SIM swap fraud accounts for around 60% of mobile banking fraud in South Africa. The average victim loses R10,000. Some lose more than R500,000. The swap itself takes minutes and can happen without you doing anything wrong.
You are not hacked. Your bank account has not been breached. Your phone is just suddenly without signal, and by the time you figure out why, your accounts are already being drained.
This is one of the most common and most damaging financial crimes affecting South Africans right now. Here is exactly how it works, what to watch for, and what to do.
How SIM swap fraud works step by step
A SIM swap is a legitimate service that mobile networks offer. If your phone is stolen or your SIM is damaged, you call your provider, verify your identity, and they transfer your number to a new SIM card. The attacker's goal is to do exactly that, using your details, without your knowledge.
Step one: the attacker gathers your information. They need your full name, ID number, and phone number at minimum. Some attacks require additional details. Attackers source this from data breaches (there have been several large ones in South Africa), from phishing messages, from social media, or from social engineering, which means calling you or someone who knows you and extracting the information through conversation.
Step two: the attacker contacts your mobile network. They call the network's customer service line, visit a store, or use a fraudulent online process, depending on the network's verification procedures. They claim to be you, say the SIM is damaged or the phone was stolen, and request a SIM swap to a new card they control.
Step three: your SIM goes dead. The moment the network processes the swap, your SIM stops working. You lose signal. At this point, the attacker has full control of your phone number.
Step four: the attacker uses your number to intercept OTPs. With your number, they can receive one-time passwords (OTPs) sent via SMS for your banking apps, email accounts, and any other service that uses SMS-based verification. They use those OTPs to log in, change passwords, and authorise transfers.
Step five: your accounts are drained. Bank transfers happen fast. By the time you realise your SIM is dead and report it, the money is often gone.
What attackers do once they control your number
The most immediate target is your bank account. South African banks rely heavily on SMS OTPs as the second factor for authorising transactions. FNB, Capitec, Absa, Standard Bank, Nedbank, and TymeBank all use SMS OTPs at some point in their authentication flow.
Beyond banking, attackers may take over your email, which then lets them reset passwords on everything else connected to that address. They may access your medical aid, your retirement annuity platform, or any investment accounts tied to that number.
Some attackers are less interested in immediate theft and more interested in using your identity for longer-term fraud, opening accounts, applying for credit, or registering companies in your name.
Warning signs your SIM may have been swapped
The most obvious sign is sudden loss of signal when you had coverage a moment ago. This happens in specific ways:
You have signal, then suddenly you have none, and restarting the phone does not fix it. You may see "No service" or "SOS only." Other phones around you still have signal from the same network. Calls to your own number go straight to voicemail, but from your phone's perspective, nothing has changed.
Some people also notice it the other way: someone calls your number and it rings fine on their end, but your phone never rings. That means the swap is complete and the call is going to the attacker's device.
If your bank sends you an OTP you did not request, that is also a warning sign. Do not ignore it.
How to contact your network operator to lock your SIM
If you suspect a SIM swap has happened or is in progress, call your network's fraud line immediately. Do not wait.
Vodacom: Call 082 135 or *135# from your Vodacom number. Fraud hotline: 082 1956.
MTN: Call 135 from your MTN number, or 083 135 from any phone. Fraud line: 083 190.
Telkom: Call 10213 or 081 180 0000.
Cell C: Call 084 140 from any phone.
When you call, tell them you suspect a SIM swap. Ask them to freeze the number and any recent SIM swap requests. Ask for confirmation of when the last SIM swap was processed on your account.
Then call your bank. Every major South African bank has a 24-hour fraud line:
- FNB: 087 575 9444
- Capitec: 0860 10 20 43
- Absa: 0800 11 11 55
- Standard Bank: 0800 020 600
- Nedbank: 0800 110 929
Tell them your SIM has been swapped and ask them to flag your account and freeze outgoing transactions until you can confirm your identity in person.
How to protect your banking accounts before an attack happens
The biggest vulnerability is the reliance on SMS OTPs. You cannot entirely remove that from SA banking, but you can reduce your exposure.
Where your bank offers an authenticator app instead of SMS OTP, use it. The Capitec app, for example, has its own in-app notification system for authorising transactions. FNB's app also supports in-app authorisation. This is significantly more secure than SMS-based OTPs because an attacker who has swapped your SIM cannot access your phone's authentication app without physically having the device.
Set up a travel block or SIM swap notification with your network if one is available. Some networks let you set up PIN-based SIM protection that requires an additional verification step before any SIM swap is processed.
Limit the personal information you share publicly. Your ID number, phone number, and date of birth are all the attacker may need. RICA registration data has been exposed in past leaks. Be cautious about what you share in WhatsApp groups, community forums, and on social media.
Do not use your banking phone number as the contact number for everything. If attackers target your number specifically, having it tied to fewer services reduces the damage.
What to do if it happens to you
Report immediately, in this order:
- Call your mobile network fraud line and get the number frozen.
- Call your bank fraud line and freeze your accounts.
- Open a case with SAPS. Go to your nearest station and report it under the Cybercrimes Act, or submit online at the South African Police Service website. Get a case number. You will need it for your bank's investigation and for insurance purposes.
- If money has been transferred, notify the receiving bank as well. Your bank's fraud team can initiate a recall request if the funds are still in transit or in a local account.
- Keep records of every call you make, every person you speak to, and every reference number you receive. The timeline matters if you pursue recovery.
Recovery is possible, but it depends on how quickly you act. Banks are required under the Banking Ombudsman's Code of Conduct to investigate SIM swap fraud claims. If the bank failed to use reasonable verification, they may be liable. The South African Banking Risk Information Centre (SABRIC) can also advise on next steps.
Your next step right now: check whether your bank offers in-app transaction authorisation and switch to it if you have not already. If you want to understand your broader fraud exposure, our incident response team is available at /services/incident-response/ and you can also run a quick check on your business at /business-trust-check.html.
Contact us at [email protected] if you have questions or need help.
Sources: - SABRIC: SABRIC Annual Crime Statistics 2024 (Published: September 2025) - Capitec Fraud Centre Guidance and Banking Security Protocols (Accessed: 2026) - TechAfrica News: South Africa Sees 86% Surge in Digital Banking Fraud (Published: August 29, 2025)
© 2026 Ubuntu Guard Cybersecurity | Durban, South Africa ubuntuguard.co.za