Sabric warns of surge in Sim-swap fraud

The South African Banking Risk Information Centre (Sabric) on Thursday warned of a surge in Sim-swap fraud in the country.

The organisation has released its inaugural digital banking crime statistics, which show that in 2017, 13 438 incidents occurred across banking apps, online banking and mobile banking, costing the industry more than R250-million in gross losses.

Sim-swap fraud saw 4 040 incidents from January to August 2017, and 8 254 incidents from January to August 2018, an increase of 104%, it said.

But digital fraud is increasing across the board, Sabric warned.

Incidents from January to August 2018 already showed a 64% increase, though the growth in total gross losses was 7% compared to the same period in 2017.

“When comparing January to August 2017 to the same period in 2018, mobile banking incidents showed an increase of 100%, with gross losses of R23.6-million, while online banking incidents showed an increase of 44%, with gross losses of R89.4-million,” it said. “For the same period, banking app incidents increased by 20%, with gross losses of R70.2-million.”

Sabric CEO Kalyani Pillay said criminals have become adept at using social engineering to manipulate victims into divulging their personal or confidential information. They capitalise on the fact that not all digital banking clients are digitally literate and exploit this vulnerability.

“Using technology, coupled with social engineering, criminals can gather sufficient information to impersonate victims, bypassing bank security protocols,” Pillay said.

Scams

In most cases, clients are still compromised because of “phishing”, “vishing” or the installation of malware onto a victim’s device by having them click on a link, enabling the criminal to steal enough personal information to access their online banking profile.

“Although phishing scams are not new, criminals are always finding new ways to trick consumers by taking advantage of the slickness, convenience and efficiency of digital platforms. In one such modus operandi, the criminal sends the victim an e-mail that purports to be from a trusted organisation that the victim has legitimate dealings with,” she said. “The e-mail will display all the characteristics of customer centricity and promise to ‘optimise’ the victims user experience or exclusively upgrade their benefits if they click on the link provided.”

Another method criminals use is playing on a victim’s fear, sending them an e-mail that appears to be from their bank, stating that a fraudulent transaction has take place. “When clicking on links in these phishing e-mails, the victim is diverted to a fraudulent website under the control of the criminal, and any information entered on this page, such as a banking profile username or password, is sent to the criminal.”

To avoid falling victim to Sim-swap fraud specifically, Sabric recommends that if a customer loses cellphone signal, they should immediately check what the problem could be as they could have been a victim of an illegal Sim swap. “If confirmed, notify your bank immediately.”

Consumers should also inform their bank if their cellphone number changes so that they continue to receive notifications about possible fraudulent activity.

“Should any detail appear suspicious, immediately contact your bank and report all logon notifications that are unknown to you.”  — © 2018 NewsCentral Media