Mobile wallets a drawcard for cyber criminals – Kaspersky expert | Fin24
 
  • Disposal?

    Sasol may be planning to sell its South African coal-mining operations.

  • National Carrier

    Fixing SAA means overcoming an 'organised crime syndicate', says ex-prosecutions boss Vusi Pikoli.

  • Fin24’s newsletter

    Sign up to receive Fin24's top news in your inbox every morning.

Loading...

Mobile wallets a drawcard for cyber criminals – Kaspersky expert

May 02 2019 06:01
Carin Smith

Mobile wallets are extremely attractive to cyber criminals, according to Fabio Assolini, senior security researcher at global cyber security firm Kaspersky Lab.

In his view, one-time passwords (OTPs) - an additional layer of security used by many banks for verification purposes - should not be used anymore either.

Assolini was speaking at an information session hosted by the company in Cape Town on Monday.

Mobile phone risks

There are various opportunities for fraud using mobile phones, Assolini noted.

"The user identification of your mobile carrier is via your SIM card, but what if someone steals your phone or activates your phone number with another SIM card without your knowledge or consent?" he asked.

That is called a SIM swap.

It can be done through what he called "social engineering" – by presenting false documents to your mobile operator. This is risky for the criminal, though, because they would need to go there physically and might, for instance, be recorded on security cameras.

That is why, Assolini said, some cyber criminals prefer to have someone at the mobile carrier working for them, adding that they would usually bribe the employee to assist them.

Smelling a rat

Sometimes the corrupted employee does not want to lose his job, so he or she would install a so-called "rat" (remote admin tool) in the company’s system, and get paid for doing that.

This allows the cyber criminal to enter the carrier remotely and perform the tasks they want to themselves.

Having done a SIM swap, cyber criminals can then steal your money, because they will be able to get the OTP that has been SMS'd to you.

Help, I'm stranded...

Using the victim’s WhatsApp account is usually the next biggest target of cyber criminals.

They use the person’s WhatsApp account, pretending to be that person, and ask his or her contacts on WhatsApp for money.

In SA, SIM swap fraud incidents doubled in the space of a single year, the South African Banking Risk Information Centre (Sabric) said in 2018.

Scourge

Assolini gave the example of how Mozambique decided to deal with increasing problems with SIM swap fraud in the country.

Local banks and mobile carriers got together and created a simple system where banks would check with a client’s carrier whether a SIM swap had been done recently. If that was the case, the bank would not do a wire transfer until it could be sure their client had indeed requested it.

Within a month, SIM swap fraud in Mozambique had decreased by 50%, and after six months it was just about non-existent, he said.

"Banks need to stop sending OTPs and tokens by SMS – yet they do it because it is very cheap to send SMSes," said Assolini.

"If you suddenly find you have no mobile signal when in an area that you should have, contact your carrier as soon as possible," Assolini told Fin24.

"There will continue to be a lot of victims of SIM swaps until telecommunications companies and banks get together - like in Mozambique - and decide to do something about it.

"Consumers need to put pressure on these companies to do something about it."

kaspersky lab  |  cyber crime  |  ict  |  tech  |  scams
NEXT ON FIN24X

 
 
 
 

Company Snapshot

Money Clinic

Money Clinic
Do you have a question about your finances? We'll get an expert opinion.
Click here...

Voting Booth

What's your view on deep sea mining?

Previous results · Suggest a vote

Loading...