Monrovia — A confidential report has obtained by The Liberian Investigator reveals sharp rise in SIM swapping attacks in Liberia, exposing high-profile individuals and businesses to financial and data theft. The attacks, according to the report, are exploiting weak security measures in mobile networks, with Lonestar Cell MTN's app identified as a key vulnerability.
SIM swapping involves deceiving mobile network operators into transferring a victim's phone number to a SIM card under the control of an attacker. By hijacking the number, cybercriminals bypass multi-factor authentication and gain access to critical accounts such as banking and social media platforms. To carry out these attacks, they rely on techniques like phishing, social engineering, and purchasing personal information from data breaches or dark web marketplaces.
The report revealed that the growing number of SIM swapping incidents in Liberia poses a particularly grave risk due to the widespread use of mobile money services, which makes direct access to victims' financial transactions easier for attackers. Victims often remain unaware until they lose signal on their phones or detect unauthorized activities on their accounts, including financial losses or breaches of sensitive data.
A key concern raised in the report is the vulnerability of the Lonestar Cell MTN app, which many Liberians use for convenience when conducting SIM swaps. The app's insufficient security protocols, according to the report, have made it a prime target for cybercriminals. Attackers exploit the app's lax verification processes to commit fraud, leading to an increase in SIM swapping incidents across the country.
To address these growing threats, the report recommended urging Lonestar Cell MTN to temporarily disable its SIM swap feature until the platform is updated with stronger authentication protocols, such as multi-factor authentication or biometric verification. The mobile network operators, have aslo been advised, to overhaul their verification procedures, ensuring that SIM swap requests are thoroughly vetted. These measures, according to the recommendations of the report, could include in-person identification or the use of advanced security technologies to confirm the legitimacy of SIM swaps. Additionally, operators should implement fraud detection systems that can flag suspicious SIM swap requests, particularly when requests are made for the same number multiple times or from unfamiliar locations.
The report advises individuals and businesses to move away from SMS-based two-factor authentication and use app-based authenticators instead. It also advises regular monitoring of accounts, and users should ensure that their security questions are complex and unique.
The report, which has also been submitted to the National Security Agency, urged establishment of regulations that require mobile operators to implement strict identity verification protocols, Furthermore, launching a national awareness campaign to educate the public on cybersecurity threats, such as SIM swapping, and to foster collaboration between telecom providers, financial institutions, and government agencies in sharing information and best practices.