Mobile wallets a drawcard for cyber criminals – Kaspersky expert

Mobile wallets are extremely attractive to cyber criminals, according to Fabio Assolini, senior security researcher at global cyber security firm Kaspersky Lab.

In his view, one-time passwords (OTPs) - an additional layer of security used by many banks for verification purposes - should not be used anymore either.

Assolini was speaking at an information session hosted by the company in Cape Town on Monday.

Mobile phone risks

There are various opportunities for fraud using mobile phones, Assolini noted.

"The user identification of your mobile carrier is via your SIM card, but what if someone steals your phone or activates your phone number with another SIM card without your knowledge or consent?" he asked.

That is called a SIM swap.

It can be done through what he called "social engineering" – by presenting false documents to your mobile operator. This is risky for the criminal, though, because they would need to go there physically and might, for instance, be recorded on security cameras.

That is why, Assolini said, some cyber criminals prefer to have someone at the mobile carrier working for them, adding that they would usually bribe the employee to assist them.

Smelling a rat

Sometimes the corrupted employee does not want to lose his job, so he or she would install a so-called "rat" (remote admin tool) in the company’s system, and get paid for doing that.

This allows the cyber criminal to enter the carrier remotely and perform the tasks they want to themselves.

Having done a SIM swap, cyber criminals can then steal your money, because they will be able to get the OTP that has been SMS'd to you.

Help, I'm stranded...

Using the victim’s WhatsApp account is usually the next biggest target of cyber criminals.

They use the person’s WhatsApp account, pretending to be that person, and ask his or her contacts on WhatsApp for money.

In SA, SIM swap fraud incidents doubled in the space of a single year, the South African Banking Risk Information Centre (Sabric) said in 2018.


Assolini gave the example of how Mozambique decided to deal with increasing problems with SIM swap fraud in the country.

Local banks and mobile carriers got together and created a simple system where banks would check with a client’s carrier whether a SIM swap had been done recently. If that was the case, the bank would not do a wire transfer until it could be sure their client had indeed requested it.

Within a month, SIM swap fraud in Mozambique had decreased by 50%, and after six months it was just about non-existent, he said.

"Banks need to stop sending OTPs and tokens by SMS – yet they do it because it is very cheap to send SMSes," said Assolini.

"If you suddenly find you have no mobile signal when in an area that you should have, contact your carrier as soon as possible," Assolini told Fin24.

"There will continue to be a lot of victims of SIM swaps until telecommunications companies and banks get together - like in Mozambique - and decide to do something about it.

"Consumers need to put pressure on these companies to do something about it."

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For 14 free days, you can have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today. Thereafter you will be billed R75 per month. You can cancel anytime and if you cancel within 14 days you won't be billed. 
Subscribe to News24
Show Comments ()
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders