Understanding SIM Pharm Crime in South Africa

Just when you thought there couldn’t be another type of cyber thief, they develop new
and devious methods to steal valuable information and finances. Over the last few years
there has been an uptick in “SIM pharm” crimes. This form of crime has encompassed a
variety of scams including theft of banking credentials, impersonation, investment fraud,
and online marketplace fraud. The best way to protect yourself and your company is to be
aware of how this cyber crime is done.

As assumed with the name, SIM pharm involves the use of the SIM card in mobile
phones. South Africa has been particularly hard hit as so much of the population uses and
depends on their mobile phones. There are a few ways that these threat actors have
manufactured their attacks:

SIM Swapping: To get access to important personal information, such as passwords, the
cyber criminals maintain SIM cards that they control and convince a mobile phone user
to port their numbers to one of these SIM cards.
Impersonating Authorities: Using their untraceable SIM cards, the cyber criminals
impersonate authorities such as banking representatives or the police for the purpose of
extorting money from victims.
Fraudulent Online Activities: Threat actors make use of SIM cards for the creation of
fake accounts to take advantage of victims. Using these SIM cards they can portray
themselves as investment/scam opportunities, second-hand marketplaces, and pretend to
be a friend or family member in need of emergency money.
Fraudulent Prison Activities: Individuals in prison have developed more sophisticated
scam programs using SIM cards to take advantage of victims.

Authorities are tracking down and finding some of these criminals. In a recent bust
involving seven African countries, there were 306 cyber criminals arrested. The
confiscated 1,842 devices and destroyed a network of cross-border cybercrime. The
scams involved over 5,000 victims with crimes that included messaging apps, investment
fraud, and mobile banking. Named “Red Card”, the operation happened between Nov.
2024 and Feb. 2025 and included: Ivory Coast, Rwanda, Benin, Togo, South Africa,
Zambia and Nigeria.

The authorities arrested 40 suspects in South Africa, hauling in 53 computers and over
1,000 SIM cards associated with a SIM box fraud scheme. The threat actors made use of
the SIM boxes for the purpose of rerouting international calls to appear as local calls.
Interpol revealed that this allowed for large-scale SMS attacks using phishing.
What to do if you suspect a SIM pharm attack?

You need to immediately report a potential attack to your bank and the SAPS (South
African Police Service), or the Directorate for Priority Crime Investigation (Hawks) and
the Cybersecurity Hub. Make sure to tell your bank about any unauthorised transactions
to your account. The Cybersecurity Hub is the official government organisation for
incidents involving cybersecurity. The CSIRT (South Africa’s National Computer
Security Incident Response Team) will be able to assist you.

Read a related article on LinkedIN When a pile of SIM cards becomes a national risk, what we must learn https://www.linkedin.com/pulse/when-pile-sim-cards-becomes-national-xx8ge

Another action to take is to go online to the ISPA (Internet Service Providers’
Association) reporting tool where you can report any online crimes and they have a tip-off
phone number of 0860 010 111 as well as email of childprotect@saps.org.za for any
child protection issues. Depending upon your situation, you may want to think about
legal actions. You might be able to pursue for damages via civil litigation or use a
protection order via a local magistrates’ court for harassment.

“DaVinci Cybersecurity has been maintaining information on the latest methods used by
cybercriminals and sharing this with the authorities, the general public, and companies.
Our goal is to ensure that everyone’s personal and business data is protected from these
thieves.”

Sharon Knowles, CEO DaVinci Cybersecurity