Experts finger insiders in telcos for rising SIM swap fraud

Cyber security experts have berated telecommunications operators over the prevalence of SIM swap fraud in the country, arguing that such fraud could be possible with an insider in the network operator of the subscriber that is targeted.

SIM swapping is a sophisticated form of fraud and falls under social engineering. Fraudsters will distribute phishing emails, trying to ascertain as much personal information from victims as possible.

How it works
Your phone network will momentarily go blind without signal or Zero Bars and after a while a call will come through.The person on the other side will tell you that he is calling from Airtel, MTN, 9mobile or Glo depending on your network and that there is a problem in your mobile network.He will instruct you to Please press 1 on your phone to get the network back.

If you press 1, the network will appear suddenly and almost immediately go blind again (Zero Bars) and by that action, your phone is #HACKED.It will appear as though your line is without network; meanwhile your SIM has been SWAPPED.It is increasing by the day. Within a second they will empty your bank account and cause you enough damage. The danger here is that; you will not get any alert of any transaction.

Responding to this Oluseyi Akindeinde, chief technical officer, Digital Encode, said that SIM swap is not new. “A lot of the perpetrators have insiders in the telecommunications operator that allow them to do this. Nothing really can be done to check it unless they checkmate the guys inside the telcos,” he said.William Makatiani, managing director, Serianu, said that SIM swap has become a lucrative enterprise in Africa particularly because of the increased adoption of mobile money services and mobile based authentication.

“Attackers gather enough information on a target such as ID details; Phone numbers etc through social engineering and create a false identity. Using this information, the attackers can contact the service provider and request for SIM card replacement and thereafter start transacting using your phone.

Tony Ojobo, director, Public affairs, Nigerian Communications Commission (NCC), acknowledged the existence of SIM Swap fraud and explained that it is a criminal act which is the responsibility of law enforcement agencies.“SIM swap fraud is a criminal matter. What NCC investigate and sanction are issues around regulatory breaches and issues that contravenes terms of operators’ license. Just as if banks identify any of their staff that collude with fraudsters to perpetrate fund such persons are arrested and handed over to the police to prosecute and punish,” he said.

Apart from law enforcement agencies; Makatiani offered a number of ways to combat SIM fraud which includes; introducing additional checks for SIM reissuing such as security questions, avoid responding to unsolicited calls and text messages asking about your bank details.

Others are introducing user behavioral analysis (UBA) especially for financial institutions to monitor for key indicators of compromise and alert the customers as well as Adopting the IMSI (International Mobile Subscriber Identity) a unique number associated with a specific GSM phone to ensure one-time use codes are sent only to legitimate subscribers