A man places a sim card on his phone taken on July 15 2011.PHOTO | PHOEBE OKALL
Cybersecurity firm Kaspersky raises flag on SIM fraud
Global cybersecurity company Kaspersky Lab has issued an alert over fresh wave of attacks targeting financial and online services.
Mr Fabio Assolini, a senior security researcher at Kaspersky Lab, said African consumers were on average losing Sh302,912.50 through rising SIM swap fraud.
“While payment methods through mobiles offer a convenience that is hard to debate, Kaspersky Lab research shows that mobile payments and the banking system are suffering a wave of attack — mostly powered by SIM swap fraud — and people are losing their money as a result,” said the firm in a statement.
“This type of attack is used to not only steal credentials and capture one-time passwords (OTPs) sent via an SMS, but also to cause financial damage to victims, resetting the accounts on financial services, allowing to the fraudsters access to currency accounts not only in banks but also in fintechs and credit unions.”
A SIM swap fraud happens when someone convinces a telecoms operator to switch a phone number over to a SIM card that a criminal possesses.
Kaspersky said that in some cases, there are carrier’s employees working together with criminals.
Kenya, a world leader in mobile has recently seen bank and sacco workers arraigned for conspiring with criminals.
Kaspersky said that by diverting a customer’s incoming SMS messages, scammers can easily complete the text-based two-factor authentication checks that protect customers’ most sensitive accounts in financial services, social networks, webmail services and instant messengers.
Mr Assolini said that fraudsters are also using it as a way to steal money using WhatsApp, loading the messages in a new phone, contacting the victim’s friends asking for money, simulating an emergency situation.
“Despite financial inclusion services prospering, the flip side to this is that it opens up a world of opportunities to cybercriminals and fraudsters who are using the convenience a mobile phone offers to exploit and poke holes in a two-factor authentication processes,” he said.
“On average fraudsters can steal $2,500 (about Sh252,427.09) to $3,000 (Sh302,912.50) per victim, while the cost to perform the SIM swap starts from $10 to $40,” said Mr Assolini.
Last September, the Communications Authority of Kenya (CA) moved to pile pressure and personal liability on SIM vendors in a bid to stem the resurgence of criminal rackets involving swapping of SIM cards to steal cash from mobile subscribers.