Friday, April 3, 2020

Botswana mobile operators susceptible to SIM-swapping fraud

A fresh report by Cyber Monitor says Botswana’s three major mobile operators Orange, Mascom and beMobile authentication techniques are vulnerable to SIM-swapping tactics.This leaves more than a million subscribers at the mercy of criminal syndicates.  It is reported that an increasing number of Batswana are falling victim to this low cost but highly lucrative crime.

“Fraudsters have gotten away with thousands of Pulas from consumers in Botswana through SIM swapping, a particularly invasive form of fraud that involves bribing or tricking employees at mobile phone stores into seizing control of the target’s phone number and diverting all texts and phone calls to the attacker’s mobile device.”Once they are in charge of the stolen phone number, the fraudsters can then reset the password for any online account that allows password resets and/or two-factor verification requests via text messages or automated phone calls.

Cyber Monitor also expressed concern over Botswana’s lack of comprehensive consumer protection policies stating that mobile network operators must introduce lifetime ownership of SIM cards, meaning that once a person buys and registers a SIM card, that number must be permanently registered in that person’s name. This follows an incident in December 2019, in which a woman purchased a new SIM card at Mascom but upon finishing the SIM registration, the first message she received was a birthday message from Barclays Bank directed to the previous owner (name withheld).

“Fraudsters could easily plunder the victim’s financial accounts; hack their identities on social media platforms; and abuse that access to harass and scam their friends and family,” says Cyber Monitor.

Botswana is no stranger to this kind of fraud. Over six years ago, a criminal syndicate that was targeting commercial banks was stopped in its tracks after attempting to defraud banks using SIM swap fraud. The syndicate diverted Cellphone banking customers’ One Time Password (OTP) required to carry out banking transactions by duplicating customers’ SIM cards.Amongst other things, mobile network operators have been encouraged to come up with ways to truly lock down a person’s account against SIM swapping, even if that means requiring an in-person visit to the nearest shop.

RELATED STORIES