The number of SIM swap fraud instances in Kenya has recently increased, with Kenyans losing millions of shillings in a matter of hours.
What is SIM Swap Fraud?
SIM swap fraud occurs when criminals use your phone number to get access to your accounts by exploiting a flaw in two-factor authentication and verification.
SIM swapping occurs when scammers contact your phone’s carrier and deceive them into activating a SIM card owned by the fraudsters. When this happens, the scammers have possession of your phone number.
This means that scammers could enter your username and password when accessing your mobile wallet. The bank will then transmit a code – two-factor authentication — to your smartphone number, which you must enter to access your online account. What is the issue? Following a SIM swap, that number is now assigned to the scammers’ smartphone or other device. They can then enter your bank account using that code.
Fortunately, you can guard against SIM swapping. It’s all about avoiding scammers from discovering your logins and passwords for your online bank or credit card accounts. It also helps to be aware of the most prevalent warning signals of a SIM swap fraud.
To avoid this disastrous practice, telcos advise making sure your SIM card has an active SIM lock, use strong passwords, and keep your details away from social media.
To avoid becoming a victim of Sim Swap Fraud as a Safaricom subscriber, dial *100*100# to activate anti-swapping. As a result, your sim card will be locked from replacement/swap at MPESA Agents, this will only be sucessful when you present yourself to a nearby Safaricom shop with your original ID.
Signs you are a victim of Sim Swapping
- You are unable to make calls or send SMS
Having problems sending texts or making phone calls? The first clue that you may have been a victim of SIM swapping is when your phone calls and text messages stop working. This is most likely due to criminals deactivating your SIM card and using your phone number.
- You get notified of other people’s actions
If your phone carrier alerts you that your SIM card or phone number has been activated on another device, you’ve been a victim.
- You can’t access your accounts
If your login credentials for accounts such as your bank and credit card accounts no longer function, it’s likely that scammers have changed your passwords and usernames, possibly after stealing your phone number. Inform your bank and other agencies as soon as possible.
- You discover transactions you don’t recall doing
If you are reviewing your online credit card statement and discover multiple transactions that you do not recall making, you may be the victim of a SIM switch fraud. This indicates that fraudsters have gained access to your credit card information and exploited it to make illicit purchases. They may have accomplished this by first acquiring your phone number and then using the information supplied to it.
How to protect yourself from SIM Swap fraud
- Online behavior: Beware of phishing emails and other ways attackers may try to access your personal data to help them convince your bank or cell phone carrier that they are you. Don’t click on links in email messages from people you don’t know. And remember, your bank, cable provider, credit card company, or other service providers won’t ask for your personal or financial information through an email message.
- Account security: Boost your cellphone’s account security with a unique, strong password and strong security questions and answers that only you know.
- PIN codes: If your phone carrier allows you to set a separate passcode or PIN for your communications, consider doing it. It could provide an additional layer of protection.
- IDs: Don’t build your security and identity authentication solely around your phone number. This includes text messaging (SMS), which is not encrypted.
- Authentication apps: You can use an authentication app such as Google Authenticator, which gives you two-factor authentication but ties to your physical device rather than your phone number.
- Bank and mobile carrier alerts: See if your banks and mobile carrier can combine efforts, sharing their knowledge of SIM swap activity, and implementing user alerts along with additional checks when SIM cards are reissued, for instance.
- Behavioral analysis technology: Banks can use technology that analyzes customer behavior to help them discover compromised devices, warning them not to send SMS passwords.
- Call-backs: Some organizations call customers back to make sure they are who they say they are — and to catch identity thieves.