‘SIM card swap’ scam: Malware-infected email used to clone accountant’s personal details in Rs 50-lakh fraud against Ghatkopar firm\, say police

‘SIM card swap’ scam: Malware-infected email used to clone accountant’s personal details in Rs 50-lakh fraud against Ghatkopar firm, say police

Police said in September 2018, the Ghatkopar firm, dealing in sales and services of marine equipment, was cheated in a manner where bank transfers from its account took place illegally.

Written by Mohamed Thaver | Mumbai | Published: July 16, 2020 1:00:40 am
mumbai cyber fraud, mumbai company duped, mumbai company cyber fault case, mumbai crime branch, indian express news Senior Inspector Nitin Alakhnure from Ghatkopar police station said, “The three accused are currently in judicial custody.” (Representational)

TWO YEARS after a Ghatkopar-based company was duped of Rs 50 lakh in an alleged cyber fraud, police have arrested three persons, who helped prime culprits in the scam. Interrogation of the trio has revealed how the scam called ‘SIM card swap’, which targeted several companies in the city over the past few years, is carried out, police said, adding that they have also learnt that malware-infected mass emails sent to big business houses helped fraudsters, against hacking as was earlier believed to be the case.

Last week, a team from the Mumbai Crime Branch, led by Assistant Inspector Anand Bagde, received a tip-off that a Mira Road resident, identified as Sandeep Gautam (37), who helped the fraudsters in the scam and fled to his village, had returned. Police arrested him and, based on his interrogation, two more persons were arrested and handed over to the Ghatkopar police station.

According to police, during their interrogation, it came to light that the fraudsters were based out of Nigeria, who looked up email addresses of big corporations in Mumbai and sent them mass malware-infected emails. If any employee clicked on the link of the e-mail, their details would be sent to Nigeria.

Police said in September 2018, the Ghatkopar firm, dealing in sales and services of marine equipment, was cheated in a manner where bank transfers from its account took place illegally.

The accountant, authorised to receive one-time password (OTP) on her mobile phone number before any payment, found that her number had been disabled and a new SIM had been issued with the same number, police said.

“The accused monitored the activities of the accountant and gained access to the company’s account number and password,” an officer said, adding that their next step was to bypass the OTP system.

Police further said this is where Gautam’s services came in. He earlier worked with a mobile service provider, and used a fake passport with the accountant’s photo to procure a new SIM card under her name, claiming she had lost her phone, they added.

So while she lost connectivity to her SIM card, Gautam now received the OTP, police said, adding that by the time she would realise her phone did not have network, the transactions were carried out.

The two other accused, police said, were involved in helping out with bank accounts, where the money could be transferred since directly sending the money to Nigeria would raise suspicion.

“This is a well-oiled network that begins with an employee clicking on these malware-infected emails; then duplicate SIM cards are procured for those who allow their bank accounts to be used for a small commission,” the officer said.

Senior Inspector Nitin Alakhnure from Ghatkopar police station said, “The three accused are currently in judicial custody.” An officer said they were still probing the case and more arrests were likely.

© The Indian Express (P) Ltd