Cyberabad police have exposed an inter-state cyber fraud racket that used eSIM manipulation, SIM swapping tactics, and OTP diversion to steal money from bank customers. The case underlines how criminals are mixing telecom fraud with banking deception to bypass normal security checks and move money fast.
Investigators said the accused impersonated staff from a bank’s premium credit card division and contacted victims under the guise of DoT verification. They persuaded targets to convert eSIMs into physical SIM cards, then sent preloaded mobile devices carrying malicious apps, which helped redirect OTPs and banking alerts to the fraudsters.
Once the OTPs were diverted, the gang could access bank accounts, authorize transfers, and siphon off funds before the victims understood what had happened. Police said six people were arrested in the case: Selim Mondal, Abdul Alim SK alias Mittu, Saiyad Hasim Reza alias Tippu, Mijanur Rahaman Shaik, Bansidhar, and Mehebub Alam Ansary alias Suraj. The fraud amount was put at Rs 77.75 lakh, and police recovered Rs 15 lakh in cash during searches at the accused persons’ homes.
The bigger concern is that this type of scam is highly scalable. It does not depend on hacking a bank’s servers; instead, it exploits human trust, weak verification habits, and the phone number as a security key. If a criminal gets control of your SIM or eSIM flow, they may also gain access to banking apps, password resets, and other sensitive services that rely on SMS verification.
Mitigation tips
To stay safe from this type of eSIM banking fraud, never share OTPs, PINs, card details, or recovery codes with anyone over call, SMS, or WhatsApp, even if the caller claims to be from a bank or telecom company; verify any eSIM or SIM change request only through your operator’s official app, website, or helpline; avoid clicking suspicious links or scanning unknown QR codes.
Additionally, do not insert a SIM into any courier-delivered or unfamiliar device; enable banking alerts, use strong passwords and authenticator apps instead of SMS-based verification where possible; and if your phone suddenly loses signal or you suspect a SIM hijack, immediately contact your mobile provider, freeze transactions with your bank, and report the issue through India’s cybercrime helpline 1930 or the official cybercrime portal.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: