There is an increase in cyber crime attacks specifically targeting online and financial services across Africa. Specifically, SIM swap fraud has been identified as one of the leading methods that cyber criminals use to defraud companies and customers.

This was revealed in a report by the South African Banking Risk Information Centre (SABRIC) which also revealed that SIM swap fraud more than double in the last year in South Africa.

“Criminals are always looking for ways to exploit digital platforms to defraud victims, but the mitigation strategies deployed by banks are very robust, so it is easier to target people, as they are the weakest link.” said Kalyani Pillay, CEO at SABRIC.

Cyber crime, the flip side to financial inclusion

The statement by Pillay is also echoed by Fabio Assolini, who is a Senior Security Researcher at Kasperky Labs, when he revealed that in South Africa one cyber crime victim was reported to have lost $ 20,000 and that on average fraudsters can steal $2,500 to $3,000 per victim. All it costs the cyber criminals is $10 to $40 - the price of performing a SIM swap.

“Despite financial inclusion services prospering, the flip side to this is that it opens up a world of opportunities to cybercriminals and fraudsters who are using the convenience a mobile phone offers to exploit and poke holes in a two-factor authentication processes. Frauds using SIM swap are becoming common in Africa and Middle East, affecting countries like South Africa, Turkey and UAE. Countries like Mozambique have experienced this firsthand. The implemented solution, by banks and mobile operators in Mozambique, as a result, is something I believe we must learn from and encourage other regions to investigate and apply, among other aspects, to mobile payment methods of the future – as a way to ensure that mobile phones do not become an enemy in our pockets,” said Assolini.

One of the key methods that the criminals use is social engineering. They do this by manipulating their victims into divulging their personal or confidential information which they then use to get a SIM swap.

"They capitalize on the fact that not all digital banking clients are digitally literate and exploit this vulnerability. Using technology, coupled with social engineering, criminals can gather sufficient information to impersonate victims, bypassing bank security protocols," said Pillay.

How to protect yourself

SIM swap fraud happens when a cyber criminal convinces your mobile services provider to switch your mobile phone number over to a SIM card that they possess. In some cases, employees of the telecommunications company work together with criminals.

Once the fraudsters have done this, they can divert your incoming SMS messages and can now easily complete the text-based two-factor authentication checks that protect your most sensitive accounts in financial services, social networks, e-mail services and instant messengers.

In order to protect yourself, Assolini recommends the following key considerations:

  • Voice and SMS methods avoided as authentication methods for payments - OTPs in mobile apps like Google Authenticator or the use of physical tokens should be used.
  • Biometrics - there is no better authentication than that of a physical characteristic. Voice authentication is an option that can be investigated further.
  • An automated ‘Your number will be deactivated’ message – to be shared upon SIM swap request. This will support the user to report the activity, if it is not legitimate, faster.
  • Activate 2FA on WhatsApp – in an attempt to minimize WhatsApp hijacking, activating Two-factor authentication (https://bit.ly/2vihws7) using a six-digit PIN on your device is critical. This supports the user in having      an additional layer of security on the device.

Cover image credit: Sergey Zolkin/Unsplash