e-SIMs fraud is a growing threat – one that many people are unaware of how it works.

This scam involves criminals fraudulently converting your physical SIM card into an electronic (e-SIM) through a telecom service provider. Once activated, scammers can intercept OTPs, phone calls, and SMS alerts, enabling them to carry out unauthorised financial transactions on your bank accounts.

How does the scam happen

Scammers gather personal information through:

• Social media
• Social engineering tactics (phishing, vishing, etc.)
• Stolen data from the dark web.

They then contact your telecom service provider, impersonate you, and request an e-SIM activation.

Modus Operandi

The fraudster initiates contact with the victim by phone, falsely claiming to represent a telecom service provider and offering a free service upgrade with additional benefits.

• Unauthorized Login Initiation
  The fraudster opens the telecom providers application and chooses the login option using the victims “mobile number and One-Time Password (OTP)”, bypassing the username and password login method.
• OTP Social Engineering
  By entering the victim’s mobile number into the application, an OTP is automatically sent to the victim’s mobile device. While maintaining the phone conversation, the fraudster convinces the victim to share the SMS OTP, often under the pretext of verification or service activation.
• Account Accessed
  Using the shared OTP, the fraudster successfully logs into the victim’s telecom providers account.
• E-SIM Registration
  Once inside the account, the fraudster navigates to Services → SIM Management → SIM Swap and initiates a request to convert the victim’s physical SIM into an eSIM.
• Terms & Conditions Acceptance
  The fraudster reviews and accepts the SIM swap terms and conditions on behalf of the victim without their knowledge.
• E-SIM Activation OTP
  A second OTP, required to complete the SIM Swap /e-SIM activation, is sent to the victim’s mobile. The fraudster persuades the victim to share the OTP as well, completing the e-SIM registration.
• Impact
  After activation, the victim’s physical SIM is deactivated, and control of the mobile number is transferred to the fraudster’s e-SIM. This allows the fraudster to intercept calls, SMS, and OTPs, enabling financial fraud.

What are the signs you’ve been targeted?

• Your phone suddenly stops working.
• You’re unable to access digital banking channels.
• You may receive an SMS from your telecom provider about a SIM activation.

How to protect yourself from e-SIM fraud?

• Be alert to social engineering tactics.
• If your mobile number is inactive or out of range, contact your telecom service provider immediately.
• Notify Commercial Bank if your registered mobile receives OTPs to authorise transactions.
• Immediately change your bank account passwords and card PINs.
• Register for regular email alerts for banking transactions to stay alert, even if your SIM is deactivated.
• Periodically review your bank account statement to confirm all transactions are authorised by you.
• In the event of suspected fraud, contact 4449 5545 immediately to block your account(s) and minimise further risk.