Listen to this article in summarized format
A SIM card is a very crucial link in our connected world. Without a SIM, you can’t use UPI, access bank OTPs , communicate with anyone, get online and even use maps.
Income Tax Guide
Income Tax Union Budget FY 2026-27 LiveIncome Tax Slabs FY 2025-26Income Tax Calculator 2025
A few years ago, an Indian Army soldier faced this dangerous fraud called ‘SIM Swap fraud’ when he was posted inside a remote area in Kashmir. The fraudster managed to get a duplicate SIM card issued in his name using his personal information. Since a mobile number can’t be active on two SIM cards at once, the service provider deactivated the soldier’s SIM and allowed the fraudster’s SIM to remain active.
The fraudster then accessed the soldier’s bank account and took out his cash. He also tried to access his other information. By the time the soldier realized what was happening and went to the nearest city, the fraud had already taken place. He later filed a case against the service provider and won compensation from the National Consumer Disputes Redressal Commission (NCDRC), but this took time.
But in case of UPI, there is another additional safety feature. Even if a fraudster pulls off a SIM Swap fraud and gets a duplicate SIM in your name, the new phone won’t be able to access the UPI app without your Aadhaar number or bank debit card details.
What is SIM swap fraud?
SIM swap fraud is a form of identity-based cybercrime where attackers take control of a victim’s mobile phone number by tricking or manipulating a telecom provider into transferring the number to a new SIM card.
Once the number is hijacked, criminals can intercept one-time passwords, verification codes, and calls meant for the victim, effectively bypassing SMS-based security. This attack often starts with personal data gathered through phishing, data leaks, or social engineering, which is then used to impersonate the victim.
Jaydeep Singh, General Manager for India at Kaspersky India said: “After the SIM is swapped, access to email, banking, social media, and cryptocurrency accounts can quickly follow. The damage is often immediate, as victims may lose service while attackers drain accounts or lock users out.”
Singh shares his practical experience and says that on a regular basis, they see SIM swap fraud as a growing risk tied to over-reliance on SMS authentication, and their expertise consistently shows that stronger account protection, app-based authentication, and real-time threat intelligence are essential for reducing exposure to this type of attack.
What steps should consumers take if they suspect they have been a victim of SIM swap fraud?
In some phones, you can lock the SIM card also. For SAMSUNG users, the way to lock SIM is here: https://www.samsung.com/sg/support/mobile-devices/how-to-set-up-sim-card-lock-on-samsung-mobile-device/
Singh says that if consumers suspect they have been hit by SIM swap fraud, immediate action is critical to limit the damage.
Singh says the first step is to contact the mobile service provider right away to report the incident, suspend the compromised SIM, and regain control of the phone number. Next, affected users should reset passwords for key accounts such as email, banking, social media, and cloud services, starting with the most sensitive ones.
Singh says: “It’s also important to review recent account activity for unauthorized transactions and alert banks or financial institutions if anything suspicious is found. Consumers should enable stronger authentication methods, such as app-based or hardware-backed authentication, instead of relying on SMS codes.
Does SIM binding technology solve SIM swap fraud?
According to Singh, SIM binding technology helps reduce the risk of SIM swap fraud, but does not eliminate the threat on its own. It works by linking an online account to a specific SIM card or device, making unauthorized access more difficult even if a phone number is successfully hijacked.
Singh says: “However, cybercriminals continue to evolve their tactics, often combining SIM swapping with phishing, malware, or full account takeover techniques to bypass single-layer defenses. As a result, relying solely on SIM binding can create a false sense of security.”
Singh says that SIM swap fraud remains effective largely because many digital services still depend heavily on SMS-based verifications.
Singh says: “Our advice is to view SIM binding as an important security layer and strengthen it with app-based authentication, continuous account monitoring, and installing a cybersecurity solution in your devices.”
Technical background of how SIM Binding works and how it can be a solution to the cyber fraud problem
According to Singh, SIM binding works by technically linking a user’s account access to a specific SIM card, device, or a combination of network identifiers, rather than relying only on a phone number for authentication.
Singh says: “When a login or transaction attempt occurs, the system checks whether it originates from the trusted SIM or device profile, helping detect anomalies that may indicate a SIM swap.”
According to Singh, if the SIM has been changed or reissued without authorization, access can be restricted or flagged for additional verification. This directly reduces the effectiveness of SIM swap attacks that depend on intercepting SMS-based codes.
Singh says: “However, SIM binding is not foolproof on its own, as cybercriminals may still use phishing or stolen credentials. Our advice is to deploy SIM binding as part of a layered security strategy, combining it with app-based authentication, continuous monitoring, and advanced threat intelligence to meaningfully reduce cyber fraud risks.”
aniltikotekar4sme.com 