A new method of electronic fraud has been detected. Indian authorities have received multiple complaints about a phishing scam in which perpetrators appear to exchange their potential victims’ SIM cards for electronic cards before gaining access to their bank accounts.
Threat actors have reportedly already gained access to around 300 bank accounts in five different provinces in India. The authorities are not yet clear how much the economic losses amount to, although five arrests have already been made related to this fraudulent campaign.
The authorities mention that the mode of operation of these hackers is much more sophisticated than it seems, as it all begins by collecting multiple phone numbers, which are used to log in to compromised online banking accounts. If these accounts request a login token, the criminals call the account owners pretending to be bank executives in order to extract the required information.
Subsequently the victim receives an email containing the message that should be sent to the official customer service number; this is a trick to register the victim’s email ID, which will allow the hackers to submit a request to convert the SIM card into an e-SIM, completely compromising the bank account.
During the fiscal period 2019-2020, banks in India were notified of more than 2,600 incidents of electronic fraud, resulting in losses of about 200 million rupees, an increase of more than 100% over 2018-2019. Over the current period, banks in India have detected at least 530 fraudulent transactions related to the commitment of payment cards and fraud over the Internet, generating about 27 million rupees in losses.
A couple of months ago, the Reserve Bank of India announced the implementation of some measures to raise awareness of the safe use of digital financial platforms. However, the authorities in India mention that the increase in this type of fraud is noticeable; so much work is still to be done to reduce the incidence of such crimes.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.