Hackers use an e-SIMs phishing attack to cash out people’s bank accounts. New scam

A new method of electronic fraud has been detected. Indian authorities have received multiple complaints about a phishing scam in which perpetrators appear to exchange their potential victims’ SIM cards for electronic cards before gaining access to their bank accounts.

Threat actors have reportedly already gained access to around 300 bank accounts in five different provinces in India. The authorities are not yet clear how much the economic losses amount to, although five arrests have already been made related to this fraudulent campaign.

The authorities mention that the mode of operation of these hackers is much more sophisticated than it seems, as it all begins by collecting multiple phone numbers, which are used to log in to compromised online banking accounts. If these accounts request a login token, the criminals call the account owners pretending to be bank executives in order to extract the required information.

Subsequently the victim receives an email containing the message that should be sent to the official customer service number; this is a trick to register the victim’s email ID, which will allow the hackers to submit a request to convert the SIM card into an e-SIM, completely compromising the bank account.

During the fiscal period 2019-2020, banks in India were notified of more than 2,600 incidents of electronic fraud, resulting in losses of about 200 million rupees, an increase of more than 100% over 2018-2019. Over the current period, banks in India have detected at least 530 fraudulent transactions related to the commitment of payment cards and fraud over the Internet, generating about 27 million rupees in losses. 

A couple of months ago, the Reserve Bank of India announced the implementation of some measures to raise awareness of the safe use of digital financial platforms. However, the authorities in India mention that the increase in this type of fraud is noticeable; so much work is still to be done to reduce the incidence of such crimes.