SIM-swaps might be well known to South Africans as the process where they exchange one size of SIM card for another, or where they change their mobile network entirely. However, a new form of SIM-swap scam has recently come to light in South Africa – a trend which new reports suggest is only increasing.

SIM-swap fraud (sometimes called SIM splitting) is a form of criminal activity in which parties steal the identity and ownership of someone’s mobile phone number through an illegal SIM-swap.

SIM-swap fraud typically involves a fraudster gathering information about their victim over a certain period of time or through certain channels – once done, they contact and pose as the victim to a mobile network, and request their victim’s cell phone number be ported to their own SIM.

If their bid is successful, the fraudster has complete control over the victim’s phone number, and the victim themselves will typically lose their connection to their mobile network shortly thereafter while using their original SIM. The newly-empowered fraudster, as a result, can accept any one-time passwords (OTPs) sent through an SMS or phone call, and can use that information to access social media networks, banking services, or other confidential or private online platforms.

How is SIM-swap fraud increasing in South Africa?

Earlier this month, the South African Banking Risk Information Centre (SABRIC) released its digital banking crime statistics report, which analyzed trends found across some 13,438 incidents recorded in 2017 through various banking apps. Among the total count of all incidents reported, SABRIC noted a 104% increase in SIM-swap fraud – amounting to some 4,040 incidents.

In a statement to the press, SABRIC CEO Kaylani Pillay offered that “Criminals are always looking for ways to exploit digital platforms to defraud victims, but the mitigation strategies deployed by Banks are very robust, so it is easier to target people, as they are the weakest link… Using technology, coupled with social engineering, criminals can gather sufficient information to impersonate victims, bypassing bank security protocols.”

How can I keep myself safe from SIM-swap fraud?

Unfortunately, the best way to protect yourself from SIM-swap fraud is to practice general vigilance.

It’s good practice to inform your bank when your mobile number changes, subscribe to SMS alerts for both activities related to both your mobile phone and banking account and memorize your PIN or passwords where applicable.

When answering the phone from solicitations (call centers or other third parties), avoid sharing specific information about yourself such as your personal address, ID number, or your other contact details. The less information a fraudster can gather, the harder it will be for them to assume control of your SIM.

If you need to contact your bank to report a case of SIM-swap fraud, the relevant contact details are:

  • Standard Bank – phishing@standardbank.co.za
  • ABSA– secmon@absa.co.za
  • Capitec – phishing@capitecbank.co.za
  • FNB – phishing@fnb.co.za
  • Nedbank – phishing@nedbank.co.za