The Russian-cybersecurity firm Kaspersky Lab is raising the alarm over increasing incidences of cybercriminals targetting end consumers of telecom companies in order to successfully pull off a cyber theft.
According to the Senior Researcher at Kaspersky Lab, Fabio Assolini, consumers in Africa are on average losing about $3,000. The SIM card is increasingly becoming the weak point in cybersecurity, as businesses providing services online reinforce the security through multiple user authentication mechanisms.
“While payment methods through mobiles offer a convenience that is hard to debate, Kaspersky Lab research shows that mobile payments and the banking system are suffering a wave of attack – mostly powered by SIM swap fraud and people are losing money as a result,” said Kaspersky Lab in a press statement.
“This type of attack is used to not only steal credentials and capture one-time passwords (OTPs) sent via an SMS, but also to cause financial damage to victims, resetting the accounts on financial services, allowing the fraudsters access currency accounts not only in banks but also in fintechs and credit unions.”
Fraudsters duping telecoms to perform illegal SIM Swaps
A fraudster will approach a telecom operator and have them swap the SIM card of a bonafide user to the one they possess. Online accounts with multi-steps user verification usually send a one-time password (OTP) as SMS to the bonafide user’s mobile number.
With the SIM card swipe, the fraudster will be in a position to obtain the OTP SMS and finish the login process. They will then proceed to wipe clean the bonafide user’s account, change password, or even assign a new number for verification.
The underbelly Mobile Money based economies
There is no denying mobile money has brought financial services to the unbanked and underbanked individuals in society. Who form the majority across economies in Africa. However, it has opened a new wormhole for cybercriminals to infiltrate online financial services.
By diverting the bonafide user’s incoming SMS messages, these criminals have found a workaround the text-based two-factor authentication security. That means critical online services like banking, webmail, social media, and instant messaging are no longer that secure.
Time for Telecoms to improve regulations on SIM swaps
It is now time that telecommunication companies introduce stringent measures to ensure SIM swipes do not happen illegally. That may necessitate geo-fencing, where a SIM swap cannot happen within a wide geographical area. Just make it possible if the SIM swap request is very close to the last reported location of the active SIM card.
The person doing a SIM swap request also needs documents of authentication. That is just my layman suggestion and already I can see cracks in these suggestions. Obviously, it is time telecom engage services of cybersecurity experts in these matters.