Spanning a three day period starting Friday 28 June 2019 to 30 June 2019, some customers of one of Zambia's largest banks lost thousands in savings as fraudsters tricked them into sending them their mobile money PINs. This was as a result of the fraudsters being able to access Zambia National Commercial Bank's (ZANACO) systems and sending SMS' to thousands of customers who use the Xapit mobile money service requesting they respond with their PINs as the system was undergoing an update as a result of the ZANACO Zee-Wallet.

ZANACO has confirmed that their systems were hacked and that they are currently investigating.

The hacking and phishing is reported to have worked as follows: the hackers managed to breach ZANACO's IT systems and gain access to the bank's mobile money system and a list of customers' contact details. om there they went on to send SMSs using the ZANACO sort code to thousands of Xapit mobile money customers telling them that it was doing an update of its platform. The fraudsters later followed up by calling number of customers to whom they had sent the SMS' and advised them to give them their PIN codes in order to carry out the updates. Immediately after receiving PINs from some customers, it is reported that they started withdrawing money from their mobile money accounts.

Phishing on the increase across Africa

A recent report by the South African Banking Risk Information Centre (SABRIC) has revealed that cyber crime related to banking is on the rise across Africa. More importantly, the report also highlighted that with many banks and telecommunications companies introducing digital platforms for transacting and banking, criminals have started targeting mobile money services as well.

In the case of ZANACO, the bank only were alerted to the breach when their call centre received an unusual number of calls from customers who were defrauded. The bank has also reiterated that it is conducting investigations to get to the root of the problem.

Share this via: