- A surge in SIM swapping attacks in Liberia is exposing high-profile individuals and businesses to financial and data theft, according to a report obtained by The Liberian Investigator
- The attacks take advantage of weak mobile network security, with the Lonestar Cell MTN app, which Liberians use for convenience when swapping SIM cards, identified as a major vulnerability.
- The report highlights that weak security protocols in the app have made it a key target for cybercriminals, as they exploit its lax verification processes to commit fraud, leading to a rise in SIM swapping incidents in the country.
SIM swapping is a cybercriminal technique for tricking mobile network operators into transferring a victim's phone number to a SIM card that they control. They accomplish this through several techniques, including phishing, social engineering, and buying personal information from data breaches or the dark web.
After hijacking the number and bypassing multi-factor authentication, they gain access to important accounts, like banking and social media platforms.
In Liberia, the registered mobile money accounts increased by 39% from 3.5 million in 2019 to 4.92 million in 2020, while mobile money agents rose by 136% from 13,158 to 31,084.
Amid the growing adoption of mobile money services, SIM-swapping attacks have emerged as a significant threat, allowing attackers to access victims' financial transactions. Victims often remain unaware until they experience signal loss or notice unauthorised activities in their accounts.
To combat these threats, the report recommends that Lonestar Cell MTN temporarily disable its SIM swap feature until stronger authentication measures, such as multi-factor authentication or biometric verification, are implemented. It suggests establishing fraud detection systems to identify suspicious SIM swap requests, particularly those that are repetitive or originate from unfamiliar locations.
Individuals and businesses must also discontinue SMS-based two-factor authentication in favour of app-based authenticators, while regularly monitoring their accounts and ensuring security questions are complex and unique.
According to The Liberian Investigator, the report has been submitted to the National Security Agency and recommends regulations for mobile operators to enforce strict identity verification protocols. It also suggests launching a public awareness campaign to educate citizens about cybersecurity threats.
Over time, cybersecurity threats have been a concern in Liberia. In June 2024, reports indicated the country faced a significant cyber security attack on its top-level domain (.LR) from an unknown source. This incident rendered government ministries and agencies unable to access their websites, disrupting operations and posing internal security threats.
Recently, the president of the country, Joseph Nyuma Boakai, called on the legislature to accelerate the passage of the Cybercrime Bill to combat cybercrime and strengthen the nation’s cybersecurity framework.
Give it a try, you can unsubscribe anytime. Privacy Policy.
