All a fraudster needs to carry out the SIM swap fraud are the name and mobile number of an individual Image Credit: Supplied

DUBAI Banks in the UAE are cautioning customers against a new fraud in which swindlers gain access to SMS notifications and One Time Passwords (OTPs) sent to your mobile phone.

All a fraudster needs to carry out the SIM swap fraud are the name and mobile number of an individual, an Abu Dhabi-based bank warned through an email alert.

Once the target is identified, the email said, the fraudster – pretending to be a resident who has lost his SIM – asks the service provider for a replacement. Based on the request, the service provider may deactivate the existing SIM and issue a new one through which tricksters can gain access to all personal banking notifications, including OTPs, the email said as it explained the scam in just four steps (see box).

Mobile alert

The notification warns customers to protect themselves against the fraud by keeping an eye out for messages like ‘SIM not registered’.

“This is a serious issue and should be addressed immediately,” said Prasad, an Indian executive who received the email alert last week.

However, a spokesperson from telecom operator du said as per their company policy, the registered mobile number owner has to present valid documentation like Emirates ID or passport at their retail shops when requesting a SIM swap. “This is to prevent any fraudulent action or breach of our customers’ mobile lines. In case of any fraudulent action, we advise our customers to immediately report the details to our customer care for us to take swift action,” he said.

Etisalat also maintains a strict policy on SIM swap. According to information shared with XPRESS by the telecommunications services provider, no SIM replacement is done until a customer provides the original Emirates ID or passport.

Anatomy of a scam

1. Fraudster obtains your name and mobile phone

2. Then requests the mobile operator for a replacement SIM pretending to be you and claiming loss or malfunction

3. Mobile service provider deactivates the existing SIM and issues the new SIM

4. The fraudster now receives all confidential banking notifications, including OTPs