eSIM change request within 60 sec.
- B) If your email id is invalid, you will receive a SMS from 121, asking you to re-initiate the process with the correct email id, will also guide you on how to update the email id.
- Post receiving the confirmation sent by you for step”2″, you will receive another SMS from 121 asking you to provide consent over a call, failing which the SIM change request will get canceled.
- After providing your consent on the call, you will receive a final SMS from 121, regarding the QR Code which you will receive on your registered email id.
Step 2: QR Code received on your registered email id after completion of Step 1.
After the Step 1 is complete, you would receive a QR Code
on your registered email id. The eSIM activation would take
around 2 hours, please scan the QR Code immediately upon
receipt. Your existing SIM will continue to work during this period.
To initiate the process, the scammers send the person/victim an email containing the text that is needed to be sent to the official customer care number. Victims are then asked to forward the text containing the email ID (of the fraudsters) to the customer care of that particular telecom operator. The email ID belongs to the scammers so that they can register their email IDs to access the user’s bank information.
As mentioned above in the official process, once the message is sent, an auto-generated message is received regarding the eSIM activation. After this, another message is sent to the victim that contains a link to a Google form asking the victim to fill in details such as his bank account number, etc for the KYC updation.
Once the users fill in the personal details in the Google Form, the e-SIM is activated and a QR code is sent to the fraudsters (via email, as their email ID is registered under victims number). After this, the physical SIM card that is with the victim is rendered useless and is blocked. The victim’s number is now with the scammer. Now, the scammers can use the victim’s number to get the OTPs and enter the banking details in e-wallets to steal money from the victim’s account.
e-SIM fraud: Do’s and Don’ts
To stay safe from these e-SIM scams, one needs to follow certain steps:
- Not to believe the messages or calls received from the Cyber fraudsters in the name of updation of KYC documents
- Not to forward an unknown email id received from the fraudsters to the respective customer care numbers.
- Not to forward e-SIM requests as instructed by the fraudsters to any number, especially customer care numbers.
- DO NOT share bank account details on Google Forms.
- Read auto-generated messages carefully before opening any links or sending confirmation for e-SIM requests.
- If you have fallen prey to this kind of fraud, immediately send “NO SIM” to 121, to stop the e-SIM activation process.
KYC is done on a face to face basis only in particular centers. So avoid texts and calls requesting to update KYC. One should never forward mails or e-SIM activation requests on the directions of the fraudsters.
These are some of the ways, if followed, can save your hard-earned money from these scammers.
Stay Satark. Stay Vigilant.