Although it is a known scam, when it hits one of your colleagues, it makes you aware that there are very real dangers out there. A SIM card swap fraud occurs when criminals obtain and utilise a replacement SIM card to acquire security messages and one-time passwords (OTP) sent to you by the bank. Using the OTP, criminals are able to change, add beneficiaries and transfer money out of your account using your personal information that they would have obtained through phishing. One of our colleagues lost R20 000 over the holidays and asked us to warn other staff as well:
How does a SIM swap scam work?
- The SIM swap takes place after the fraudsters have received a your bank logon details as a result of the you responding to, for example, a Phishing e-mail. (this is why phishing e-mails are so dangerous and you should never ever respond or click on links contained in these phishing e-mails.)
- Once the fraudsters have the your cell phone number and other personal information, the fraudster can pose as you, requesting a new SIM card from a cellular service provider.
- The cellular service provider transfers the your SIM card identity to the new SIM card, cancelling your old SIM card in the process.
- The result is that there is no signal on the old SIM card, which means the you cannot receive / make phone calls or send SMS messages. (This ought to be the first sign of something wrong, so if you get “SIMCARD INVALID” error on your cell phone)
- The SMS authorisation reference number, which is normally sent to the client, reaches the fraudster instead of you, the legitimate owner, and the fraudster is able to make once-off payments and create beneficiaries fraudulently
What should I do if I suspect an unlawful SIM swap?
- If you fall prey to an unlawful SIM swap, or suspect that you have, contact your cellular service provider for assistance.
- Also contact the internet banking helpdesk to request that your internet banking access be suspended with immediate effect. This will prevent fraudsters from gaining access and transacting on your accounts.
What can I do to prevent SIM swap fraud?
- Protect your information – all your information.
- Do not disclose your ID number on websites unless you have verified the legitimacy of the site. The bank already knows your ID number and will not require you to give it to us again.
- Do not disclose your cell number on websites unless you have verified the legitimacy of the site. Phishing sites often request for information such as ID Number, email address and email address password, physical address, etc.
- Always make sure that your contact details on Internet banking are valid and correct. You know when your details have changed, so when you are ready, you can update the information on Internet banking or at a local bank branch.
[INFORMATION SUPPLIED BY DAVID WILES]
Tags: cell phone, phishing, security