Uttarakhand Police, in coordination with the Union Ministry of Home Affairs, uncovered an international cyber fraud racket on Monday, arresting the mastermind from Manglaur in Haridwar district. The gang had been sending SIM cards to cybercriminals across Southeast Asia, facilitating fraud amounting to over Rs 1 crore.
The accused had activated over 20,000 SIM cards, which were then sold to criminals not only in India but also in countries such as China, Thailand, Cambodia, Myanmar, Vietnam, and Malaysia. These SIM cards allowed cyber thugs to commit fraud across borders, Uttarakhand police revealed.
"1,816 SIM cards, two cheque books, five mobile phones, and two biometric devices were recovered from the accused," IG Law and Order) Nilesh Anand Bharne said during a press briefing.
How did the gang operate?
Bharne explained, “The accused would visit homes, targeting women with fake government schemes or offers like gift hampers. In exchange for Aadhaar cards and thumbprints on biometric devices, he fraudulently activated thousands of SIM cards.”
These SIM cards, obtained under fake identities, were sold at prices ranging from Rs 3 to Rs 50 per OTP on ‘WhatsApp OTP groups,' which were reportedly managed from China and Cambodia. Cybercriminals used these groups to activate Indian SIMs and make WhatsApp calls, luring victims with promises of quick earnings through online investments.
Extent of the fraud
More From This Section
The police estimate that over Rs 1 crore has been stolen from people across India using this method.
Easy access to SIM cards fuels fraud
SIM cards registered with fake or stolen IDs are readily available in India. Shobhit Goyal, CEO and co-founder of BeFiSc, an identity verification and fraud management platform, shared insights into how fraudsters acquire them. “SIM cards can be bought on the black market, with numbers sold for as little as Rs 500 on platforms like telegram channels,” he said. He also pointed out that the dark web is a common source for bulk purchases of SIM cards and virtual numbers.
According to data from BeFiSc, 80-90% of fraudsters rely on new or stolen numbers, with 70% of these not linked to any UPI IDs.
Fraudsters' tactics: How do they avoid detection?
Goyal explained how fraudsters use different strategies to stay off the radar:
Short-term scams: Scammers switch numbers right after contacting victims to avoid being tracked.
Banking scams: After collecting sensitive data, fraudsters immediately change numbers to prevent law enforcement from tracing their activities.
International telecom services: Some fraudsters use SIM cards from countries with lax telecom regulations.
Caller ID spoofing: Apps that allow caller id manipulation are commonly used in these operations.
eSIM technology: Fraudsters can digitally switch between multiple numbers without a physical SIM card.
Goyal also noted that it's easy to obtain numbers from places like Jharkhand, Orissa, Bihar, and Assam, where frauds are more prevalent in tier-three cities.
Common fraud techniques
Fraudsters often use multiple numbers within a single scam. According to BeFiSc, other tactics include:
Geographical switching: Acquiring numbers from different regions to evade detection.
Time-based switching: Changing numbers at set intervals.
Bulk number usage: Especially in large-scale scams like telemarketing or phishing, fraudsters buy numbers in batches.
How can people and businesses protect themselves?
Goyal suggested that businesses can use BeFiSc’s mobile number API to verify:
1. The age of phone numbers,
2. When the last identity was changed,
3. Location proximity,
4. Whether the number is linked to a UPI ID, and
5. The official banking name.
Individuals can check for UPI ID linkage by typing the phone number into any UPI app to verify the user's official banking name.
Spotting red flags in fraud calls
Some common warning signs for fraudulent calls from new numbers, according to Goyal are:
Urgent or threatening language: Callers demanding immediate action or threatening consequences.
Requests for sensitive information: Asking for OTPs, passwords, or banking details.
Unverified identity: The caller claims to be from a known organisation but can’t provide verifiable credentials.
Unrealistic offers: Calls offering rewards or investments that seem too good to be true.
Unusual payment requests: Fraudsters often ask for payment via gift cards, wire transfers, or e-wallets.