Article by Fin24.com on 2009/07/14

Johannesburg – A R7m scam, allegedly perpetrated by a Vodacom employee, represented a world first in breaching SMS-based (short message signal-based) banking integrity, top security firm Kaspersky Lab has said.

On Monday, a Vodacom technician appeared in the Johannesburg Commercial Crimes Court on charges of fraud and contravening the Electronic Communications Act.

According to The Citizen newspaper, the Vodacom employee, Mbokodana Christopher Khoza, is at the centre of the grift involving R7m. Nedbank, Absa, Capitec, FNB, Standard Bank, and KwaZulu-Natal’s Ithala Bank number among banks affected.

“But specialist prosecutor, Richard Chabalala, received another docket during the morning for another R3.3m and successfully requested a seven-day postponement as there are suspicions it might be the tip of the iceberg,” said The Citizen newspaper.

It is suspected that Khoza is involved in a syndicate and intercepted security SMS messages issued to banking clients. Syndicate members would receive the messages and use them to conduct fraudulent online banking transactions.

Costin Raiu, chief security expert at Kaspersky Lab, a company headquartered in Moscow and which has offices worldwide, told Fin24.com the security breach was bound to happen “sooner or later”.

Click here to read the rest of the article on Fin24.com

And I thought that I was save using FNB’s online banking. With FNB you receive a code via SMS which you have to enter before you can add a new recipient to your account. Seems like even that is not fool proof.