South African mobile networks cracking down on scam calls
Scam calls have become a prominent attack in South Africa, targeting multiple industries, including the banking and telecommunications sectors. However, mobile operators are cracking down on these crimes and noticing an impact.
Vishing, or voice phishing, uses the same social engineering techniques as phishing. However, instead of trying to get someone to click on a link in an email, fishing calls dupe people into revealing sensitive information.
A prominent form of vishing is a One-Time PIN (OTP) attack, where scammers craft personalised and persuasive attacks to trick people into giving them their OTPs.
These attacks have even conned tech-savvy users under the right circumstances, and MyBroadband has received several reports from technically skilled readers about such incidents.
In one recent case, a reader was contacted by scammers claiming to be from MTN with all the personal information to convince him of their claims.
Although he acknowledges that giving out any kind of OTP was a lapse in judgement, he said the scammers had all the personal information to convince him they could be from MTN’s fraud department.
MTN told MyBroadband that although it has seen an inconsistent trend in attempted fraud and fraud-related incidents over the past two years, it has declined in recent months.
“This progress is largely due to MTN’s proactive measures and ongoing customer education campaigns, which empower users to safeguard their personal information,” MTN South Africa said.
“MTN believes operators play a critical role in fostering awareness, implementing robust security controls, and ensuring advanced authentication systems are in place to protect customers.”
The operator cited the recent arrests of individuals involved in an OTP scam syndicate in collaboration with the South African Police Services as a testament to their efforts to crack down on scam callers.
The arrests followed a successful search and seizure warrant on what was believed to be the syndicate’s headquarters in Eldorado Park, Soweto.
Thanks to various stakeholders and anonymous tip-offs, MTN said the Commercial Crimes Unit obtained search warrants for five properties believed to be the syndicate’s front businesses and call centres.
“We will continue to work closely with local authorities and industry bodies such as the Communications Risk Information Centre (ComRiC) to combat fraud,” the network operator said.
“In addition, we are committed to deploying enhanced digital technologies to aid in the authentication of our customers and to proactively identify suspicious transactions before they impact our customers.”
Vodacom is taking a similar approach by collaborating with industry stakeholders, such as other mobile operators, financial institutions, and the South African Banking Risk Information Centre (Sabric) to mitigate attacks.
A Vodacom spokesperson told MyBroadband that the company also attempts to create awareness regarding the crime by publishing information on the Vodacom Portal and social media to help customers stay abreast of different scams.
When asked about efforts to crack down on the crime, the spokesperson said Vodacom has “deployed Machine Learning as a tool to identify and block known instances of smishing/vishing fraud.”
“Any identifiable information that can assist in criminal investigations is shared with law enforcement and other relevant agencies.”
“All implicated mobile numbers are investigated for fraudulent activity, and appropriate action, such as locking them on the Vodacom network, is taken,” they continued.
A successful vishing scam can expose sensitive information to attackers, often giving them access to victims’ bank accounts.
According to Standard Bank, scammers target older people approaching retirement or who have recently received their cash payouts, proposing high-return investment opportunities.
This includes persuading victims to transfer their funds into fictitious investment accounts.
Some scammers use another approach and attempt to create panic by claiming that the victim’s bank account is vulnerable and urging them to move their money into a “safekeeping” account.
According to Standard Bank’s head of digital and e-commerce, Belinda Rathogwa, the bank will never call clients to request that they transfer money into an account that isn’t theirs.
“If you are going to invest your hard-earned money, verify the details of the investment company you are dealing with. Check that they are registered with the Financial Services Conduct Authority (FSCA),” she added.
She noted that fraudsters convince victims to keep quiet and not share details about the fraudulent transactions with their banks or loved ones, hoping to avoid early detection.
“This social engineering tactic leaves little recourse for consumers so that many are unable to recover all of their lost funds, and most don’t recover any of their money, even with their bank’s assistance,” says Rathogwa.
She said scammers have shifted to social engineering techniques over the phone as banks have increased risk controls to prevent unauthorised account access. This forced fraudsters to find new ways to trick banking clients.