May 9, cybersecurity firm Kaspersky Lab issued a warning to Kenyan consumers over increasing incidences of hackers swapping SIM cards. More on that, here. There are allegations that some of these hackers and fraudster could be employees from the telecommunication companies or are collaborating with them.
As it works out, a subscriber may get a call from someone purporting to be a customer service agent from the telecom company. They will then proceed to ask questions about the subscriber’s identity and mobile money wallet activities.
Armed with that information, the hacker can simply do a SIM card swipe from a different location. All the while the real subscriber loses cellular network signal on their phone since their line is now active in a different device at a different location.
That should be the first tell-tale sign that one has been hacked. Except it is not easy to establish if your line has been swapped or not. The lack of cellular network signal by itself does not necessarily warrant you to think your line has been swapped. Your phone can lose signal when you walk through certain hallways, enter certain buildings, or travel to places with weak or no reception.
Before you know it and seek ways to recover your line, the hacker would have had more than enough time to clean your mobile wallet clean. Something similar happened to Lilian Wangui as cited by the Daily Nation.
Wangui got a call while she was at home one weekend in January. The call was from an unknown number, and the caller began by identifying himself purporting to be a Safaricom customer service agent.
From there, he went to read out her national identity number, date of birth, and some details of her next of kin. Wangui was undoubtedly aware of con artist purporting to be Safaricom agent, but one can quickly know they are fake since they don’t have basic information on you. However, this caller had all the right details on Wangui, so she genuinely thought he must be with Safaricom. Since the company would have her details, and everything the caller readout was accurate.
With her guard down, the caller went ahead to ask further details on Wangui’s mobile money (M-Pesa) wallet account. The man had now earned her trust.
“The man asked me some generic questions regarding my M-Pesa transactions, all which I confidently answered. He then hang up,” said Wangui.
Wangui then went about her business. Moments later, she discovered her phone had no Safaricom cellular signal. She didn’t think much of it, since like we said earlier, it is not that unusual. You could be in an area of your house with weak or no cellular signal.
Some time passed, and still, there was no cellular signal. That means she cannot make/receive calls, send/receive SMS messages, and most certainly can’t go online using the Safaricom mobile data service. Her friend advised her to go swap the SIM card line.
After swapping the line, she was met by a rude shock. All her money in her M-Pesa wallet had been withdrawn. It then dawned on her that she had been conned by that earlier caller ‘from Safaricom.’
Feeling devastated, she called the mobile service carrier who confirmed that indeed the money had been withdrawn. Safaricom further advised her to report the matter to the police.
End-user Cybersecurity literacy is as good as other security measures
Fraudsters and cybersecurity agents are on a constant battle to outdo each other. While the agents are working on new and cutting edge security measures. The fraudsters are equally not sleeping and are also thinking of new ways to beat the system.
As Kaspersky Lab had warned, the latest ploy by fraudsters is to do a SIM card swap. It is therefore imperative that telecommunication companies conduct public education on how subscribers can secure their lines.