SIM-swap scam of R884,000 leaves retired couple in crippling debt

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
48,613
Given that this happened in ye olden days (2016), how prevalent are the SIM swap bank count thefts now in 2018?
 

Totempole

Expert Member
Joined
Sep 21, 2011
Messages
3,462
Du Plessis received a phishing email on 5 June 2016 requesting that he update his FICA credentials.

While the report did not determine whether du Plessis was scammed by this email, Absa concluded he must have been for the banking login to take place.
I get those BS emails at least twice a week, some get filtered out by my Spam filter, others don't. So you want to tell me that you can be punished for just having received these emails???

"He received a phishing email, therefore HE MUST HAVE clicked it and spilled all of his credentials. No other possible explanation"

ABSA: We can't prove it, but nevertheless, we'll just assume you're guilty.
 

clickingbuttons

Well-Known Member
Joined
Mar 18, 2018
Messages
215
Real bank accounts use hardware 2FA.

Unfortunatley South African banks dont seem to care to implement this.
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
48,613
I get those BS emails at least twice a week, some get filtered out by my Spam filter, others don't. So you want to tell me that you can be punished for just having received these emails???

"He received a phishing email, therefore HE MUST HAVE clicked it and spilled all of his credentials. No other possible explanation"

ABSA: We can't prove it, but nevertheless, we'll just assume you're guilty.
They paid half back...
 

acidrain

Expert Member
Joined
Jan 7, 2007
Messages
4,776
What happens if the device is lost? You replace it just like sim-swap.
The 2FA cases I use, to change it you need to disable it and then re-enable with new credentials/key. To disable though you need the original 2FA key. If your device is lost, then it's a long process of verification's to have the institute manually turn it off.
 

ToxicBunny

Honorary Master
Joined
Apr 8, 2006
Messages
82,317
They paid half back...
Without proof that he actually fell for the phishing scam, that is unacceptable...

We all receive those emails regularly, so if you get done then ABSA can just say "Oh you received this type of email, you MUST have fallen for it"
 

noxibox

Honorary Master
Joined
Apr 6, 2005
Messages
17,707
What your most dialled numbers are (if you do call people);
What your last recharge amount was;
What price plan your old number was on;
What your most frequently SMS’d number was (if you do SMS people);
What your last airtime balance was;
What average amount of airtime you use per month; and
How long you have been using your old number for.
Note that whilst answering the questions, you may skip some of the above questions if you don’t know (or have the answer to) the specific question. All questions above will be related to your old number.
The only problem with several of those questions is that an insider can get access to the information.

I then got a confirmation sms from MTN , saying my sim had a port request and I had 30 mins to reject or it would proceed.
For that kind of thing it should be automatically rejected unless the customer confirms.

The same applies to fraud detection systems that block transactions on a bank account - that block should remain in place until the customer verifies that they are valid, not expire after a time limit.

Article makes it out as if the swim swap was the only cause for them losing the money, but this should be the main reason.
In reality it is both. If transactions rely on text messages to confirm transactions then a password alone would not be enough.

They could at least ensure that they move to ussd which is at least tied to the phone (i think).
As I recall USSD is accessible. Been many years since I worked on those type of systems though.
 

noxibox

Honorary Master
Joined
Apr 6, 2005
Messages
17,707
Without proof that he actually fell for the phishing scam, that is unacceptable...

We all receive those emails regularly, so if you get done then ABSA can just say "Oh you received this type of email, you MUST have fallen for it"
The onus should definitely be on the bank to prove that the user allowed someone access to their credentials.
 

cavedog

Honorary Master
Joined
Oct 19, 2007
Messages
14,312
Money always Stolen from FNB and ABSA. Money always transferred to Capitec. It's like the criminals know that they would be able to get the money before anything happens....

Crazy how they can run away with this amount of money....

Where were the capitec account used to withdraw money. Pull the CCTV footage and release it.
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
48,613
Without proof that he actually fell for the phishing scam, that is unacceptable...

We all receive those emails regularly, so if you get done then ABSA can just say "Oh you received this type of email, you MUST have fallen for it"
I wonder where that mails were found, spam folder? Normal folder? Deleted items?
 

acidrain

Expert Member
Joined
Jan 7, 2007
Messages
4,776
The onus should definitely be on the bank to prove that the user allowed someone access to their credentials.
Logic dictates that the only physical way someone can access your account is by you allowing it. Whether intentionally or unintentionally such as this case.

A breach of their systems, which would be an exception, would not affect one single person.

For them to prove you compromised your own account would involve you handing over every single internet capable device you've ever used your banking with and even then, nothing stops you from wiping it, destroying any evidence that may have found you negligent.
 

rietrot

Honorary Master
Joined
Aug 26, 2016
Messages
15,405
Absa and mtn should really do more to catch the criminals and not bully the victims. The money should lead somewhere. The should be able to see who withdrew the money in the end.
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
48,613
Absa and mtn should really do more to catch the criminals and not bully the victims. The money should lead somewhere. The should be able to see who withdrew the money in the end.
How so?
 
Last edited:

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
48,613
It goes into someone's account. It can not just disappear. Obviously that person is somehow connected.
It goes into various accounts (some maybe opened with fake details, other bought from poor people or poor people paid to open them), cash withdrawn at different ATMs (I'm sure the crims wear caps and **** if they think there is cam seeing them, and the cameras are not the best quality). At best we can prosecute the account seller, but given the justice system and the fact that we can't even prosecute people who steal R100s of millions blatantly...

Better advice is to use better banks and not to fall for scams, better to be too paranoid.
 
Top