SIM-swap scam of R884,000 leaves retired couple in crippling debt

FaSMaN

Expert Member
Joined
Mar 24, 2010
Messages
1,492
#41
Payment

When the fraudsters got into the du Plessis bank account, they stole the R570,000 the couple had saved for their retirement. and incurred debt.

This included:

R152,500 personal loan.
±R75,000 credit card debt.
±R53,000 transferred from Flexi-Reserve access bond.
±R43,000 overdraft.

The fraudsters maxed unused pre-authorised limits that Absa made available to du Plessis in his online banking profile.
This is the shocking part, why on earth doesnt ABSA have a system in place that detects when some one tries to max out all their accounts as soon as possible and freeze the account till the person comes to the bank in person to unfreeze it, 36 Hours is useless, just make it indefinite till the person goes to the bank to unfreeze it.
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
47,191
#42
Question is.....why don't they want to catch the bad guy? Probably in cahoots with the bad guys.
The person who own the account is probably some poor person who sold their account for use to the syndicate. small fish and he want have money, yes, he shoudl be prosecuted and sent to jail but that won't happen.
 

TelkomUseless

Executive Member
Joined
Mar 13, 2006
Messages
7,570
#43
The person who own the account is probably some poor person who sold their account for use to the syndicate. small fish and he want have money, yes, he shoudl be prosecuted and sent to jail but that won't happen.
make a few examples. People that "sell" their accounts get jail time (if they don't give away the perps). Doubt people will be selling their accounts then.
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
47,191
#45
This is the shocking part, why on earth doesnt ABSA have a system in place that detects when some one tries to max out all their accounts as soon as possible and freeze the account till the person comes to the bank in person to unfreeze it, 36 Hours is useless, just make it indefinite till the person goes to the bank to unfreeze it.
Then you get some irate customer in the branch causing an issue because they can max out their counts when they like...

Failures on the clients, banks and MTNs part.
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
47,191
#46
Could the fraud have occurred without the sim swap? Yes or no MTN?

I think no.

The problem is, in order to prevent fraud, you need all systems to be working. If one of those systems has a problem, then fraud occurs. At the moment, MTN is the weakest link.
<- ponders whether he should switch servers providers.
Could the fraud have occurred without the user falling for a phishign e-mail?
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
47,191
#47
To be frank,this is a failure of a multitude of systems

I suspect the trail of operations for this was as follows,and based on that specific weakpoints are targeted:


1) Phishing mail is sent,verify FICA details
This looks legit,asks for account number,personal details,phone number - customer weak point

At this point they have indexible info to search for specific patterns,in this instance an ABSA user ( he attempted to log in ),an MTN number (probably based on the dial code) and enough basic personal details to attempt a SIM swop

2) They do the SIM swop at a location that's known to have lax monitoring,with MTN seemingly not using a good 2 staged sim-swop ( if this is a prepaid number how do they verify ownership? RICA details are clearly not checked,or badly enforced) - MTN weak point

Now we have the SIM and all the banking details. Here human interaction has failed twice

3) Log into banking,initiate multitude of transfers and new accounts/loans,ABSA seemingly having no qualms about transfers from multiple linked accounts to outbound without extra verification,and new loans with NO approvals processes - ABSA Weak point

4) Withdraw/transfer from Capitec to ?? - No red flags for large amounts coming in and straight out again into accounts that are normally dormant/low volume of transfer - Capitec Weakpoint
And also seemingly they don't have any idea who the account holders are? Either they are the perpetrators,or they were hired by the perps. And certainly the account holders were FICA'd
Can they check it? Don't one need a court order to get the info?
 

FaSMaN

Expert Member
Joined
Mar 24, 2010
Messages
1,492
#48
Then you get some irate customer in the branch causing an issue because they can max out their counts when they like...

Failures on the clients, banks and MTNs part.
To be honest I am fairly sure that there are way more people out there getting scammed than there are people that will complain, its not out of question to have those sort of checks in place, standard bank once blocked mine because I bought a huge lot of games from Steam XD , and it was simple to unblock it, I wasnt upset.
 

Kosmik

Honorary Master
Joined
Sep 21, 2007
Messages
18,698
#49
In the early noughties I had a client who's accountant had a retirement policy most of their working life with ABSA and one of their predecessors. They were planning on retiring soon (in their 60s). They got a call from a third party on behalf of ABSA to tell them to get their money out of the fund ASAP. After almost 40 years of contributing they managed to salvage R50k from the fund. Now you have to ask yourself. How long had ABSA known that this fund was a failure?
Thats got nothing to do with fraud.
 

PsyWulf

Executive Member
Joined
Nov 22, 2006
Messages
8,391
#50
Could the fraud have occurred without the user falling for a phishign e-mail?
Thing is,MANY of the systematic failures (as indicated in my post) can be precursors to other forms of crime,unrelated to the initial phishing
A specific set of vulnerabilities form a chain allowing this to occur systematically,any point in the chain being hardened would lessen/eliminate this combination's efficacy
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
47,191
#51
To be honest I am fairly sure that there are way more people out there getting scammed than there are people that will complain, its not out of question to have those sort of checks in place, standard bank once blocked mine because I bought a huge lot of games from Steam XD , and it was simple to unblock it, I wasnt upset.
How'd you unblock it?
 

Kosmik

Honorary Master
Joined
Sep 21, 2007
Messages
18,698
#52
Porting just started before I left MTN not 100% about the details surrounding it. But would your SIM swap to Telkom from MTN be the same as a on network sim swap?

On MTN sim cards (prepaid) if you buy it, it has a booklet telling you how to do a sim swap) Meaning that anyone can do a sim swap without even having to be in contact with any person from MTN to do it.
Even though it was a network swop, the extent of MTN's query was a sms that a person would have to see and respond to, to STOP the transfer ( ie: no replay needed ), not even one that ALLOWS the transfer ( owner must reply ).
 

FaSMaN

Expert Member
Joined
Mar 24, 2010
Messages
1,492
#53
How'd you unblock it?
Phone call to me , confirmed all my credentials, was instructed if it still doesnt work in 12 hours to go to the bank, same thing happened when I purchased a TV at Game aswell, I was contacted immediately, Standard banks fraud prevention system seems to work great.

In my case they could have phoned me as I wasnt a victim of simcard fraud, if I was it should default to going to the bank which I am sure is what Standard would have done if they couldnt reach me.
 
Last edited:

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
47,191
#54
Even though it was a network swop, the extent of MTN's query was a sms that a person would have to see and respond to, to STOP the transfer ( ie: no replay needed ), not even one that ALLOWS the transfer ( owner must reply ).
I just had to do a prepaid MTN simswap 2 weeks ago (my full SIM had to be swapped for micro SIM for my Nokia 3310). I used the situation 2 method:

https://www.mtn.co.za/Pages/SIMSwap.aspx

Situation 2

These are the steps to follow in the event that you want to do a SIM swap, and your old SIM card is still active and you can receive an SMS

MTN PayAsYouGo subscribers

1. Buy an MTN PayAsYouGo starter pack and insert it in your current (or new) device

2. Please RICA the new SIM card before continuing

3. Insert the new SIM into your current (or new) device. On older SIM cards, if prompted with a menu on first power up of your device, select 'Get a new number' (ignore any other options)

4. Activate the new SIM card on the MTN network by dialling *136#

5. SMS ‘Swap’ from your current (old) SIM to 44770

6. You will receive a One-Time Pin (OTP) which is valid for 15 minutes (please save or write it down)

7. Next from your new SIM card, SMS the word ‘Swap’ and your “Old Number*OTP#” to 44770. For example, if your personal number is 0831234567 and the OTP you received in step 6 is 1234 then SMS the following to 44770: Swap 0831234567*1234#

8. Once your existing (old) SIM stops working, insert your new SIM card into your handset and power it on

9. Your device is now ready to use with your new SIM card. If you experience any issues, please dial 135 for further assistance
Situation 1

These are the steps to follow in the event that you want to do a SIM swap and can no longer use your old SIM card:


MTN PayAsYouGo subscribers

1. Buy an MTN PayAsYouGo starter pack

2. Please RICA the new SIM card before continuing

3. Insert the new SIM into your current (or new) device. On older SIM cards, if prompted with a menu on first

power up of your device, select “Get a new number” (ignore any other options)

4. Activate the new SIM card on the MTN network by dialling *136#

5. Once the new SIM card has been RICA’d and activated (by performing step 2 and 4 above), please dial *135*3 # on the NEW SIM to start the SIM swap process. Alternatively, you may dial *135# and select option 3 to start the SIM swap process

6. After performing step 5 above, you will be prompted to enter the cellphone number for which you are doing the SIM swap and the reason for the doing the SIM swap. The cellphone number you are doing the SIM swap for is your old number (NOT the new number from step 1 above)

7. Once step 6 has been completed you will be sent an SMS containing the steps you need to take in order to complete the SIM swap. Note that at this stage you will have to answer a set of security questions in order to continue with the SIM swap. You will have 3 minutes to answer all the questions. The questions will focus around the following topics:

What your most dialled numbers are (if you do call people);
What your last recharge amount was;
What price plan your old number was on;
What your most frequently SMS’d number was (if you do SMS people);
What your last airtime balance was;
What average amount of airtime you use per month; and
How long you have been using your old number for.
Note that whilst answering the questions, you may skip some of the above questions if you don’t know (or have the answer to) the specific question. All questions above will be related to your old number.

8. Once your answers are validated, you will be sent an SMS to let you know if the SIM swap was successful. If you experience any issues, please dial 135 for further assistance
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
47,191
#55
Phone call to me , confirmed all my credentials, was instructed if it still doesnt work in 12 hours to go to the bank, same thing happened when I purchased a TV at Game aswell, I was contacted immediately, Standard banks fraud prevention system seems to work great.

In my case they could have phoned me as I wasnt a victim of simcard fraud, if I was it should default to going to the bank which I am sure is what Standard would have done if they couldnt reach me.
Or the scammer could answer and try to pretend to be you and be asked all kinds of question which the scammer might be able to answer if they did their research.
 

PsyWulf

Executive Member
Joined
Nov 22, 2006
Messages
8,391
#56
Or the scammer could answer and try to pretend to be you and be asked all kinds of question which the scammer might be able to answer if they did their research.
Think Thresholds/rate limiting based on the size of the purchase/transfers would allow for smaller amounts to possibly evade these measures as above,but limit Home-loan level transfers
 

FaSMaN

Expert Member
Joined
Mar 24, 2010
Messages
1,492
#58
Or the scammer could answer and try to pretend to be you and be asked all kinds of question which the scammer might be able to answer if they did their research.
I think thats a bit of a stretch to be honest, It was 6 questions in total and one about my purchasing habits, its a bit difficult for the scammers to grab all of that.
 

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
37,273
#59
“Each case presents us with an opportunity to potentially find a solution for cyber fraud and related criminal conduct, an industry-wide problem.”
How many cases does it take to realise SMS based OTP is not secure? Phlip people!
 
Top