SIM Swap Fraud in South Africa: How It Works and How to Stop It

SIM swap fraud accounts for around 60% of mobile banking fraud in South Africa. The average victim loses R10,000 whilst some lose more than R500,000. The swap itself takes minutes and can happen without you doing anything wrong.

In this scenario you are not hacked or your bank account has not been breached. Your phone just suddenly has no signal. By the time you figure out why, your accounts are already being drained.

This is one of the most common and most damaging financial crimes hitting South Africans right now. Here is how it works, what to watch for, and what to do.

How SIM swap fraud works step by step

A SIM swap is a legitimate service that mobile networks offer. If your phone is stolen or your SIM is damaged, you call your provider, verify your identity, and they transfer your number to a new SIM card. The attacker's goal is to do exactly that, using your details, without your knowledge.

1. The attacker gathers your information. They need your full name, ID number, and phone number at minimum. Some attacks require additional details. Attackers source this from data breaches, recently there have been several large ones in South Africa or from phishing messages, from social media, or from social engineering. That means calling you or someone who knows you and extracting information through a conversation.
2. The attacker contacts your mobile network. They call the network's customer service line, visit a store, or use a fraudulent online process, depending on the network's verification procedures. They claim to be you, say the SIM is damaged or the phone was stolen, and request a SIM swap to a new card they control.
3. Your SIM goes dead. The moment the network processes the swap, your SIM stops working. You lose signal. At this point, the attacker has full control of your phone number.
4. The attacker intercepts your OTPs. With your number, they receive one-time passwords sent via SMS for your banking apps, email accounts, and any other service that uses SMS-based verification. They use those OTPs to log in, change passwords, and authorise transfers.
5. Your accounts are drained. Bank transfers happen fast. By the time you realise your SIM is dead and report it, the money is often gone.

What attackers do once they control your number

The most immediate target is your bank account. South African banks rely heavily on SMS OTPs as the second factor for authorising transactions. FNB, Capitec, Absa, Standard Bank, Nedbank, and TymeBank all use SMS OTPs at some point in their authentication flow.

Beyond banking, attackers may take over your email. That then lets them reset passwords on everything else connected to that address. Medical aid accounts, retirement annuity platforms, investment accounts tied to that number - all of it becomes accessible.

Some attackers are less interested in immediate theft. They use your identity for longer-term fraud: opening accounts, applying for credit, or registering companies in your name. The damage can surface months later.

How to contact your network operator to lock your SIM

If you suspect a SIM swap has happened or is in progress, call your network's fraud line immediately. Do not wait. Do not try to troubleshoot the signal first.

• Vodacom: Call 082 135 or dial *135# from your Vodacom number. Fraud hotline: 082 1956.
• MTN: Call 135 from your MTN number, or 083 135 from any phone. Fraud line: 083 190.
• Telkom: Call 10213 or 081 180 0000.
• Cell C: Call 084 140 from any phone.

When you call, tell them you suspect a SIM swap. Ask them to freeze the number and any recent SIM swap requests. Ask for confirmation of when the last SIM swap was processed on your account.

Then call your bank immediately. Every major South African bank has a 24-hour fraud line:

• FNB: 087 575 9444
• Capitec: 0860 10 20 43
• Absa: 0800 11 11 55
• Standard Bank: 0800 020 600
• Nedbank: 0800 110 929

Tell them your SIM has been swapped. Ask them to flag your account and freeze outgoing transactions until you can confirm your identity in person.

Switch from SMS OTP to in-app authentication now

This is the single most important change you can make to your banking security today. SMS OTPs are the weak link in the chain. An attacker who swaps your SIM gets every SMS you receive. That includes every OTP your bank sends you. The moment the swap is complete, they own the keys to your account.

In-app authentication is fundamentally different. The Capitec app has its own in-app notification system for authorising transactions. FNB's app also supports in-app authorisation. When you use in-app authentication, the approval request is sent directly to the app on your physical device, not to your phone number. An attacker who has swapped your SIM cannot access your bank's authentication app without physically having your phone in their hands.

Log into your banking app today. Look for the settings around notifications, security, or transaction authorisation. Switch from SMS OTP to in-app approval if the option is available. If you are unsure how to do it, call your bank's support line and ask them to walk you through it. This one change significantly reduces your SIM swap exposure.

How to protect yourself before an attack happens

Beyond switching to in-app authentication, there are several steps you can take right now.

Set up a SIM swap notification or PIN-based SIM protection with your network if one is available. Some networks let you add an additional verification step before any SIM swap is processed on your account. Call your network and ask specifically what SIM swap protection options they offer.

Limit the personal information you share publicly. Your ID number, phone number, and date of birth are often all an attacker needs. RICA registration data has been exposed in past South African data leaks. Be careful about what you share in WhatsApp groups, community forums, and on social media. Your ID number is not a casual detail.

Do not use your banking phone number as the contact number for everything. If attackers target your number specifically, having it tied to fewer services limits the damage they can do. Consider keeping a separate number for financial accounts.

Be cautious of any message or call asking you to confirm personal details. Legitimate banks and networks do not call you to confirm your ID number. If someone calls asking for this information, hang up and call the institution directly using the number on their official website.

What to do if it happens to you

Speed determines how much money you lose. Act in this order:

1. Call your mobile network fraud line and get the number frozen immediately.
2. Call your bank fraud line and ask them to freeze all outgoing transactions on your account.
3. Open a case with SAPS. Go to your nearest station and report it under the Cybercrimes Act, or submit online at the South African Police Service website. Get a case number. You will need it for your bank's investigation and for any insurance claim.
4. If money has already been transferred, notify the receiving bank as well. Your bank's fraud team can initiate a recall request if the funds are still in transit or sitting in a local account.
5. Keep records of every call you make, every person you speak to, and every reference number you receive. Write down times and dates. The timeline matters if you pursue recovery.

Recovery is possible. Banks are required under the Banking Ombudsman's Code of Conduct to investigate SIM swap fraud claims. If the bank failed to use reasonable verification procedures, they may be liable for losses. The South African Banking Risk Information Centre (SABRIC) can advise on next steps if your bank is unresponsive.

The one thing you can do right now, before anything happens to you: open your banking app, find the transaction authorisation settings, and switch to in-app approval. It takes five minutes. It is the most effective single step you can take against SIM swap fraud in South Africa today.

Contact us at [email protected] if you have questions or need help assessing your exposure.