Share

SIM swap bank fraud a major problem

Cape Town – SIM swaps have become one of the problematic areas in cybercrime space across the banking industry as a whole, irrespective of the bank the victim uses or the mobile phone service provider in question, industry body Sabric said this week.


The South African Banking Risk Information Centre was responding to questions by Fin24 on how widespread the fraud is, and whether it is specific to Absa Group [JSE:ASA] and MTN Group [JSE:MTN] as indicated by a stream of Fin24 user letters.

Fin24’s sister publication Die Burger reported on Monday that Media24's CEO Esmaré Weideman had R360 000 stolen from her cheque account in what seems to be a hit from a SIM swap syndicate.

What followed was an outcry from victims who had lost hundreds of thousands of rands in SIM swap bank fraud.

Technical adviser and owner of Swift Consulting Liron Segev said SIM swapping is not new, but what is novel and worrying is that SIM swapping is being done primarily to get people’s banking details and prevent them from receiving notifications that a transaction has occurred.

“In the past people were defrauded as their SIM was swapped and used in international PABX, which rang up massive bills.

“It was also used to dial premium rated numbers so that the caller pays for the calls made.”

Sabric CEO Kalyani Pillay said SIM swap bank fraud almost always works hand-in-hand with phishing and/or smishing, so consumers should be wary never to respond to emails and SMSs from entities posing as their bank.

With SIM swap bank fraud the consumer is defrauded twice: first by the SIM swap, then the bank fraud.

SIM swap occurs when criminals request your mobile phone service provider to transfer your existing cellphone number onto a new SIM card by pretending to be you, or pretending to act on your behalf, Pillay explained.

The fraudster will produce falsified copies of your identity document, cellphone number and other Fica-required documents that may convince the service provider that the request is legitimate.

Once they have illegally assigned your cellphone number to their SIM card, they will receive all your calls and SMS notifications, which include your in Contact and One Time Pin (OTP) messages.

Your phone will stop receiving any incoming calls or messages.

When it comes to bank fraud there is a major problem for everyone, said Segev.

He said: “The hacker needs to have two passwords – one to log into the account and one to do any transfer or add beneficiaries.

“To do this, the hacker needs to get the password to internet banking – this is usually done via a phishing attack where the hacker impersonates that bank and asks to 'reset' or 'confirm' the password.

“Then the hacker needs to target that individual and clone their SIM.

“This is usually done with internal help from either someone inside the network or by impersonating the person and asking for a SIM swap at an outlet shop, saying that the original card is faulty.

“Very little documentation is required at this point and a little ‘encouragement’ is offered to the person doing the swap.”

Why is this a problem?

1. Because the bank did nothing wrong – the customer fell for the phishing attack and gave their username and password, despite repeated warnings not to do so. Therefore, the customer is responsible.
2. The bank cannot be responsible for the SMS notification as this is passed via the cellular networks which they have no control over.
3. The cell operators cannot be held responsible for any banking fraud as it was not their system that was hacked into.

“The only thing people can do is NOT to fall for any phishing scams, nor divulge their personal info to anyone, including people inside the bank.

"The SIM swap without the bank login details is pointless,” said Segev. “The hacker needs both.”

What you should do

Segev said that two SIM cards struggle to operate on the same network at the same time.

“If you are experiencing issues with your phone, call the customer service and ask specifically if there is another SIM registered on your account or if a SIM swap was recently requested.

"If yes, call the bank ASAP and ask them to stop your online banking immediately.”

 - Fin24

Read personal stories involving banking fraud on MyFin24.


We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.89
+0.2%
Rand - Pound
23.82
+0.4%
Rand - Euro
20.37
+0.3%
Rand - Aus dollar
12.30
+0.3%
Rand - Yen
0.12
+0.2%
Platinum
908.05
0.0%
Palladium
1,014.94
0.0%
Gold
2,232.75
-0.0%
Silver
24.95
-0.1%
Brent Crude
87.00
+1.8%
Top 40
68,346
0.0%
All Share
74,536
0.0%
Resource 10
57,251
0.0%
Industrial 25
103,936
0.0%
Financial 15
16,502
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders