What you should do if you are a victim of SIM-swap fraud

Useless article. I was hoping for some real information, numbers to dial, email adress or something useful. The other day my sim lost signal, obviously I cant phone my service provider , so I tried to find some contact on the internet, i found MTN on Facebook and sent a message, they replied a day later with the most useless response ever. My signal returned the same day(a day before the reply from MTN). Apparently there was a tower problem , but they had no knowledge of it whatsoever. Would be best if i was able to send a whatsapp message or whatsapp phone call to verify that nothing suspicious was happening.
 
You can't even do a port to Telkom now via USSD any more. You have to visit a store.

Thank you very much, ^&%#!@ South Africa.

Every day our lives are being made more difficult because of this toxic swamp we live in.
 
You can't even do a port to Telkom now via USSD any more. You have to visit a store.

Thank you very much, ^&%#!@ South Africa.

Every day our lives are being made more difficult because of this toxic swamp we live in.
I commend Telkom for this move. Sure, it is a hassle but I would rather be a little bit safer than with the other three networks.

Coincidentally, I am not even with Telkom.
 
Also lol at the don’t give your ID or passport documents out.

It is not like people are standing on a street corner handing it out, these get farmed from hotels and other places you regularly have to have someone photocopy your docs.
 
You can't even do a port to Telkom now via USSD any more. You have to visit a store.

Thank you very much, ^&%#!@ South Africa.

Every day our lives are being made more difficult because of this toxic swamp we live in.
How often do you port a number? Any changes that have to do with security should only be possible with an in person visit in a store.
 
Why sue them? It's government (ICASA) that made the rules.
ICASA made the rules that allow number portability.
SIM Swap != number portability (you can stay on same network).
Security around SIM Swap processes is 100% the responsibility of network.
If an unauthorized SIM Swap takes place, it's 100% the fault of the network(s) for poor implementation.

ICASA is meant to take consumer interest first, but they don't.
 
Had someone phone me from "MTN" asking for the OTP as someone is trying do a swim swap, obviously didn't give them the OTP, so reported it to the MTN fraud department and never heard anything back.

Which made me wonder if they have my banking details, which brings me to my other point why are banks not using 2FA independent of SMS's. Standardbank already has this in a manner with signing in using a the banking app but still allows you to log-in with just a password. Epic fail
 
"One way in which fraudsters overcome this mechanism is to impersonate call centre agents and call their targeted phone numbers.


They then request the required information needed to complete the SIM swap under the pretence that they were blocking the processing of a fraudulent SIM swap."

The mobile opperators will never own up and say they employ criminals and they are to blame.
 
Had someone phone me from "MTN" asking for the OTP as someone is trying do a swim swap, obviously didn't give them the OTP, so reported it to the MTN fraud department and never heard anything back.

Which made me wonder if they have my banking details, which brings me to my other point why are banks not using 2FA independent of SMS's. Standardbank already has this in a manner with signing in using a the banking app but still allows you to log-in with just a password. Epic fail
Capitec does.
 
Had someone phone me from "MTN" asking for the OTP as someone is trying do a swim swap, obviously didn't give them the OTP, so reported it to the MTN fraud department and never heard anything back.

Which made me wonder if they have my banking details, which brings me to my other point why are banks not using 2FA independent of SMS's. Standardbank already has this in a manner with signing in using a the banking app but still allows you to log-in with just a password. Epic fail
ABSA app also works like that, but only with pre-authorized devices.

SB not the same? Can you log in from any device with just a password?
 
ABSA app also works like that, but only with pre-authorized devices.

SB not the same? Can you log in from any device with just a password?
Yep, can log into internet baking from a browser with just a username password combo, the app newer apps requires its own code, don't remember what you had to do to Authenticate the app but I believe that is also just a username password / otp as I never contacted SB to do anything.
 
Yep, can log into internet baking from a browser with just a username password combo, the app newer apps requires its own code, don't remember what you had to do to Authenticate the app but I believe that is also just a username password / otp as I never contacted SB to do anything.
For Standard Bank the internet banking profile via browser requires email address + password and OTP SMS when logging in. Or you can scan the QR code using their app
The app requires a code and you have to 'link' a device - not sure what linking involves
That was my experience. I think you have to enter an OTP to add recipients/once-off payments

But yeah ALL the banks should move away from SMS/USSD type OTPs they're a definite weak point
 
The long and short of it is to move away from USSD transactions as quickly as possible. Never divulge any details relating to your bank account, cell phone network provider etc.
 
I cannot remember the last time my FNB made use of an OTP ??

I recently started using ABSA as well on behalf of my dad, and no OTP's used for any transactions thus far either.

Unless I misunderstand what's happening with SIM swaps and bank fraud?
 
I cannot remember the last time my FNB made use of an OTP ??

I recently started using ABSA as well on behalf of my dad, and no OTP's used for any transactions thus far either.

Unless I misunderstand what's happening with SIM swaps and bank fraud?
Because the majority of the client masses still don't have access to smartphone and USSD is probably going to stick around for a bit longer. Most banks are pushing to make their mobile apps a lot less requirement heavy whilst bolstering security to encourage the behaviour to move away from USSD and OTP.

From experience, the biggest contributor to SIM fraud and any other bank fraud is down to negligence and lack of education. You will be surprised how many people will willingly give over their private information to someone who calls and claims to be from their bank or MNO.

These fraudsters are also quite savvy as they can give the impression that they are legit based on whatever information they have about you (ID number, email, who you bank with etc.) And depending on the type of fraud they are committing and the details they have obtained about you and from you, they can go and do a SIM swop (which is too easy in this country) and start emptying your accounts.

The important thing to know here is that these guys need recipient accounts in order to transfer the proceeds. So if you can pick up very quickly that something is wrong and report it, you stand an excellent chance to recover something.

The safeguarding of bank statements, invoices, your credit bureau info is so important as this what these guys use to fool and bait people into being negligent.

How they are able to access this kind of data is a conversation for another day and one that I don't have the answer to. But with data breaches at places like Experian, you can rest assured that more and more people will continue to be defrauded in this way.
 
I got two SMS's for R25000 and R1500 for VIP vouchers. They look the same as some SMS's when I bought something on my Capitec account.

A few minutes later someone phoned to tell me they are from Capitec to tell me these two EFT's look fraudulent and I should just confirm my account number and password so that the bank could stop the payments.

I just told them to f..k off. Again a few minutes later they phoned from a different number and claimed to be from the Capitec Fraud Department and if I don't do as they are asking, the payments would go through.

They got the same reaction as previously. I then went to a branch just to ensure nothing was really wrong on my account, and it was confirmed that nothing was indeed wrong.

How many other people would have given them the requested information.

One of our neighbours got caught a day later and lost R15000 the same way as they believed these fraudsters and given them the information.
 
Top
Sign up to the MyBroadband newsletter