Last week American journalist and investigative reporter Brian Krebs’ wrote on his website, Krebs on Security about another account takeover case, this time by a T-Mobile employee who made an unauthorised ‘SIM Swap’ to steal an Instagram account. At this stage T-Mobile is investigating a retail store employee who allegedly made unauthorised changes to a subscriber’s account in an elaborate scheme to steal the customer’s three-letter Instagram username. The modifications, which could have let the rogue employee empty bank accounts associated with the targeted T-Mobile subscriber, were made even though the victim customer already had taken the steps recommended by the mobile carrier to help minimise the risks of account takeover. Here’s what happened, and some tips on how you can protect yourself from a similar fate.
But what is SIM-swap fraud and how does it links to account takeover?
SIM-swap fraud is relatively simple. The fraudsters manage to get a new SIM card issued for a specific registered mobile number. As this new SIM card is activated in the mobile operator's network, the legitimate users' SIM card becomes deactivated. The fraudsters receive a One-time password (OTP), authenticate themselves to carry out transactions with the legitimate users' bank account, initiating money transfers, withdrawals, and purchases. In the T-Mobile case, it was authentication in an Instagram account.
On another article we've became aware of a
case of a retired couple in South Africa who
were victims of fraud amounting to over
R800,000, and nearly lost their home to their
bank account in the process. Over R500,000
in savings and R300,000 in new credit was
transferred to Capitec accounts from the
couple’s bank – highlighting how quickly you
can lose money as a result of fraud.
How SIM-swap fraud is perpetrated?
How WeDo Technologies can help protect against SIM-swap fraudulent scenarios?
For more information or should you have any question, please feel free to Contact Us.