SIM-swap scam of R884,000 leaves retired couple in crippling debt

access

Executive Member
Joined
Mar 17, 2009
Messages
8,408
shame man

guilty by assumption? so just receiving a phishing email (how do they know, did they confirm?) makes you guilty of falling for it?

someone could have phoned them posing as the bank too. i hate these calls and refuse to answer to them, how is a person supposed to know it is the bank phoning you.

they ask you to answer questions and one must just believe its the bank calling and give them answers. tell me what its about and ill go into a branch. tsek. but they wont even do that before you answer their questions.

the sim swap should not have happened in the first place.

secondly the emptying of accounts should raise serious fraud prevention alerts, under unusual or erratic behavior. have had it plenty times at other banks overseas. they phone you as you make the unusual transaction and say its their fraud division stating they see a transaction for x amount in what ever area. you need to confirm it or they put a block on your account which needs to be unblocked at your main branch. no funny questions asked either, they give you information only your bank could know.

the clowns here just wash their hands from it and claim innocence, same with direct debit too. seems like the banks here are not really into protecting their clients money, or they dont know how or cant because they are still running on a colossal excel spreadsheet
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
47,543
shame man

guilty by assumption? so just receiving a phishing email (how do they know, did they confirm?) makes you guilty of falling for it?

someone could have phoned them posing as the bank too. i hate these calls and refuse to answer to them, how is a person supposed to know it is the bank phoning you.

they ask you to answer questions and one must just believe its the bank calling and give them answers. tell me what its about and ill go into a branch. tsek. but they wont even do that before you answer their questions.

the sim swap should not have happened in the first place.

secondly the emptying of accounts should raise serious fraud prevention alerts, under unusual or erratic behavior. have had it plenty times at other banks overseas. they phone you as you make the unusual transaction and say its their fraud division stating they see a transaction for x amount in what ever area. you need to confirm it or they put a block on your account which needs to be unblocked at your main branch. no funny questions asked either, they give you information only your bank could know.

the clowns here just wash their hands from it and claim innocence, same with direct debit too. seems like the banks here are not really into protecting their clients money, or they dont know how or cant because they are still running on a colossal excel spreadsheet
Well, how did the bad guys get the internet banking credentials if they didn't fall for the phishing mail?
 

access

Executive Member
Joined
Mar 17, 2009
Messages
8,408
Well, how did the bad guys get the internet banking credentials if they didn't fall for the phishing mail?
off the top of my head. keylogger on home pc or laptop or even phone. people looking over the shoulder of someone, seen people "openly" doing online banking in a queue at a shop before. there many ways to skin a cat..

its easy to say something must not happen. the problem is it does happen. deal with what does happen, not with what shouldnt.

elderly people are generally less savvy with these things, this needs to be taken into account when creating these systems.
 

gwyn909

Active Member
Joined
May 13, 2016
Messages
88
Years ago when I went to MTN for a contract they denied me stating that as a self employed person I could not have a contract. I then went to Vodacom because their rates were cheaper and their pay as you go had better coverage. I have NEVER had a contract for my cellphone because of that experience. I do not have to upgrade every two years. I am using a 4 year old phone and it works wonderfully. I closed my ABSA account 18 years ago when they suddenly started charging me insurance brokerage fees and started randomly charging me odd unsubstantiated fees. Recently I bought a tablet that was on special through Pick n Pay with MTN as the carrier. The tablet came with 100Mb data from MTN per month for 6 months. Wow I said. I can now use data while on the road. BUT MTN deletes the unused data after 1 week. After 6 months I shoved the MTN sim card into an unused Samsung Pocket which refuses to hold the carrier and the phone is now used as a car radio and sometimes a camera.
 

access

Executive Member
Joined
Mar 17, 2009
Messages
8,408
Maybe their settings are to clear cache when exiting browser or they tried to hide the booboo by clearing cache?
maybe, but then also clearing the cache does not always remove all traces and you can look at deleted files too.

the sim swap should not have happened in the first place. processes seems very lax for it being such an integral part of end-user finances.

all sorts of information can be gathered for marketing purposes but for security its unheard of. the device id the login came from changed all of a sudden, the different IP addresses, the geolocation when services where accessed, the sudden movement of all funds, etc.

not enough is done to ensure protection in case of a breach in my opinion. i think much more can and should be done.

to me this is as lax as the direct debit and the wasp problems here in sa, pass the buck over to the client and claim innocence.


edit: then also, money is digital these days, it must be able to be traced and returned from one end through to the other. whats the problem.
 
Last edited:

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
47,543
maybe, but then also clearing the cache does not always remove all traces and you can look at deleted files too.

the sim swap should not have happened in the first place. processes seems very lax for it being such an integral part of end-user finances.

all sorts of information can be gathered for marketing purposes but for security its unheard of. the device id the login came from changed all of a sudden, the different IP addresses, the geolocation when services where accessed, the sudden movement of all funds, etc.

not enough is done to ensure protection in case of a breach in my opinion. i think much more can and should be done.

to me this is as lax as the direct debit and the wasp problems here in sa, pass the buck over to the client and claim innocence.


edit: then also, money is digital these days, it must be able to be traced and returned from one end through to the other. whats the problem.
SIMs should not even be involved in banking security. I want to be able to swap my SIM without blood test if it dies or breaks or gets lost or I need a micro sim because I had a full sim. There needs to be a balance between convenience and security.

I already explained, they draw it cash, from accounts that are bought from poor people. Justice system cannot even prosecute and jail people who have stolen millions. I'd rather they keep murderers and other proper criminals in jail than set them free to make space for the influx of account sellers.

Conclusion:
So move to a bank that doesn't use SIMs for 2FA or else you consent to the risk now that you know it exists.
 
Last edited:

Milano

Honorary Master
Joined
Feb 7, 2004
Messages
11,339
The fact that ABSA provided an app for secure checks since a few months ago is an admission in itself that their security OTP via SIM method used previously was inadequate. The new problem is that ABSA is unable to provide a regularly updated app that does not crash, so that basically renders your ABSA internet banking useless anyway.
 

Slootvreter

Honorary Master
Joined
Aug 7, 2008
Messages
28,029
I can for the life of me not understand how it's impossible to figure out who the accounts the money is sent to, belongs to.
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
47,543
Even on that front, capitec should surely have some fraud prevention in place that would stop someone depositing vast sums of money into an account and then transferring it quickly....
For some people that's not a vast sum (for me it is) and why inconvenience me for other peoples lax security?
 

ToxicBunny

Honorary Master
Joined
Apr 8, 2006
Messages
80,447
For some people that's not a vast sum (for me it is) and why inconvenience me for other peoples lax security?
For the types of capitec accounts that are being used for this I can be almost 100% sure the sums are way outside the norms and thus should trigger fraud checks
 
Top