The case of a Cape Town businessman having R3.1 million stolen from his Absa bank account made headlines recently.
The theft was the result of the man’s bank account credentials being compromised, along with a fraudulent SIM-swap of his Vodacom cellphone number.
This allowed criminals to make 10 transfers of over R300,000 each to suspected “money mule” bank accounts – after which the money vanished.
Cape Town attorney Johan Victor, who specialises in SIM-swap fraud cases, said that SIM-swap cases have been curtailed of late, however.
In Absa’s case, this was thanks to the bank moving away from using one-time passwords via SMS as an authentication method.
Absa’s banking app is now used as a two-factor authentication channel, with the authentication linked to a device rather than a SIM card.
“I believe that Absa plugged the holes by launching their new app. The number of SIM-swap instances I became aware of since then, I can count on one hand,” said Victor.
This does not mean that bank users can relax, however, as there are multiple threats they still face.
One of these is the interception of personal and business emails, and its use by criminals to defraud people.
Other scams which are prevalent at the moment include phishing and the changing of bank account details on invoices, said Victor.
“I have one client who thought she was paying an investment firm, but between her and the broker, an email was intercepted,” said Victor,
The investment firm’s form was changed to include a “new” bank account, and the money was then inadvertently sent by the client to the criminals running the scam. The amount was R1.8 million.
“In another instance, a large truck manufacturer ‘gave notice’ of change to their bank details, and a client lost R600,000.”
Victor listed more cases he has seen which follow a similar pattern, including a building contractor who paid a subcontractor R1 million after the email the invoice was attached to was intercepted and the bank account details changed.
Making the extraction of these fraudulent transactions possible is the use of money mules – individuals who are either paid to open a bank account, or do so without knowing it will be used by a criminal.
“At present, the crooks use mules to open bank accounts who declare to the bank, when opening the accounts, that they cannot comply fully with FICA requirements because they have no fixed address and/or do not hold permanent employment,” said Victor.
“The mules, on opening the account, declare they will not receive more than R25,000 per annum in their account or receive or pay out more than R25,000 in one single transfer.”
These accounts are opened with less stringent FICA verification requirements in order to assist the previously un-bankable.
Once the account is opened by a mule it is used as a channel to get money out of targeted bank accounts.
The mule’s bank account has millions of rand transferred to it within days or weeks after it is opened, and within seconds it is cleared out – with the money disappearing for good, said Victor.
Victor said that he believes the banks can do more to stop these types of transactions and are obligated by FICA to have oversight of all transactions in their accounts.