Johannesburg - A forensic investigator has alleged an inside job at First National Bank (FNB) and MTN in a SIM-swap scam that pilfers customers of hundreds of thousands of rands.
READ: Dozens of Fin24 users hit by SIM-swap scam
Private consulting forensic scientist, Dr David Klatzow, says his client, Cape Town audiologist Gail Jacklin, lost over R200 000 from the scam earlier this year. Dr Klatzow said his client hasn’t been reimbursed by FNB.
READ: SIM-swap victim feels betrayed by FNB, MTN
Dr Klatzow told Fin24 that MTN failed to prevent an unauthorised SIM-swap of Jacklin’s phone, which resulted in fraudsters stealing from her FNB accounts.
But Dr Klatzow said he knows of at least another 20 cases of the same scam with the same modus operandi, and he has alleged an inside job at both FNB and MTN. Cape Town talk radio station Cape Talk has also reported that a number of its listeners have also reportedly been victims of this scam.
"The evidence seems to show that there is somebody within the bank and within MTN who has access to your details,” Dr Klatzow told Fin24.
“And what happens is, in many instances, and in my particular client's instance, her phone went on the blink,” he said.
Dr Klatzow explained that the scam typically involves a banking customer’s phone becoming inoperable, after which money is stolen from the victim’s bank accounts.
Dr Klatzow has further alleged that an unknown insider at FNB targets “a certain strata of bank accounts”.
This insider then allegedly works with somebody at MTN to put a phone “on the blink” and thereby arrange for a SIM-swap to aide the crime, explained the investigator.
Once the SIM-swap has been completed, the scammer can then access sensitive details such as internet banking One Time Pin (OTP) codes to carry out the crime, said Dr Klatzow.
“Once they know you've got significant funds in there, they target you - that cannot be done without the assistance of the bank,” he told Fin24.
Have you experienced this scam? Tell us by clicking here.
FNB, in its response to Fin24’s query about this alleged scam, did not detail the circumstances around Dr Klatzow’s client’s experience of fraud.
However, the bank, in its response, said that “phishing as a means of fraud has been a problem for many years”.
“We continually warn and educate our customers to never release their confidential banking information, or to respond to unsolicited email including threats to close their accounts if they do not ‘update’ their information via a link provided or offers of prizes/refunds via a link in an email,” said the company.
The bank further urged customers to “protect their login details at all times” and to contact the bank if their phone suspiciously loses connectivity.
FNB further said that it employs “a robust security framework which is multilayered”.
MTN issued a statement late on Wednesday in which it said it is looking at a number of safeguards to better protect customers from illegal SIM-swaps.
The company also urged consumers to protect themselves.
"MTN urges its customers to safeguard their internet and telephone banking log-in details and password against social engineering (phishing) to safeguard their accounts. The banking customer’s log-in details and password is the last line of defense that should only be known to the user. The onus is on consumers to ensure that their passwords and log-in details are not compromised," the company said.
"In a number of cases of fraudulent transactions, the customer has already compromised by unwittingly divulging their details to third parties either through phishing or social engineering. Where fraudulent activity has taken place, MTN is working closely with the South African Police Services as well as the South African Banking Risk Information Centre (SABRIC) to assist in the necessary investigations to bring perpetrators to book," said the company.
Doubts over phishing
Dr Klatzow, though, said he doubts FNB’s statement that phishing is to blame in this instance.
"The two companies involved would love you to believe that this is phishing and that people are inadvertently giving out their banking details. That is not so,” said Dr Klatzow.
"Now, there is no way that somebody on a phishing scam could put your phone on the blink,” Dr Klatzow told Fin24.
The forensic investigator further said that if FNB and MTN fail to address the problem, a class action lawsuit could be initiated against the companies.
"It's got very bad, it's become chronic and there is a very serious outbreak of this epidemic now. But the banks have known about this and they've created a platform which is ultra vulnerable,” said Dr Klatzow.
Listen to Fin24 tech editor Gareth van Zyl's interview with Dr Klatzow on the SIM-swap scam.