Understanding SIM Pharm Crime in South Africa

SIM Pharm Cyber crime Escalates in South Africa

Just when you thought there couldn’t be another type of cyber thief, they develop new
and devious methods to steal valuable information and finances. Over the last few years
there has been an uptick in “SIM pharm” crimes. This form of crime has encompassed a
variety of scams including theft of banking credentials, impersonation, investment fraud,
and online marketplace fraud. The best way to protect yourself and your company is to be
aware of how this cyber crime is done.

As assumed with the name, SIM pharm involves the use of the SIM card in mobile
phones. South Africa has been particularly hard hit as so much of the population uses and
depends on their mobile phones. There are a few ways that these threat actors have
manufactured their attacks:

SIM Swapping: To get access to important personal information, such as passwords, the
cyber criminals maintain SIM cards that they control and convince a mobile phone user
to port their numbers to one of these SIM cards.
Impersonating Authorities: Using their untraceable SIM cards, the cyber criminals
impersonate authorities such as banking representatives or the police for the purpose of
extorting money from victims.
Fraudulent Online Activities: Threat actors make use of SIM cards for the creation of
fake accounts to take advantage of victims. Using these SIM cards they can portray
themselves as investment/scam opportunities, second-hand marketplaces, and pretend to
be a friend or family member in need of emergency money.
Fraudulent Prison Activities: Individuals in prison have developed more sophisticated
scam programs using SIM cards to take advantage of victims.

Authorities are tracking down and finding some of these criminals. In a recent bust
involving seven African countries, there were 306 cyber criminals arrested. The
confiscated 1,842 devices and destroyed a network of cross-border cybercrime. The
scams involved over 5,000 victims with crimes that included messaging apps, investment
fraud, and mobile banking. Named “Red Card”, the operation happened between Nov.
2024 and Feb. 2025 and included: Ivory Coast, Rwanda, Benin, Togo, South Africa,
Zambia and Nigeria.

The authorities arrested 40 suspects in South Africa, hauling in 53 computers and over
1,000 SIM cards associated with a SIM box fraud scheme. The threat actors made use of
the SIM boxes for the purpose of rerouting international calls to appear as local calls.
Interpol revealed that this allowed for large-scale SMS attacks using phishing.
What to do if you suspect a SIM pharm attack?

You need to immediately report a potential attack to your bank and the SAPS (South
African Police Service), or the Directorate for Priority Crime Investigation (Hawks) and
the Cybersecurity Hub. Make sure to tell your bank about any unauthorised transactions
to your account. The Cybersecurity Hub is the official government organisation for
incidents involving cybersecurity. The CSIRT (South Africa’s National Computer
Security Incident Response Team) will be able to assist you.

Read a related article on LinkedIN When a pile of SIM cards becomes a national risk, what we must learn https://www.linkedin.com/pulse/when-pile-sim-cards-becomes-national-xx8ge

Another action to take is to go online to the ISPA (Internet Service Providers’
Association) reporting tool where you can report any online crimes and they have a tip-off
phone number of 0860 010 111 as well as email of childprotect@saps.org.za for any
child protection issues. Depending upon your situation, you may want to think about
legal actions. You might be able to pursue for damages via civil litigation or use a
protection order via a local magistrates’ court for harassment.

“DaVinci Cybersecurity has been maintaining information on the latest methods used by
cybercriminals and sharing this with the authorities, the general public, and companies.
Our goal is to ensure that everyone’s personal and business data is protected from these
thieves.”

Sharon Knowles, CEO DaVinci Cybersecurity

Photos supplied by the USA Secret Service – USA case

Source:

https://www.occrp.org/en/news/african-authorities-bust –cybercrime-networks

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

More articles

South African Seniors are Prime Target for Cyber Attacks

South Africa Facing Continued Financial Fraud Crime Wave

Mobile fraud on the rise in South Africa

Pen test with confidence

Trials

Training

About

Articles

Tags

More articles

South African Seniors are Prime Target for Cyber Attacks

South Africa Facing Continued Financial Fraud Crime Wave

Mobile fraud on the rise in South Africa