Mobile wallets a drawcard for cyber criminals – Kaspersky expert

accreditation

Mobile wallets are extremely attractive to cyber criminals, according to Fabio Assolini, senior security researcher at global cyber security firm Kaspersky Lab.

In his view, one-time passwords (OTPs) - an additional layer of security used by many banks for verification purposes - should not be used anymore either.

Assolini was speaking at an information session hosted by the company in Cape Town on Monday.

Mobile phone risks

There are various opportunities for fraud using mobile phones, Assolini noted.

"The user identification of your mobile carrier is via your SIM card, but what if someone steals your phone or activates your phone number with another SIM card without your knowledge or consent?" he asked.

That is called a SIM swap.

It can be done through what he called "social engineering" – by presenting false documents to your mobile operator. This is risky for the criminal, though, because they would need to go there physically and might, for instance, be recorded on security cameras.

That is why, Assolini said, some cyber criminals prefer to have someone at the mobile carrier working for them, adding that they would usually bribe the employee to assist them.

Smelling a rat

Sometimes the corrupted employee does not want to lose his job, so he or she would install a so-called "rat" (remote admin tool) in the company’s system, and get paid for doing that.

This allows the cyber criminal to enter the carrier remotely and perform the tasks they want to themselves.

Having done a SIM swap, cyber criminals can then steal your money, because they will be able to get the OTP that has been SMS'd to you.

Help, I'm stranded...

Using the victim’s WhatsApp account is usually the next biggest target of cyber criminals.

They use the person’s WhatsApp account, pretending to be that person, and ask his or her contacts on WhatsApp for money.

In SA, SIM swap fraud incidents doubled in the space of a single year, the South African Banking Risk Information Centre (Sabric) said in 2018.

Scourge

Assolini gave the example of how Mozambique decided to deal with increasing problems with SIM swap fraud in the country.

Local banks and mobile carriers got together and created a simple system where banks would check with a client’s carrier whether a SIM swap had been done recently. If that was the case, the bank would not do a wire transfer until it could be sure their client had indeed requested it.

Within a month, SIM swap fraud in Mozambique had decreased by 50%, and after six months it was just about non-existent, he said.

"Banks need to stop sending OTPs and tokens by SMS – yet they do it because it is very cheap to send SMSes," said Assolini.

"If you suddenly find you have no mobile signal when in an area that you should have, contact your carrier as soon as possible," Assolini told Fin24.

"There will continue to be a lot of victims of SIM swaps until telecommunications companies and banks get together - like in Mozambique - and decide to do something about it.

"Consumers need to put pressure on these companies to do something about it."

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Rand - Dollar
14.76
-0.0%
Rand - Pound
20.26
-0.0%
Rand - Euro
17.33
-0.1%
Rand - Aus dollar
10.78
-0.1%
Rand - Yen
0.13
+0.1%
Gold
1,752.15
+0.6%
Silver
22.67
+0.7%
Palladium
1,999.53
+0.7%
Platinum
986.50
-0.6%
Brent-ruolie
77.25
+1.4%
Top 40
57,643
0.0%
All Share
64,049
0.0%
Resource 10
57,254
0.0%
Industrial 25
82,879
0.0%
Financial 15
14,316
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Voting Booth
What potential restrictions on unvaccinated South Africans may make the biggest difference to public health, the economy?
Please select an option Oops! Something went wrong, please try again later.
Results
Limited access to restaurants and bars
11% - 127 votes
Limited access to shopping centres
15% - 168 votes
Limited access to live events, including sport matches and festivals
26% - 302 votes
Workplace vaccine mandates
48% - 557 votes
Vote