Although it is a known scam, when it hits one of your colleagues, it makes you aware that there are very real dangers out there. A SIM card swap fraud occurs when criminals obtain and utilise a replacement SIM card to acquire security messages and one-time passwords (OTP) sent to you by the bank. Using the OTP, criminals are able to change, add beneficiaries and transfer money out of your account using your personal information that they would have obtained through phishing. One of our colleagues lost R20 000 over the holidays and asked us to warn other staff as well:
How does a SIM swap scam work?
- The SIM swap takes place after the fraudsters have received a your bank logon details as a result of the you responding to, for example, a Phishing e-mail. (this is why phishing e-mails are so dangerous and you should never ever respond or click on links contained in these phishing e-mails.)
- Once the fraudsters have the your cell phone number and other personal information, the fraudster can pose as you, requesting a new SIM card from a cellular service provider.
- The cellular service provider transfers the your SIM card identity to the new SIM card, cancelling your old SIM card in the process.
- The result is that there is no signal on the old SIM card, which means the you cannot receive / make phone calls or send SMS messages. (This ought to be the first sign of something wrong, so if you get “SIMCARD INVALID” error on your cell phone)
- The SMS authorisation reference number, which is normally sent to the client, reaches the fraudster instead of you, the legitimate owner, and the fraudster is able to make once-off payments and create beneficiaries fraudulently
What should I do if I suspect an unlawful SIM swap?
- If you fall prey to an unlawful SIM swap, or suspect that you have, contact your cellular service provider for assistance.
- Also contact the internet banking helpdesk to request that your internet banking access be suspended with immediate effect. This will prevent fraudsters from gaining access and transacting on your accounts.
What can I do to prevent SIM swap fraud?
- Protect your information – all your information.
- Do not disclose your ID number on websites unless you have verified the legitimacy of the site. The bank already knows your ID number and will not require you to give it to us again.
- Do not disclose your cell number on websites unless you have verified the legitimacy of the site. Phishing sites often request for information such as ID Number, email address and email address password, physical address, etc.
- Always make sure that your contact details on Internet banking are valid and correct. You know when your details have changed, so when you are ready, you can update the information on Internet banking or at a local bank branch.
[INFORMATION SUPPLIED BY DAVID WILES]
Dis `n bekende kuberstrik, maar as dit met een van jou kollegas gebeur, word dit skielik `n realiteit en groter moontlikheid dat dit ook met jou kan gebeur. SIM-kaart bedrog vind plaas as kuberkriminele `n SIM-kaart ruiling gebruik om jou sekuriteitsboodkappe en eenmalige wagwoorde, gestuur deur jou bank, te bekom. Deur die eenmalige wagwoord te gebruik, kan begunstigdes se detail verander word, nuwes byvoeg en fondse uit jou rekening oorgedra deur jou persoonlike inligting te gebruik.
Gedurende die afgelope vakansie het een van ons Tygerberg-kollegas R20 000 op hierdie wyse verloor en versoek dat ons ander personeel ook waarsku.
Hoe werk `n SIM-kaart omruiling?
- `n SIM-kaart omruiling vind plaas nadat kuberskelm jou bank aantekeninligting geoes het, omdat jy op `n “phishing” e-pos reageer het. (Hierdie is een van die redes hoekom “phishing” e-posse so gevaarlik is en jy nooit daarop moet reageer of op die skakels in dié e-posse moet kliek nie.)
- Sodra die persoon jou selfoonnommer en ander persoonlike inligting in die hande gekry het, kan hy jou identiteit aanneem en `n nuwe SIM-kaart versoek van jou selfoonverskaffer.
- Die selfoonverskaffer dra jou SIM-kaart identiteit oor na die nuwe SIM-kaart en kanselleer die ou kaart.
- Geen sein word vanaf die ou SIM-kaart ontvang nie en geen SMS’e kan gestuur of oproepe kan gemaak word nie. Hierdie is die eerste teken dat daar fout is, ook as jy die boodskap “SIMCARD INVALID” kry.
- Die SMS-magtiging verwysingsnommer, wat normaalweg aan die klient gestuur word, bereik die kuberkraker ipv jou, die geldige eienaar, en hy kan eenmalige betalings maak en begunstigdes skep.
Wat moet ek doen as ek `n onwettige SIM-omruiling vermoed?
- Indien jy die slagoffer is van `n onwettige SIM-omruiling of vermoed dat jy moontlik is, skakel dadelik jou selfoonverskaffer vir hulp.
- Kontak jou internetbankdienste hulplyn en versoek dat internetdienstetoegang onmiddellik beëindig word. Dit sal voorkom dat die skuldiges toegang tot jou rekeninge verkry.
Wat kan jy doen om SIM-kaartbedog te voorkom?
- Beskerm jou informasie – al jou informasie.
- Moet nooit jou ID-nommer verskaf tensy jy doodseker is van die geldigheid van `n webwerf nie. Die bank het reeds jou ID-nommer en sal dit nie weer vra nie.
- Moenie jou selfoonnommer verskaf op webwerwe tensy jy die egtheid van die webwerf geverifieer het nie. “Phishing” webwerwe versoek gewoonlik inligting soos `n ID-nommer, e-posadres en e-pos adres wagwoord.
- Maak altyd seker dat jou kontakdetails op internetbankdienste geldig en korrek is. Wanneer jou inligting verander, dateer dit op by op internet bankdienste of by jou plaaslike bank.
[INLIGTING VERSKAF DEUR DAVID WILES]
Tags: cell phone, phishing, security