SIM Swappers Steal USD200k from South African Business

A South African businessman who spent two months in the USA returned to discover that ZAR3.1mn (USD210k) was stolen from a business account whilst he was away, reports IOL. The theft is being blamed on a fraudulent SIM swap:

Feruccio Ferucci left Cape Town in October without suspecting that his banking information had been stolen.

Around the end of October, his Vodacom SIM card stopped working as well as his internet banking. Growing suspicious, he contacted his daughter in Cape Town to find out from Vodacom what had happened. They informed her that a SIM swap had been done.

“I did not authorise the SIM swap. My phone stopped working for about three weeks and then started working again.

“I haven’t heard anything from Vodacom telling me what happened because my phone just started working again three weeks later,” said Ferucci.

The victim’s bank, Absa, reimbursed the amount that was stolen.

“These transactions were around R300000 each and there were about ten transactions. I then contacted my attorney and he referred me another attorney who specialises in this type of crime. I then wrote a protest letter to Absa threatening to close my account with them and my money was refunded around December 23,” said Ferucci.

Anecdotal evidence suggests that SIM swappers will target individuals when they are out of the country, because the victims are less likely to notice or complain about the interruption in their service. What is disturbing about this case is the suggestion that the victim’s movements may have been monitored by staff working for Vodacom, who then supplied his information to the criminals who accessed the bank account.

“The attorney told me that 90% of the cases he deals with involved people who went overseas. There is no doubt in my mind that what happened to me was promoted by employees of both Vodacom and Absa.

“They probably didn’t steal the money but they probably sell the information,” said Ferucci.

Both Absa and Vodacom are said to be investigating the crime. Let us hope they are transparent about their findings, and that they openly terminate and punish any employees who colluded in this crime.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.