Security awareness from MOHA against cyber crooks regarding eSIM registration process

A relatively new service for smartphone users, an eSIM, or an electronic SIM, is becoming the latest ploy used by cyber fraudsters to cheat people of their money.

According to a recent tweet by Cyber Dost, the cyber security awareness Twitter handle of the Ministry of Home Affairs, cyber crooks are now calling potential victims on the pretext of registration for e-SIM services. Pretending to help the victim in the registration process, they convince the person to part with his or her bank details and personal information, which are then used to steal their money.

In the tweet, Cyber Dost warned citizens not to disclose any personal information to unidentified callers. It also asks people interested in shifting to an e-SIM to visit the official website or an authorised outlet of the telecom service provider for e-SIM registration.

“Never disclose any



personal information to any unknown caller asking for E-Sim registration. For E-SIM Registration, may visit the verified website or authorised outlets of concerned telecom operators,” the tweet read.

What the crooks do is convince the victim, mostly with enticing offers, to switch to an e-SIM. Once the victim agrees and parts with information, including bank account details, and other details of the phone and service provider, the crooks create an e-profile on the victim’s phone. They then activate the e-SIM, without the victim’s knowledge, and carry out bank transfers since the mandatory OTP goes to the e-SIM.

Once an e-SIM is activated, text messages stop going to the old SIM, which in fact buys time for the crooks to carry out the fraudulent transactions since the victim gets to know very late that his or her account has been hacked into and money stolen.