Cybercriminals are increasingly targeting individuals via their phones in what has become a usual outcry from the public.
This has even been more compounded with the emergence of digital banking as more customers take their banking online because of the guaranteed convenience.
However, it is in the mobile banking sector that clients have been robbed of their hard earned cash with ease.
Kenyans.co.ke sought the opinion of a cyber expert to understand how this happens and how you can protect yourself from hackers.
Thomas Omweri a Senior software engineer with Ringier while speaking to Kenyans.co.ke revealed that fraudsters have now devised ways to access and steal information from the public.
Omweri stated that phone users are targeted because of their vulnerability.
“In the recent past, reports of SIM swaps were an area where it was most targeted and where users were vulnerable,
This is because the majority of the users' bank accounts are connected to their phone numbers, thus becoming an easy target, Omweri opined.
SIM Swapping
He equally noted that SIM swapping was not as straightforward as many thought.
“Many people think SIM swaps are casual and simple. It is not, as this involves mobile operators too just that fraudsters masquerade as real owners of the device information,
To perform a SIM card hacking through a SIM card swap, a hacker will first call up your phone provider,
They'll pretend to be you and ask for a replacement SIM card. They'll say they want to upgrade to a new device and, therefore, need a new SIM,
If they are successful, the phone provider will send them the SIM," he revealed.
Then, they can steal your phone number and link it to their own device. All without removing your SIM card!
He argued that this had two effects:
"First, your real SIM card will get deactivated and stop working. And secondly, the hacker now has control over phone calls, messages, and two-factor authentication requests sent to your phone number,
This means they could have enough information to access your accounts, and could lock you out too," he observed.
He detailed that when acquiring a SIM card it is never attached to any SIM card or a mobile operator.
The mobile operator has to update the phone user that they would require certain information, which most of the time is confidential in order to grant access.
“When you register your SIM card, you give personal details such as your ID number, email address and verification answers,
The questions are normally centred on providing either your mother's name, friends depending on the operator,
This is critical information that if accessed in the back end could lead to your account being vulnerable to hacking,” he opined.
User Conduct
Responding to how fraudsters execute their hack, Omweri postulated that it was all down to user conduct.
"Fraudsters are patient enough in identifying their target. They can even take a year to study a target and strike at the appropriate time," he observed.
"They do this through social media where users expose their personal details, like phone numbers and email addresses.
Users also click on emails that pop up seeming like they are from legit organisations or banking entities,
He further explained that it is after this clicking on these links that fraudsters are able to access the personal information of the user.
"Remember fraudsters are on a hunt. After they gather the information over time, they get to mobile operators where they share this info like the user.
They will give out details such as your Identification Details (ID), password reset answers which users fill in when setting up their accounts," he communicated.
Additionally, he mentioned that most of the time baiting SMS codes appear from either the banking services or mobile operators.
Reverting these codes as easily as it is to do could lead to your bank account pin being accessed thus losing your money.
Staying safe
Omweri further elucidated that customer awareness was the best self-defence when it came to banking cybersecurity initiatives.
"The weakest link in all this is the user.
Nowadays, fraudsters do not ask for passwords. They take the longer route to access your personal information," he remarked.
He advised the public to be alert for suspicious emails or login pages and be careful when they enter their login details for any account they use.
"On occasion, emails will hijack the email accounts making it more difficult to spot the threat.
Customers should strive to always contact their bank by phone before downloading any email attachments as private information would never be asked via email," he uttered.
