Many Kenyans have lost millions to fraudsters due to increased Sim Card swapping.
Just yesterday, Farah Bashir narrated how his bank accounts were wiped clean by fraudsters, barely two days after he had landed in Johannesburg for a two-week assignment in February. He watched helplessly as Sh2.6 million was withdrawn by hackers in several transactions from his four different Absa Bank accounts between February 7 and February 9.
In another incident, a senior police officer in Nairobi fell victim to a SIM Swap scheme that ended up costing him Ksh600,000.
How it Happened
Here’s a bulleted list of how the police boss – someone arguably well-equipped to protect themselves against this kind of theft – lost his savings.
- On that particular evening, he kept receiving strange calls.
- At 1845hrs, he decided to put his phone on airplane mode just to end the incessant calls.
- At 1850hrs, he deactivated his phone’s airplane mode.
- His phone was unable to connect to the network.
- Went to his telco service provider the next morning.
- Informed that his Sim card had failed/was faulty.
- He then replaced his Sim card and activated the line.
- He immediately started receiving M-PESA message transactions.
- He attempted to send money but found that his account had ‘exceeded the daily limit’.
- Upon checking, about Ksh600,000 had been drained from his bank account app, sent to his M-PESA account and then sent to another line.
- His line was also used to access Fuliza and a digital app loan.
- Investigations led the cops to the Donholm area.
- The money is said to have been withdrawn in Bomet in 4 different transactions.
What is SIM Swap Fraud?
SIM swap fraud occurs when criminals use your phone number to get access to your accounts by exploiting a flaw in two-factor authentication and verification.
SIM swapping occurs when scammers contact your phone’s carrier and deceive them into activating a SIM card owned by the fraudsters. When this happens, the scammers have possession of your phone number.
This means that scammers could enter your username and password when accessing your mobile wallet. The bank will then transmit a code – two-factor authentication — to your smartphone number, which you must enter to access your online account. What is the issue? Following a SIM swap, that number is now assigned to the scammers’ smartphone or other device. They can then enter your bank account using that code.
Fortunately, you can guard against SIM swapping. It’s all about avoiding scammers from discovering your logins and passwords for your online bank or credit card accounts. It also helps to be aware of the most prevalent warning signals of a SIM swap fraud.
How to protect your accounts from scammers
Safaricom has since unveiled an Unstructured Supplementary Service Data (USSD) code that its users can dial and whitelist their mobile phone from being swapped.
The code, *100*100#OK, lock the subscribers’ number in that no one else can replace it from any agent shop without their knowledge.
This then ensures that their SIM card can only be replaced by visiting the Safaricom shop in person with their national identification card or by calling the company’s customer care.
To avoid this disastrous practice, telcos advise making sure your SIM card has an active SIM lock, use strong passwords, and keep your details away from social media.
- You are unable to make calls or send SMS
Having problems sending texts or making phone calls? The first clue that you may have been a victim of SIM swapping is when your phone calls and text messages stop working. This is most likely due to criminals deactivating your SIM card and using your phone number. - You get notified of other people’s actions
If your phone carrier alerts you that your SIM card or phone number has been activated on another device, you’ve been a victim. - You can’t access your accounts
If your login credentials for accounts such as your bank and credit card accounts no longer function, it’s likely that scammers have changed your passwords and usernames, possibly after stealing your phone number. Inform your bank and other agencies as soon as possible. - You discover transactions you don’t recall doing
If you are reviewing your online credit card statement and discover multiple transactions that you do not recall making, you may be the victim of a SIM switch fraud. This indicates that fraudsters have gained access to your credit card information and exploited it to make illicit purchases. They may have accomplished this by first acquiring your phone number and then using the information supplied to it.
How to protect yourself from SIM Swap fraud
- Online behavior: Beware of phishing emails and other ways attackers may try to access your personal data to help them convince your bank or cell phone carrier that they are you. Don’t click on links in email messages from people you don’t know. And remember, your bank, cable provider, credit card company, or other service providers won’t ask for your personal or financial information through an email message.
- Account security: Boost your cellphone’s account security with a unique, strong password and strong security questions and answers that only you know.
- PIN codes: If your phone carrier allows you to set a separate passcode or PIN for your communications, consider doing it. It could provide an additional layer of protection.
- IDs: Don’t build your security and identity authentication solely around your phone number. This includes text messaging (SMS), which is not encrypted.
- Authentication apps: You can use an authentication app such as Google Authenticator, which gives you two-factor authentication but ties to your physical device rather than your phone number.
- Bank and mobile carrier alerts: See if your banks and mobile carrier can combine efforts, sharing their knowledge of SIM swap activity, and implementing user alerts along with additional checks when SIM cards are reissued, for instance.
- Behavioral analysis technology: Banks can use technology that analyzes customer behavior to help them discover compromised devices, warning them not to send SMS passwords.
- Call-backs: Some organizations call customers back to make sure they are who they say they are — and to catch identity thieves.
