SIM swops used to access accounts

By Lungelo Mkamba and Leanne Jansen Time of article published Feb 15, 2012

Share this article:

Be warned. Fraudsters are using cellphone SIM swops to access bank accounts in a new scam.

Vodacom investigator Francois Groenewald said the fraudsters would send an SMS from a number similar to that from which customers received banking notifications.

“The SMS will indicate a problem on your account and a person pretending to be a bank consultant will contact you,” he said. “When the consultant contacts you, they will start by confirming the details regarding your account number and then ask you what kind of phone you are using.”

The fraudsters would then contact your cellphone service provider and perform a SIM swop.

“They will then be able to receive one-time PINs and/or random verification numbers from your bank and have access to your bank accounts,” said Groenewald.

By the time you realised your cellphone number was not working, your money would be out of your account.

Also, criminals were capitalising on the SIM-swop scam by sending e-mails, purportedly from the addressee’s bank, that required internet banking customers to click on a link to verify details or risk their accounts being deactivated.

One of the e-mails states: “Due to the growing reports of ongoing sim-swop scam (sic) whereby your phone number is swopped to get access to your account, FNB has initiated an online security upgrade procession which you will need to complete by clicking on the link below this message to complete the process.

“Failure to do this will lead to the suspension and possible deactivation of your account until we can verify you as the genuine account owner.”

SA Banking Risk Information Centre spokesman Bongani Diako urged bank customers to be vigilant and to respond immediately to unusual events like discontinued cellphone connectivity.

Richard Boorman, a spokesman for Vodacom, said customers should contact the Vodacom call centre (082 111) immediately if they received an SMS notifying them of a SIM swop they had not requested.

He said Vodacom investigated each reported case and referred it to the police.

“We are launching a tab on our Facebook page where our customers can report to us.”

FNB has confirmed that the security update e-mail is fraudulent.

Lee-Anne van Zyl, CEO of FNB online banking, said people should “never” try to access their online banking through a link, and should “never” respond to a request that they update or reconfirm their banking details because such requests were phishing.

Phishing is when criminals, aiming to steal identities, send e-mails claiming to be from a recognised organisation, to get online banking customers to reveal sensitive information.

Clicking on a link directs the targets to a fake website where they will be asked to enter sensitive information such as passwords, credit card details or bank account numbers. Once these details are given, they are e-mailed to the fraudsters, and the customer is redirected to the legitimate website.

“We notify all our clients to report all phishing e-mails and scams to a mailbox which is monitored daily,” Van Zyl said.

Asked whether people who fell prey to such scams were reimbursed, she said such claims were investigated case by case.

Report phishing scams to FNB at 087 575 0011.

Emergency call

Should you receive an SMS notifying you of a SIM swop you did not request, or suspect any other incidence of fraud committed via your cellphone network, use one of the following numbers.

For Cell C users: dial 140 or 084 140.

For MTN users: dial 083 123 7867.

For Telkom/8ta users: dial 080 012 4000.

For Vodacom users: 082 111

Share this article: