SIM-swap fraud results in loss of R30,000

Jamie McKane

MyBroadband Journalist
Joined
Mar 2, 2016
Messages
7,000
SIM-swap fraud results in loss of R30,000

Two of South Africa’s largest corporates, telecommunications giant MTN and Nedbank are yet again in the limelight for all the wrong reasons.

The latest victim, Jillian Meiring from the windy city of Port Elizabeth had noticed in September last year that she was unable to receive phone calls on her cellular device.
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
55,619
She gave someone info....in some form or another.

The only way this can be done.

Jip, could even have opened a URL in a SMS and login into a phishing site from her phone (I have seen such SMSs and it's URL points to spoofed SB website). Did they analyse her phone?

Anyway, one should not use banks that rely on any OTP or 2fa via a phone number.
 
Last edited:

system32

Expert Member
Joined
Dec 29, 2009
Messages
4,454
She gave someone info....in some form or another.

The only way this can be done.
I think this is how some systems work:
  1. RSA ID number + SA cellphone number -> Gives login ID
  2. Login ID + OTP -> Reset Password
  3. Login + Password + OTP -> Setup beneficiary and tx funds
  4. Profit
What can go wrong?
 

epah

Expert Member
Joined
Apr 22, 2014
Messages
2,445
I agree with you on how did they get access to her Nedbank account , but on the SIM swap after my current experience with MTN it's no surprise how easily fraud can happen with them
fraud can happen easily with anyone and not just MTN, however you perpetuate it by being negligent with douments and passwords.
 

MightyQuin

Not amused...
Joined
Oct 6, 2010
Messages
22,537
I think this is how some systems work:
  1. RSA ID number + SA cellphone number -> Gives login ID
  2. Login ID + OTP -> Reset Password
  3. Login + Password + OTP -> Setup beneficiary and tx funds
  4. Profit
What can go wrong?
Wut?
 

MightyQuin

Not amused...
Joined
Oct 6, 2010
Messages
22,537
RSA ID Numbers & Phone Numbers are easily available from the Experian and other data leaks.
Why isn't EVERYBODY'S bank accounts empty then?

Sound like my 11yo can walk into MTN/Vodacom shop, do sim swaps and then start cleaning out bank accounts.

What nonsense....
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
55,619
I think this is how some systems work:
  1. RSA ID number + SA cellphone number -> Gives login ID
  2. Login ID + OTP -> Reset Password
  3. Login + Password + OTP -> Setup beneficiary and tx funds
  4. Profit
What can go wrong?

Maybe you can explain nr 1, where that info gives login details to what?
 

AstroTurf

Lucky Shot
Joined
May 13, 2010
Messages
28,187
She gave someone info....in some form or another.

The only way this can be done.
Not so sure about that.

Not the same but my sister had her card cloned and the pin changed right before her monthly salary came in.
The bank did pay her back in full though.
 

MightyQuin

Not amused...
Joined
Oct 6, 2010
Messages
22,537
Not so sure about that.

Not the same but my sister had her card cloned and the pin changed right before her monthly salary came in.
The bank did pay her back in full though.
That is not the same as SIM Swap fraud, which we are discussing here.
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
55,619
Not so sure about that.

Not the same but my sister had her card cloned and the pin changed right before her monthly salary came in.
The bank did pay her back in full though.

And the money was taken out via an ATM right? So not the same, as one cannot do a EFT with a card.
 
Last edited:

system32

Expert Member
Joined
Dec 29, 2009
Messages
4,454
Maybe you can explain nr 1, where that info gives login details to what?
The Experian Data gives
RSAID
Forename1​
surname​
CS_File_number​
CS_CST_HomeAffairsRSAIDVerf​
CS_CELL_PHONE_1
CS_CELL_PHONE_2​
CS_CELL_PHONE_3​
etc.
Take that and request your forgotten login ID username via the online banking web site (no need for the App)

1613560857281.png

Am I missing something?
 

Attachments

  • 1613560610046.png
    1613560610046.png
    111.2 KB · Views: 25
Last edited:

Ragnarök

Senior Member
Joined
Apr 10, 2016
Messages
591
I once requested my contract from MTN , they send me a contract of a lady in the Western Cape .
When I replied and said this is not mine , Reply came back "My humble apologies for the incorrect attachment."
and that was it .
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
55,619
The Experian Data gives
RSAID
Forename1​
surname​
CS_File_number​
CS_CST_HomeAffairsRSAIDVerf​
CS_CELL_PHONE_1
CS_CELL_PHONE_2​
CS_CELL_PHONE_3​
etc.
Take that and request your forgotten login ID username:

View attachment 1022106

Am I missing something?

Ah, now I see, so that's Experian login. How does one use that info to log into internet banking and do EFT?
 

marine1

Honorary Master
Joined
Sep 4, 2006
Messages
48,513
I dont understand how a sim swap is done without the person producing a proper ID?
So either MTN staff involved or shops involved.
 
Top