E-Sim Fraud & Prevention
What is e-sim?
Some mobile service providers have introduced eSIM- enabled mobile phones which do not require a physical SIM card.They have a small chip inside the phone and the information on this eSIM is rewritable so the customer can change the operator easily.
- The victim usually receives a message warning that his/her SIM card will be blocked, which goes something like: “Dear customer, your SIM card will be blocked in 24 hours.” Or “Please update your eKYC verification.” These criminals call the network users in the name of customer care executives and ask them to request for e-SIM activation.
2. After the message, fraudsters call their victim pretending to be telecom company’s customer care executive; say from Airtel, Reliance Jio or Vodafone-Idea.
3. The message, which looks like from the customer care cell of a mobile service provider, asks customers to click on a link and fill a form. This form can ask for multiple type of information like Bank Details, PII, etc.
Users are then asked to forward an email ID (sent by the fraudsters) to the customer care of that particular telecom operator. The email ID belongs to the scamsters so that they can register their mail IDs. Once the message is sent, an auto-generated message is received regarding the eSIM activation, following which another message is received that contains a link to a Google form asking users to fill in details for the KYC updating.
4. After getting their own email ID registered with the victim’s mobile number, the caller then asks the victim to forward an eSIM request to the service provider with registered email ID. They deceive the user into forwarding an e-mail sent by the service provider on their registered e-mail addresses.
eSIM is activated and a QR code is sent to the fraudsters (via email) for them to access the user’s phone number as the physical SIM card gets blocked. This way, the scamsters can use the phone number to get OTPs and enter the banking details in e-wallets to steal money from people.
5. Once the eSIM service gets activated, the activation QR code for eSIM goes to the email ID given by the fraudster.
6. After eSIM activation, the physical SIM that is running in the victim’s phone automatically gets blocked.
7. The fraudster registers the eSIM with digital wallets and links it to victim’s bank accounts to steal money. Following which, the victims are made to fill in their details, including bank details, in a google form. That is how the criminals get access to the bank accounts of these users.
Mitigation:
In case you have fallen prey to such a scam, you should immediately send “NO SIM” to 121 (Customer Care Number of Bharti Airtel). This will stop the e-SIM initiation process.
Never Respond to phone calls asking for personal information like bank details, or passwords.
