Durban - A Durban businessman who had more than R100 000 allegedly siphoned from his bank account wants Vodacom to explain how the fraudsters were able to do a “SIM swop” on his SIM card in Johannesburg while he was at home in Glenwood. He claims fraudsters bypassed his online banking security features and accessed his account.
Morris Smith said he had no idea he was falling victim to an elaborate scam when, for no reason, on July 3 he suddenly lost reception on his cellphone.
“I had been using my phone for businesses the whole day, and later that night I could no longer make or receive calls or SMSes,” he said. “I just thought at the time that something was wrong with my phone and a visit to Vodacom would fix it.”
What Smith did not realise at the time was that someone pretending to be him had gone to the Vodacom store in Fourways, Johannesburg, and was performing a SIM swop on his SIM card that would set in motion a sophisticated scam to access the funds in his online banking account.
“When I went to the Vodacom shop in Durban they told me that a SIM swop had been done in Johannesburg. I could not believe it and asked them why I would want to do a SIM swop in Johannesburg when I live in Durban,” he said.
A swop is usually done by users whose SIM cards are damaged or lost and who want to keep their original cellphone number. They approach their network operators who are then able to generate a new SIM card for them with their original number.
However, fraudsters are blocking unsuspecting people from their cell account through a SIM swop.
After stealing their victims’ online banking details through phishing, they insert the swopped SIM card into their phone and are able to intercept a person’s online banking security features, such as one-time passwords, and use it to transfer large amounts of money from their unsuspecting victim’s bank account.
After logging on to his online bank account later that day, Smith said he discovered that R107 480 had been stolen, including R80 000 from his credit card account.
“I went cold,” he said. “About R90 000 was transferred into an FNB account and the balance to a Capitec account.”
Smith opened a case of fraud with the Umbilo police and alerted Absa Bank, which sent a specialist investigator to Durban to probe how he was scammed.
Smith said the investigator discovered that he had responded to what he believed was an e-mail from the SA Revenues Service (Sars), which was a phishing scam.
Absa was able to freeze the accounts to which the money was transferred and recovered some of it.
However, the fraudster made off with a significant amount, which forced Smith to dig into his retirement funds to pay off the R80 000 taken from his credit card account.
Now Smith wants to know how the fraudsters were able to pretend to be him at the Vodacom shop.
“Was the person my age and did they ask them for proof of their address like we are asked wherever we go these days? I have been asking Vodacom for this and they refuse (to answer). I am out of pocket for a substantial amount and want Vodacom to pay,” he said.
Vodacom said Smith had handed over his personal bank details to the fake Sars website.
“It should be noted that a SIM swop on its own cannot result in loss of funds through internet banking fraud, which is why Vodacom cannot be held responsible for internet banking fraud,” a Vodacom spokesperson said.
“The starting point of internet banking fraud is the ability of criminals to get hold of customers’ internet banking details, which is something that is out of Vodacom’s control. If this information is secured, the SIM swop part of the fraud process becomes irrelevant,” the spokesperson said.
“Customers should never disclose personal information when asked to do so by e-mail. Some of the fraudulent websites may look like legitimate institutions, so care should be taken never to click on any links but rather type out the website address to avoid being victims of phishing fraud.”
Kalyani Pillay, chief executive of SA Banking Risk Information Centre, said SIM swop fraud peaked a few months ago, but had reduced drastically in recent weeks because of the collaboration between the banks and cellphone service providers.
“People who think they could have been a victim of SIM swop fraud should immediately inform their bank,” she said. “The mobile service provider must also be informed and the latter will be able to confirm whether there had been an unauthorised SIM swop done.” - Daily News
TIPS ON HOW TO PREVENT SIM SWOP FRAUD
l Protect your personal and cellphone account information from known or third parties and websites (eg cellphone contract type, debit order dates, ID, etc).
l Be vigilant and always aware of your cellphone’s network connectivity status. If you realise that you are not receiving any calls or SMS notifications, something may be wrong and you should make enquiries to ensure that you have not fallen victim to this crime.
l Some cellphone network operators send customers an SMS to alert them of a SIM swop instruction, and customers should contact their cellphone network operator if the request is fraudulent.
l Make a habit of checking your bank statements and online transaction history regularly. In this way, you will be able to identify any unauthorised transactions timeously. - Source: Sabric