Around a year ago, André Tenreiro was called into a meeting between the chief technology officer of the phone carrier he worked for—one of the largest in Mozambique—and an executive of the country’s largest bank. The latter had seen an escalating pattern of fraud based on so-called SIM swap attacks, where hackers trick or bribe a phone company employee into switching the SIM card associated with a victim’s phone number. The attackers then use that hijacked number to take over banking or other online accounts. According to Tenreiro, the bank had seen more than 17 SIM swap frauds every month. The problem was only getting worse.
“The gentleman from the bank, I could see by his face he was desperate. He wanted to do something but he didn’t know what to do,” says Tenreiro, who asked WIRED not to identify the phone carrier he worked for. “He was asking for our help. As mobile operators, we also had a responsibility to fight this fraud.”