During its annual cybersecurity weekend in Cape Town, South Africa, cybersecurity firm Kaspersky Lab issued an alert about a new wave of attacks targeting financial services and online services in Africa
Kaspersky Lab experts discussed the widespread growth of mobile payments around the globe and the many cyber risks surrounding such technology.
The discussion included the wave of SIM swap fraud, which became very common in Africa and the wider region. In South Africa, this type of fraud has more than doubled over the past year, according to a South African Banking Risk Information Centre (SABRIC) report.
A SIM swap fraud occurs when someone persuades the carrier to switch a phone number to a SIM card that a criminal possesses. In some cases, there are employees of the carrier working with criminals. By diverting the incoming SMS messages, scammers can easily complete text-based two-factor authentication checks that protect most sensitive financial services, social networks, webmail services, and instant messengers accounts.
Many African countries are suitable for mobile payment methods. In fact, research notes that there were 135 live mobile money services across the sub-Saharan African region at the end of 2017, with 122mn active accounts.
While mobile payment methods offer convenience that is hard to debate, Kaspersky Lab research shows that mobile payments and the banking system suffer a wave of attack – mostly driven by SIM swap fraud – resulting in people losing their money.
This type of attack is used to not only steal credentials and capture one-time passwords (OTPs) sent via an SMS but also to cause financial damage to victims, resetting the accounts on financial services, allowing to the fraudsters access to currency accounts not only in banks but also in fintechs and credit unions.
The Lab added that fraudsters are also using it as a way to steal money using WhatsApp, loading messages into a new phone, contacting the victim’s contacts asking for money, simulating an emergency situation.
Fabio Assolini, a senior security researcher of Kaspersky Lab, said, “Frauds using SIM swap are becoming common in Africa and the Middle East, affecting countries like South Africa, Turkey and UAE. Countries like Mozambique have experienced this firsthand.”
