A year down the line from the spate of SIM swap fraud that plagued mobile users, a related scam has reared its head - this time in the form of an e-mail phishing scam.
Yesterday, Vodacom issued a strong warning to its subscribers via Facebook and Twitter, saying a phishing e-mail was doing the rounds, in which the recipient is urged to click on a link and enter their bank details to avoid a SIM swap.
"This is a scam!" says Vodacom in its Facebook post. "Vodacom sends SMSes to warn of SIM swap, never e-mails."
The operator cautions users never to reply to an unsolicited e-mail with personal information, or enter it into a pop-up window - "and don't click on any links unless you know the source is legit".
This comes just after MTN warned its subscribers on Monday of an e-mail that was being promulgated by fraudsters seeking to obtain users' banking details, under the guise of being a mistaken SIM swap request.
MTN said, at the time, it would block the scammers' site on its network, as an additional safeguard for its customers.
Same syndicate
Vodacom spokesperson Richard Boorman says it appears the same group of fraudsters are trying the same scam from a Vodamail account.
Boorman says Vodacom has blocked the sites in the event anyone tries to access them via a Vodacom data connection, and has initiated the process of getting them blocked worldwide.
"The challenge is that the criminals typically just change the site address and keep going," he says.
Boorman explains the latest scam is a case of Internet banking fraud. "It cleverly exploits fear over fraudulent SIM swaps to get people to reveal their banking details."
He says more than 99.9% of SIM swaps carried out are legitimate, "and we need to strike the right balance between the convenient execution of a SIM swap and protecting customers".
As an example, Boorman says, Vodacom could implement a 48-hour waiting period. "But if you've just dropped your phone in the pool and need a new SIM [immediately], then this would be a major issue."
What the operator has done, he says, is work with the banks to supply them with information in real-time about SIM swap requests. "The banks then have the ability to correlate SIM swap requests and changes to bank account details, which should raise a red flag."
Vodacom has also set up a Facebook tab, #ScamTab, via which customers can report any suspected SMS scams. According to Vodacom, 966 scammers have been blocked thanks to users' reports.
Dodgy e-mail
The said phishing e-mail, seemingly sent to random e-mail addresses, reads:
"We have discovered a sim swap attempt on your no. The swap will be processed within the next hour. If you did not initiate this sim swap, Please Cancel here." [sic]
Clicking "Cancel" directs the recipient to a site that requests banking details. Once this information is supplied, the criminals can use the details to make fraudulent transactions from the victim's account.
Meanwhile, Google has attached a warning to Gmail users who have received e-mails originating from the perpetrators of the phishing scam: "Be careful with this message. Similar messages were used to steal people's personal information. Unless you trust the sender, don't click links or reply with personal information."
Share