A new SIM-swap scam in South Africa can cost consumers dearly.
The Weekend Argus reported that bank customers have been warned of the new scam, with a cellphone network asking subscribers to guard against “social engineering” attacks.
“The scale of the problem could be greater, as the South African Banking Risk Information Centre (Sabric) said it was aware the latest scam had occurred across banks,” stated the report.
Sabric was reportedly reluctant to disclose further details and referred queries to the banks in question.
It is understood that the social engineering attack happens after criminals have gained access to a victim’s online banking details.
The banking information is usually obtained through an email phishing attack, where a victim is fooled into clicking on a link to a fake website.
After the information is gathered, the fraudsters need to perform a SIM-swap.
The criminals, who claim to be from a service provider, contact the person and ask them to confirm certain information.
After gathering the needed information, they perform a fraudulent SIM-swap.
The SIM-swap allows the criminals to receive SMSs destined for the account holder, letting them add beneficiaries to the online banking account.
MTN call warning
MTN recently warned customers of a scam in which an “MTN call centre agent” asks for a client’s security details.
This is done “under the pretext that they are blocking the processing of a SIM-swap request that is being made on the subscriber’s number without their authorisation”.
“The scammers will then use the customer’s responses that they obtained during the call to perform a fraudulent SIM swap,” said MTN.
MTN said it will not contact customers from its call centre to block the processing of a SIM swap.
Sabric vishing warning
At the end of 2016, Sabric warned of an increase in what is known as vishing – the telephonic equivalent of phishing.
“Here, a fraudster phones their victim posing as a bank official or service provider and uses social engineering skills to manipulate them into disclosing confidential information,” said Sabric.
“If you receive a phone call requesting confidential or personal information, do not respond and end the call.”
It warned that if you lose mobile connectivity under circumstances where you are usually connected, check whether you have been the victim of a SIM swap.
Receiving a one-time-pin on your phone without conducting any online transactions should also raise red flags.
“Do not provide the OTP telephonically to anybody. Contact your bank immediately to alert them to the possibility that your information may have been compromised,” said Sabric.