Name: Adeyemi Adesola, Security+
Cybersecurity Analyst
Email: yemiadesola@gmail.com
There is a type of cyberattack that does not involve hacking firewalls or cracking passwords. It does not require a laptop, it does not involve using software or malware, and it rarely makes the news. However, it steals millions of naira each year in a quiet, effective manner, and frequently without the victim realising what has happened. It is known as “SIM swap scams”, and it has quietly emerged as one of the most significant digital threats to individuals in Nigeria. I call it a silent digital war because that is exactly what it is.
The playbook is quite basic. A criminal impersonates a phone owner, convinces the network provider to transfer the victim’s number to a new SIM card, and then gains control of everything associated with that phone number, including banking apps, email accounts, OTPs, WhatsApp, and even social media accounts. In some cases, impersonation is not always necessary. If a number has not been used in a few months, carriers may deactivate it and assign it to someone else. That recycled number, now in the hands of a stranger, may still be linked to banking profiles or recovery emails, paving the way for unintentional but real identity theft.
Read also: NCC identifies SIM swaps, USSD e-payment as threats to telecom industry
In Nigeria, where phone numbers are linked to our bank accounts, digital wallets and personal apps, a simple SIM swap can cause the perpetrators to have access to the bank accounts. The perpetrators can check account balances and initiate money transfers in minutes. What makes it even concerning is how quietly it occurs. The victim notices that there is no longer any signal on their phone. They restarted the phone, yet nothing changed. They wait, assuming it’s only a network issue. Meanwhile, the real threat has already begun; someone else is using that phone number to reset banking passwords, intercept OTPs, and gain complete control of accounts. By the time the rightful owner contacts the telecom or rushes to the bank, the damage has been done.
This is the reason why SIM swap scams should not be taken lightly. It is not only a technical issue. It is a problem with both the system and the people. Behind every illegal SIM swap is usually a collaborator, perhaps someone from within the telecom firms. It might be a customer service representative who skips the verification stages or someone who ignores discrepancies between documents. Criminals know who to target, they offer bribes, they take advantage of weak processes, and because carriers handle hundreds of SIM-related requests per day, a few fraudulent activities can easily go undiscovered.
Banks are not exempted from blame as well. Despite the fact that it is general knowledge of how vulnerable SMS OTPs are to SIM swap attacks, financial institutions continue to accept sensitive transactions using them. In a more secure system, acquiring control of a phone number would not immediately grant access to making a transfer of funds from someone’s bank account. However, this is frequently the case in Nigeria. One weak connection is all it takes. What makes it even more aggravating is the lack of public awareness. Many Nigerians are unaware that this type of scam exists until they become victims of it. They believe that as long as they do not share their PIN or click on dubious sites, they are protected. However, in this instance, the criminal does not need you to make a mistake; all they need is your phone number.
Read also: Your phone, your data: Why mobile cybersecurity should matter to you
We need to stop treating this as an isolated issue because it is not. It is part of a larger problem in which digital identities, mobile networks, and financial institutions are interconnected but inadequately safeguarded. Until carriers implement stronger SIM replacement protocols and banks adopt a more secure authentication method than SMS OTP, this scam will continue to persist.
But it’s not only about what companies need to do. It is also about individual awareness. If your phone suddenly stops getting signals, do not wait. Don’t assume it’s just a network. Check your bank app immediately. Notify your telephone service provider, and if required, freeze your accounts immediately. We also need to be more cautious about how much personal information we share on our social media accounts. Fraudsters frequently obtain their targets’ names, phone numbers, date of birth, address, account information, and even BVNs from publicly available sites such as Facebook or carelessly leaked databases. With a few details, they can effectively impersonate almost anyone.
Finally, SIM swap scams are a cybercrime that resembles a real-world heist. It is done quietly. It happens suddenly, and it is devastating. It is made worse by the fact that it is often dismissed as a rare occurrence rather than the widespread fraud that it is. If we do not start paying attention, this silent hack will only intensify.
