Fraudsters use SIM card swapping and number porting to commit fraud. After they get enough of your personal information, they may approach your mobile network service provider pretending to be you. They may ask for a transfer of your cell phone number to a new SIM card, or that your number is ported to another service provider. They often present a stolen or fake identity document and can answer the security questions of the service provider as if they are you.
They may get your personal information by calling you and pretending to be a Capitec employee, to trick you into confirming your personal information. Or they may have sent you a phishing email or SMS.
Fraudsters may also try to swap out the physical SIM card in your mobile device during a face-to-face interaction.
The following are examples of how fraudsters perform SIM swap fraud.
Using a phishing email:
- You receive an email that appears to be from the bank. It contains a link to a site that asks you to sign in, to what looks like your online banking profile
- This is where fraudsters catch you out. It is a fake page they have set up to get you to share your confidential online banking details. Once you’ve shared this, all they need to steal your money is verification codes or OTPs (one-time PINs) sent to your phone number
- They then visit your service provider pretending to be you. They’ll say that your SIM card has been lost, destroyed, or stolen and ask for a new one – linking your cellphone number (where you receive your verification codes or OTPs are sent to) to the new SIM card they receive.
- Once scammers do this, they have full access to your bank account and could clear out your funds very quickly
Performing physical SIM card swap:
- A fraudster may approach you outside a shopping centre pretending to offer a promotion or giveaway. They then trick you into handing your device to them to ‘load free airtime data or activate a discount shopping card or voucher’
- They will also trick you into disclosing your banking information (e.g., account number and Remote PIN) and your personal details (e.g., ID number and phone number)
- During this interaction, the fraudster removes your SIM card and inserts it into their device. They then trick you into taking a selfie which in fact is the fraudster getting you to activate your remote banking on their device
- The fraudster now has access to your account
- These techniques may also be used to gain access to your account via USSD mobile banking
What you can do to prevent a SIM swap
Call your network service provider immediately on their official number when:
- You get a “Pending SIM swap” notification or
- Someone phones you to say a SIM swap is being done without your knowledge and asks for confidential information
2 ways to know your SIM card has been swapped:
- You suddenly can’t make or receive calls or messages
- You no longer receive transaction notifications from your bank
Note: Pay special attention if you lose network connectivity for longer than usual – don’t overlook this due to bad network connections during load-shedding. If you suspect SIM card fraud, tell your service provider to deactivate your number and notify your bank immediately.
Tips to avoid being scammed
- Avoid handing over your phone to strangers even if they are offering to help
- Be cautious of a stranger asking you to take a selfie as part of a promotion or giveaway
- Pay close attention to the information you are being asked to disclose to strangers. You should never provide your account number and Remote PIN
- Do not click on links in an SMS or email that asks you to sign in to your online banking profile or update your personal information. We will never ask you to do this
- Treat any SMS or email asking you to take urgent action with caution, and verify the request instead, by contacting the official source directly e.g., your bank
- Don’t save your PINs or passwords for any personal accounts on your phone or device
- Never share your banking passwords and PINs with anyone. Remember we will never contact you and ask you for this information. Beware of such phone calls, SMSs, emails, or direct messages
- Password protect your devices and set the screen to lock automatically after a minute of inactivity or less
- Use strong passwords and PINs and change them regularly. Don’t fall into the habit of using just one password for all your accounts