The number of reported SIM-swap fraud incidents in South Africa has doubled in the past year, according to cybersecurity experts from Kaspersky.
SIM-swap fraud happens when someone convinces your mobile operator to switch your phone number over to a SIM card that a criminal possesses. In some cases, there are carrier’s employees working together with criminals.
By diverting your incoming SMS messages, scammers can easily complete the text-based two-factor authentication checks that protect your most sensitive accounts in financial services, social networks, webmail services and instant messengers.
“Despite financial inclusion services prospering, the flip side to this is that it opens up a world of opportunities to cybercriminals and fraudsters who are using the convenience a mobile phone offers to exploit and poke holes in a two-factor authentication process,” said Fabio Assolini, senior security researcher of Kaspersky Lab.
“Frauds using SIM swap are becoming common in Africa and Middle East, affecting countries like South Africa, Turkey and UAE.
“Countries like Mozambique have experienced this firsthand. The implemented solution, by banks and mobile operators in Mozambique, as a result, is something I believe we must learn from and encourage other regions to investigate and apply, among other aspects, to mobile payment methods of the future – as a way to ensure that mobile phones do not become an enemy in our pockets,” he said.
Assolini said that the total money lost in the attacks varies by country and there are extreme cases, such as one in the United Arab Emirates, where one victim lost $1 million (R14,45 million), while in South Africa one victim reported losing $20,000 (R289,000).
“On average fraudsters can steal $2,500 to $3,000 (R36,000 – R43,000) per victim, while the cost to perform the SIM swap starts with $10 to $40 (R144 – R580),” said Assolini.