SIM swap fraud cases have escalated in the recent weeks with hundreds of innocent and unsuspecting victims falling prey if the statistics – both official and unofficial - are anything to go by.
The fraudsters have been registering an existing mobile number on a new SIM card which they buy from local shops pretending that they are the original owners who have lost their SIM cards.
After obtaining the new card, they intercept all passwords and notifications including mobile banking apps and transactions.
Long before the victim gets wind of the swim swap, they are left with empty accounts that they cannot access with some even suffering double after the fraudsters proceed to borrow to the max limit from lending apps.
Mobile service provider Safaricom has come to the aid of its customers by introducing a self-whitelisting service enabling the owner of the line to lock their own number hence preventing the sim swap without their authorization.
According to a tweet and information on the telecommunication website, one can prevent the SIM swap by dialling *100*100# from your Safaricom number. The process cannot be done on one’s behalf using someone else’s line.
"This is a service that ensures that a customer’s line/SIM card can only be replaced by visiting a Safaricom Shop or Care desk with your ID, or by calling Safaricom customer care," Safaricom states on its website.
Hannington Oduor, a security system analyst at Kenya Power, disclosed to The Standard the tricks used by fraudsters to successfully conduct SIM swaps.
“SIM-swap basically is a form of identity theft. In other circles, it’s called impersonation. The fraudster would call you, and play mind games on you. For instance, after you’ve received the call, he or she will refer to you by your full name, saying they’re calling you from your network service provider,” said Oduor.
Stages fraudsters use
“They’ll thereafter read out your full ID number, and go ahead to ask you to confirm if the digits are correct. They do this to win your confidence. That’s what they want at Stage One, before continuing with the fraud.
“Stage Two of their deceit is issuing out instructions. They’d be calm and patient, and you wouldn’t know that the commands that they’re making lead to them either getting more information about your mobile money or allowing them to activate the SIM-swap prompts,” added the cyber security expert.
“Most victims that I have interacted with said they remember being asked to dial the USSD code 33*0000*, while others said they were instructed to dial #253257# or ##72786#. These codes basically send a command that you’ve lost your SIM card, and are, therefore, initiating a swap process.
“Once you initiate the swap process, the network on your gadget disappears. While offline, and maybe attempting to visit your network provider’s shop, the fraudster, armed with your details, would have already called your service provider, claiming that he or she has lost his SIM, and wants to renew it. He or she will, thereafter, provide your details to the mobile service agent, who, unbeknown to him or her – or out of naivety – will help in activating the line.
“The fraudsters, thereafter, access your mobile money, mobile banking, credit facilities, among others, to wipe out funds from the accounts,” said Oduor.