Some Nigerians using mobile money transfer service have fallen victims to a recent scam involving mysterious swapping of SIM cards.
SIM swapping is a sophisticated form of fraud and falls under social engineering. Fraudsters will distribute phishing emails, trying to ascertain as much personal information from victims as possible.
After swapping sim cards, fraudsters then withdraw any money saved in the mobile cash account and can even apply for quick loans, leaving the owner counting losses by the time they regain control of their SIMs.
How it works
Your phone network will momentarily go blind without signal or Zero Bars and after a while a call will come through.
The person on the other side will tell you that he is calling from Airtel, MTN, 9mobile or Glo depending on your network and that there is a problem in your mobile network.
He will instruct you to Please press 1 on your phone to get the network back.
If you press 1, the network will appear suddenly and almost immediately go blind again (Zero Bars) and by that action, your phone is #HACKED.It will appear as though your line is without network; meanwhile your SIM has been SWAPPED.
It is increasing by the day. Within a second they will empty your bank account and cause you enough damage. The danger here is that; you will not get any alert of any transaction.
Safeguarding your information and device
For the scam to be successful, hackers need access to personal information. According to the National Fraud and Cybercrime Reporting Centre, this is usually achieved through purchasing a victim’s details from organised crime networks, which harvest your information via Trojan malware, and by scraping it from the public domain (social media). Your best defence is, therefore, to defend these potential access routes through:
- Ensuring that all your devices have adequate firewall/anti-virus protection. There are a number of efficient, free options.
- Only downloading programmes, apps and information from known and trusted sources. Hackers will attempt to trick you into downloading their phishing software.
- Before entering your bank details ensure that the site is what it says it is. Scammers will create duplicate sites to steal your information. A site’s details are usually accessed via the padlock on the browser bar.
- Keeping personal information, which may be used to answer security questions off social media (e.g. birth date, first pet, first school).
- Using strong passwords. A strong password is around 12 characters and need not be a string of letters and numbers
So, while you might have a whole host of defences guarding your computer, don’t neglect to protect your mobile as well. If you’ve got personal data on your phone then it’s just another opportunity for hackers to break in and swipe your data, especially as they know it’s something people often overlook. Take the same precautions you would with any other electric device that holds personal information and keep an eye out for any suspicious activity.
NCC/ Expert Angle
Tony Ojobo, director, Public affairs, Nigerian Communications Commission (NCC), acknowledged the existence of SIM Swap fraud and explained that it is a criminal act which is the responsibility of law enforcement agencies.
“SIM swap fraud is a criminal matter. What NCC investigate and sanction are issues around regulatory breaches and issues that contravenes terms of operators’ license. Just as if banks identify any of their staff that collude with fraudsters to perpetrate fund such persons are arrested and handed over to the police to prosecute and punish,” he said.
Responding to this Oluseyi Akindeinde, chief technical officer, Digital Encode, said that SIM swap is not new. “A lot of the perpetrators have insiders in the telecommunications operator that allow them to do this. Nothing really can be done to check it unless they checkmate the guys inside the telcos,” he said.
William Makatiani, managing director, Serianu, said that SIM swap has become a lucrative enterprise in Africa particularly because of the increased adoption of mobile money services and mobile based authentication.
“Attackers gather enough information on a target such as ID details; Phone numbers etc through social engineering and create a false identity. Using this information, the attackers can contact the service provider and request for SIM card replacement and thereafter start transacting using your phone.
By