• Inside Labour

    Without radical policy change SA's social fabric will continue to fray, says Terry Bell.

  • Long live your gadget

    Real gadget protection tends to cost real money, writes Arthur Goldstuck.

  • Taking SA for a ride

    The ANC seems to think all South Africans are idiots, says Mzwandile Jacks.

Data provided by iNet BFA
Loading...
See More

SIM swap bank fraud a major problem

May 02 2013 17:38 Fin24
scam, thief

(Shutterstock)

Company Data

BARCLAYS AFRICA GROUP LIMITED [JSE:BGA]

Last traded 166.47
Change -2.03
% Change -0.01
Cumulative volume 1024513
Market cap 141.13bn

Last Updated: 29/08/2014 at 04:27. Prices are delayed by 15 minutes. Source: McGregor BFA

MTN GROUP LIMITED [JSE:MTN]

Last traded 241.63
Change -2.47
% Change -0.01
Cumulative volume 2397356
Market cap 446.62bn

Last Updated: 29/08/2014 at 04:28. Prices are delayed by 15 minutes. Source: McGregor BFA

Related Articles

Flood of SIM swap victims come forward

Fake ID used for SIM swap

Media24 boss conned out of R360 000

Wiped clean

Compromised PIN tops card fraud list

All they said was fill in a fraud claim

 
Cape Town – SIM swaps have become one of the problematic areas in cybercrime space across the banking industry as a whole, irrespective of the bank the victim uses or the mobile phone service provider in question, industry body Sabric said this week.


The South African Banking Risk Information Centre was responding to questions by Fin24 on how widespread the fraud is, and whether it is specific to Absa Group [JSE:ASA] and MTN Group [JSE:MTN] as indicated by a stream of Fin24 user letters.

Fin24’s sister publication Die Burger reported on Monday that Media24's CEO Esmaré Weideman had R360 000 stolen from her cheque account in what seems to be a hit from a SIM swap syndicate.

What followed was an outcry from victims who had lost hundreds of thousands of rands in SIM swap bank fraud.

Technical adviser and owner of Swift Consulting Liron Segev said SIM swapping is not new, but what is novel and worrying is that SIM swapping is being done primarily to get people’s banking details and prevent them from receiving notifications that a transaction has occurred.

“In the past people were defrauded as their SIM was swapped and used in international PABX, which rang up massive bills.

“It was also used to dial premium rated numbers so that the caller pays for the calls made.”

Sabric CEO Kalyani Pillay said SIM swap bank fraud almost always works hand-in-hand with phishing and/or smishing, so consumers should be wary never to respond to emails and SMSs from entities posing as their bank.

With SIM swap bank fraud the consumer is defrauded twice: first by the SIM swap, then the bank fraud.

SIM swap occurs when criminals request your mobile phone service provider to transfer your existing cellphone number onto a new SIM card by pretending to be you, or pretending to act on your behalf, Pillay explained.

The fraudster will produce falsified copies of your identity document, cellphone number and other Fica-required documents that may convince the service provider that the request is legitimate.

Once they have illegally assigned your cellphone number to their SIM card, they will receive all your calls and SMS notifications, which include your in Contact and One Time Pin (OTP) messages.

Your phone will stop receiving any incoming calls or messages.

When it comes to bank fraud there is a major problem for everyone, said Segev.

He said: “The hacker needs to have two passwords – one to log into the account and one to do any transfer or add beneficiaries.

“To do this, the hacker needs to get the password to internet banking – this is usually done via a phishing attack where the hacker impersonates that bank and asks to 'reset' or 'confirm' the password.

“Then the hacker needs to target that individual and clone their SIM.

“This is usually done with internal help from either someone inside the network or by impersonating the person and asking for a SIM swap at an outlet shop, saying that the original card is faulty.

“Very little documentation is required at this point and a little ‘encouragement’ is offered to the person doing the swap.”

Why is this a problem?

1. Because the bank did nothing wrong – the customer fell for the phishing attack and gave their username and password, despite repeated warnings not to do so. Therefore, the customer is responsible.
2. The bank cannot be responsible for the SMS notification as this is passed via the cellular networks which they have no control over.
3. The cell operators cannot be held responsible for any banking fraud as it was not their system that was hacked into.

“The only thing people can do is NOT to fall for any phishing scams, nor divulge their personal info to anyone, including people inside the bank.

"The SIM swap without the bank login details is pointless,” said Segev. “The hacker needs both.”

What you should do

Segev said that two SIM cards struggle to operate on the same network at the same time.

“If you are experiencing issues with your phone, call the customer service and ask specifically if there is another SIM registered on your account or if a SIM swap was recently requested.

"If yes, call the bank ASAP and ask them to stop your online banking immediately.”

 - Fin24

Read personal stories involving banking fraud on MyFin24.


Follow Fin24 on Twitter, Facebook, Google+ and Pinterest.

mtn group  |  sabric  |  absa group  |  banks  |  fraud  |  sim swap
NEXT ON FIN24X

 
 
 

Read Fin24’s Comments Policy

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
38 comments
Add your comment
Comment 0 characters remaining
 

Company Snapshot

We're talking about:

Small Business

“Hippie sense makes business sense,” an entrepreneur said, adding that "purpose" was core to success.
 

Money Clinic

Money Clinic
Do you have a question about your finances? We'll get an expert opinion.
Click here...
Loading...