Feruccio Ferucci left Cape Town in October without suspecting that his banking information had been stolen.
Around the end of October, his Vodacom SIM card stopped working as well as his internet banking. Growing suspicious, he contacted his daughter in Cape Town to find out from Vodacom what had happened. They informed her that a SIM swap had been done.
“I did not authorise the SIM swap. My phone stopped working for about three weeks and then started working again.
“I haven’t heard anything from Vodacom telling me what happened because my phone just started working again three weeks later,” said Ferucci.
When he returned on December 2, he was shocked to find out from his staff about transactions which were not approved by them at his business in Paarl or by himself. These were fraudulent transactions which had gone off the business account during two of the weeks which his phone had not been working equating to R3.1m.
“These transactions were around R300000 each and there were about ten transactions. I then contacted my attorney and he referred me another attorney who specialises in this type of crime. I then wrote a protest letter to Absa threatening to close my account with them and my money was refunded around December 23,” said Ferucci.
On speaking to the new attorney, he was told that this was often done to people who are overseas because perpetrators assume one would not check their phone regularly.
“The attorney told me that 90% of the cases he deals with involved people who went overseas. There is no doubt in my mind that what happened to me was promoted by employees of both Vodacom and Absa.
“They probably didn’t steal the money but they probably sell the information,” said Ferucci.
Both Absa and Vodacom have said they are investigating the matter.
IRS Forensic Investigations, which investigates financial, organised and cyber crimes director Chad Thomas said sim swaps are a major issue, with some victims reporting that they have become victims of crime while their phones have been off while they have been travelling long distances.
However, the breach of personal data, including credit card numbers is not just confined to individual hacks via trojans or malware but is also as a result of highly sophisticated cyber attacks on data stored by corporates.
“People need to take cognisance of the fact that a sufficiently determined and capable hacker can take over someone’s online footprint if the correct measures are not taken to protect their information. However, it is not just the individual that needs to take precautions, but also corporates that are storing client’s information and have a responsibility to safeguard that information,” said Thomas.