SIM Box Fraud Explained: The Hidden Technology Behind Scam Calls and Phishing SMS
If you’ve ever received suspicious calls from unknown numbers or texts with shady links, there’s a good chance this technology is involved.
SIM box fraud allows scammers to send large volumes of calls and messages that appear local, making them harder to detect and easier to trust. This is one of the reasons phishing attacks and financial scams have become so widespread.
In this guide, you’ll learn how SIM box fraud works, why it’s difficult to trace, and how you can protect yourself from becoming a target.
In simple terms, SIM box fraud is a method scammers use to send large numbers of calls and messages that look like they’re coming from local numbers.
SIM Box fraud is a type of interconnect bypass fraud in telecom. Simply put, SIM Box is a device used to route Voice over Internet Protocol (VoIP) calls through to local traffic by connecting to local GSM networks using one or more SIM cards, hence avoiding international calling tariffs. The device allows a user to connect a multitude of SIM cards (from 20 to 500) to a single connection to send text messages and route calls. Such SIM cards are procured typically using fake identities to commit fraud or other illegal activities.
This modus operandi is a big looming challenge to telecom companies, Law Enforcement Agencies and National Security, at large. The MO is also sophisticated, costly and becoming highly prolific with the availability of cheaper devices, tons of breached identities and low-cost SIM cards. The use of such devices for fraudulent and illegal purposes is an issue at many levels with several negative ramifications.
- Most importantly for those in the fraud/scam detection domain these are used indiscriminately to generate phishing and scam texts.
- There is a cost in terms of National security as such calls are harder to trace than VoIP calls. And this technology is known to have been used by terror outfits, extortion racketeers and in espionage by foreign military intelligence organizations, as well.
- It causes significant leakage to the revenues of Telecom companies and taxes.
Early this year, the rural cybercrime police of a small town called Tirupur busted a SIM box racket working for foreign loan apps such as Candy Pay, Easy Loan, Lucky Money etc. for a commission. (The accused were using apps like iTel and VOS VoIP.) As part of the raid, 11 SIM boxes, 6 modems and 500 SIM cards were seized. There have been many such seizures big and small across the length and breadth of India, attached to various crimes ranging from financial fraud to terrorism. So, while SIM boxes may seem like a harmless cheap international calling substitute for Indian expats living overseas (in countries where WhatsApp is banned), the innocuous sounding SIM box has proven to be a far more insidious threat to society.
One policer officer in an Ahmedabad raid team, remarked, “The only way to track such boxes is when customers report the numbers.” (And so, you should – report such numbers to the Phishbowl app). Law enforcement agencies remain quite restricted in terms of what they can do to detect these. The telecom companies though, have tons of data at their disposal and their FMSs can run intensive machine learning algorithms to identify these fraudulent numbers and SIM box locations. They employ some indicators such as the numbers being stationery. (In one case in Gujarat, scammers had installed a portable SIM box in a scooter to make scam calls). Other indicators include large number outgoing versus almost zero incoming traffic, unusually large volume of outgoing texts, many SIM card identities to a single equipment identity (many to one IMSI v/s IMEI), use of a single cellular site, complete absence of SMS or data usage, or roaming services, unusual called number spreads, atypical call traffic peaks etc. Not surprisingly many of these indicators can be gamed. Smarter SIM box operators typically replace the international mobile equipment identity (IMEI) of handsets through this device to evade IMEI detection.
The Telecom Regulatory Authority of India (TRAI) implemented the distributed ledger technology (DLT) to check these fraudulent messages, involving a strict registration process for bulk message senders. However, this elaborate process has been unable to check the ever-increasing menace of sending bulk phishing texts from SIM boxes. While the war wages on between the fraud fighters and the SIM box racketeers, the jury’s still out on this one.
Common Questions around SIM Box Fraud
What is SIM box fraud in simple terms?
SIM box fraud is a method scammers use to send large numbers of calls and messages that appear to come from local phone numbers. This makes scam calls and phishing messages harder to detect and easier to trust.
How does SIM box fraud work?
SIM box fraud works by routing internet-based calls (VoIP) through multiple local SIM cards using a special device. This converts international calls into local ones, helping scammers avoid detection and reduce costs.
Why do scammers use SIM boxes?
Scammers use SIM boxes to send bulk phishing SMS and make scam calls at scale. Since the calls appear local, victims are more likely to trust them, increasing the chances of fraud.
Are scam calls and phishing SMS linked to SIM box fraud?
Yes, many scam calls and phishing messages are linked to SIM box fraud. This technology allows fraudsters to send large volumes of messages and calls that look legitimate, making them harder to trace.
Is SIM box fraud illegal in India?
Yes, SIM box fraud is illegal in India. It violates telecom regulations and is often linked to financial fraud, cybercrime, and other illegal activities. Law enforcement agencies regularly conduct raids to shut down such operations.
How can I protect myself from SIM box scams?
You can protect yourself by avoiding unknown calls, not clicking on suspicious links, and verifying messages before taking action. If you receive a suspicious link, always check if it is safe before opening it.
What should I do if I receive a suspicious call or message?
If you receive a suspicious call or message, do not share personal or financial information. Avoid clicking on any links and verify them using a trusted link-checking tool before taking action.