GURUGRAM: Nidhi Sharma, a resident of Sector 10A, recently received a call from a person who claimed to be an executive of her mobile service provider. He offered to link her SIM with her Aadhaar number. When she agreed, the caller asked her to share her Aadhaar number and forward a text message with a 20-digit SIM number, which he gave her, to the customer care. She did exactly as told. Within 48 hours, Rs 1 lakh was withdrawn in several parts from her bank account . Her mobile SIM, in the meantime, got deactivated.

In a similar case, 27-year-old Neelam Mishra, a resident of Sector 43, lost Rs 80,000. She had not linked her Aadhaar number with her SIM and received a call, asking her to forward a text message to the three-digit customer care number.

SIM swap fraud — which hit the US and Europe several years ago — is now a serious threat here and cases have been on the rise in recent months. The targets are mostly senior citizens and women, police say. As many as 985 complaints related to mobile phone banking fraud, including SIM swapping, has been filed with the cyber cell of Gurgaon police in the first six months of this year. The number of cybercrime cases registered daily on an average is 11 and the total number of cases registered till June 20 was 1,728. FIRs have so far been registered only in 23 cases and none of them has been solved. On an average, nine cybercrime cases were registered daily in 2017 as well.

In her police complaint, Sharma said she had been subscribing to the same cellphone service provider for the last 10 years. After her SIM got deactivated, she noticed alerts on her email id about netbanking logins and realised she had been cheated and called her bank, asking it to block her account. But Rs 1 lakh had already been withdrawn in three transactions (Rs 50,000, Rs 25,000 and Rs 25,000).

The targets of SIM swapping are not random. Fraudsters identify targets based on their social media profile and collect personal data from internet and by targeting phones and personal computers with malware, phishing mails and Trojans. Making the call is really the final step. All they need is to clone the SIM so that the person they are cheating does not receive SMS alerts and they get access to one-time passwords.

Anand Yadav, in-charge of the cyber cell of Gurgaon police, said, “Fraudsters don’t ask for personal details. Victims are told to share their Aadhaar number and forward a text message. Most people fall for this without realising that fraudsters already have their banking details and only need access to their mobile phone to receive one-time passwords (OTPs) for banking transactions.”

According to cyber cell officials, SIM swapping is the second phase of a fraud attack after a victim’s banking details have been stolen through phishing emails or from shopping websites, infected advertisements on social media or mobile apps. Fraudsters can easily source blank SIMs from the dark web where buyers and sellers remain anonymous and transactions are discreet.

What is bothering local police, though, is how texts sent to a service provider’s customer care number are landing up with the fraudsters. They suspect it might be done with the help of people working the telecom companies.

Representatives of leading telecom service providers told TOI they had been alerting customers about SIM swapping, urging them to be cautious about calls on Aadhaar verification. “Do not share OTPs and avoid sending SMSs with 20-digit numbers. We frequently alert customers through SMSs,” said a representative of one company, adding telecom firms never make calls for Aadhaar verification.

Gurgaon police commissioner KK Rao said, “The rise in cybercrimes is a major challenge and a new cyber cell police station has been opened to deal with such cases. Many new recruits with sound technical knowledge have been posted with the cyber cell.” He added that the cyber cell had trained personnel as well as advanced facilities for cyber forensics, call details analysis and similar functions.

“Cyber fraudsters keep updating their methods with new technologies but laws have not been able to keep pace with them,” said Deepak Kumar, digital forensics examiner. People, he said, need to be on alert while opening emails, clicking on links, pictures, etc and visiting websites, so that their system is not compromised and their personal data is not leaked.

