SIM Box fraud is a type of interconnect bypass fraud in telecom. Simply put, SIM Box is a device used to route Voice over Internet Protocol (VoIP) calls through to local traffic by connecting to local GSM networks using one or more SIM cards, hence avoiding international calling tariffs. The device allows a user to connect a multitude of SIM cards (from 20 to 500) to a single connection to send text messages and route calls. Such SIM cards are procured typically using fake identities to commit fraud or other illegal activities.

This modus operandi is a big looming challenge to telecom companies, Law Enforcement Agencies and National Security, at large. The MO is also sophisticated, costly and becoming highly prolific with the availability of cheaper devices, tons of breached identities and low-cost SIM cards. The use of such devices for fraudulent and illegal purposes is an issue at many levels with several negative ramifications.

1. Most importantly for those in the fraud/scam detection domain these are used indiscriminately to generate phishing and scam texts.
2. There is a cost in terms of National security as such calls are harder to trace than VoIP calls. And this technology is known to have been used by terror outfits, extortion racketeers and in espionage by foreign military intelligence organizations, as well.
3. It causes significant leakage to the revenues of Telecom companies and taxes.

Early this year, the rural cybercrime police of a small town called Tirupur busted a SIM box racket working for foreign loan apps such as Candy Pay, Easy Loan, Lucky Money etc. for a commission. (The accused were using apps like iTel and VOS VoIP.) As part of the raid, 11 SIM boxes, 6 modems and 500 SIM cards were seized. There have been many such seizures big and small across the length and breadth of India, attached to various crimes ranging from financial fraud to terrorism. So, while SIM boxes may seem like a harmless cheap international calling substitute for Indian expats living overseas (in countries where WhatsApp is banned), the innocuous sounding SIM box has proven to be a far more insidious threat to society.

One policer officer in an Ahmedabad raid team, remarked, “The only way to track such boxes is when customers report the numbers.” (And so, you should – report such numbers to the Phishbowl app). Law enforcement agencies remain quite restricted in terms of what they can do to detect these. The telecom companies though, have tons of data at their disposal and their FMSs can run intensive machine learning algorithms to identify these fraudulent numbers and SIM box locations. They employ some indicators such as the numbers being stationery. (In one case in Gujarat, scammers had installed a portable SIM box in a scooter to make scam calls). Other indicators include large number outgoing versus almost zero incoming traffic, unusually large volume of outgoing texts, many SIM card identities to a single equipment identity (many to one IMSI v/s IMEI), use of a single cellular site, complete absence of SMS or data usage, or roaming services, unusual called number spreads, atypical call traffic peaks etc. Not surprisingly many of these indicators can be gamed. Smarter SIM box operators typically replace the international mobile equipment identity (IMEI) of handsets through this device to evade IMEI detection.

The Telecom Regulatory Authority of India (TRAI) implemented the distributed ledger technology (DLT) to check these fraudulent messages, involving a strict registration process for bulk message senders. However, this elaborate process has been unable to check the ever-increasing menace of sending bulk phishing texts from SIM boxes. While the war wages on between the fraud fighters and the SIM box racketeers, the jury’s still out on this one.