Font size: Decrease font Enlarge font

MBABANE – An attempt by unknown people to carry out one of the biggest hacking scams in the country has been foiled.

The Times SUNDAY has learnt that scammers hacked into the EswatiniBank systems and transferred into different accounts an amount of money totalling around E140 million. Hacking is the gaining of unauthorised access to data in a system or computer. After transferring the money, the hackers or scammers then began making withdrawals in the bank’s different automated teller machines (ATMs) around the country. This reportedly happened sometime last week but the bank managed to keep this a closely guarded matter for fear of alerting the scammers into covering their tracks and avoiding being brought to book. EswatiniBank, full name Eswatini Development & Savings Bank (EDSB), is a development and commercial financial institution, which is fully owned by the Government of Eswatini. It is a Category A public enterprise.


A review of online threat assessments by cybersecurity experts revealed that the top issues Africa’s online community was likely to face in 2023 included Malware  - a form of computer code that can cripple vital infrastructure or be used to spy on governments and corporations. The experts said the most common use might be to steal money. One group of hackers known as OPERA1OR working out of West Africa reportedly stole more than US$11 million across 12 countries between 2018 and 2022. The group is said to have attacked banks across the region on weekends and holidays, using off-the-shelf equipment and malware available on the dark web. Meanwhile, impeccable sources informed this publication that vigilance from those responsible for the security of the EswatiniBank’s system was able to detect that they had been hacked.


However, the informers revealed that an amount of about E700 000 had already been withdrawn by the scammers from the ATMs by the time the fraud was detected. Enock Mavimbela, the bank’s Executive Manager Operations, confirmed the hacking and did not dispute the amounts involved as these figures were put to him. “Individuals attempted to defraud the bank, fortunately the breach was immediately identified and contained,” he said. On the amount of money the scammers had reportedly already withdrawn, Mavimbela also confirmed such and did not dispute the figures. “The investigations are still ongoing regarding the withdrawal of funds from different ATMs,” he said. Mavimbela also confirmed that the matter has been reported to the police. It is understood that there are suspicions of an inside job, and some employees of the bank are already persons of interest in the ongoing investigations.


“Investigators are looking into some of the bank’s employees and it has not been ruled out that this was an inside job. Some employees might be arrested,” disclosed one of the impeccable sources who have intimate knowledge of the matter. A question was posed to the bank on the suspicions of an inside job and his response was: “It would be premature to comment on this as investigations are ongoing.” The sources likened the hacking to the one that took place in August 2019 at the Eswatini Post and Telecommunications Corporation (EPTC) when the institution was defrauded an amount of E16 million after its IT systems were hacked. The fraud occurred over a weekend and by the time it was uncovered, an amount of E1 million had been withdrawn but the corporation, with the assistance of the police, managed to recover E15 million.  At least five companies and nine individuals had their bank accounts frozen following the fraud as some of the money had been deposited there. One of the recipients of money informed the Times of Eswatini daily newspapers, in an article published on August 20, 2019, said he anticipated no money to be deposited into his account. The businessman said he was not even aware that there was money deposited into his bank account until he went to withdraw from an ATM.


Upon arrival at the ATM, he said he was able to access all details in his account save for getting hard cash. He said when withdrawing, nothing came out except a bank statement informing him that he could not access his cash. “I kept inserting the bank card and nothing came out. I even changed ATMs but the same thing happened.” The benefactor said he was later advised on what had transpired. However, when questioned on how come he was not aware of his bank balance given that any transaction that happens in one’s account was reported through a short message, the businessman requested not to engage on the subject further as the matter was being dealt with by the police.

Meanwhile, in its annual report for the 2019/2020 financial year, which is the latest one available on the bank’s website, EswatiniBank Board acknowledged its primary role on risk oversight in the evolving business and risk landscape. The Board said it had a defined risk governance structure and continuously assessed the structure as the bank faced new risks. The Board said it had taken note of the challenging role for overseeing cyber risk, which was often challenging for even the most tech-savvy companies to keep up with the scope and pace of developments related to hacking, cloud computing, IT implementations, and other technology matters. “All these innovations carry a complex set of risks, and the most serious among them can compromise sensitive customer information and significantly disrupt bank processes,” the Board said.


Further, the bank said it has experienced a rapid surge of requests from government institutions namely, the Royal Eswatini Police Service’s Fraud Unit, Eswatini Revenue Authority, the Master of the High Court, lawyers and the Anti-Corruption Commission. The bank said the requests from these government agents, mainly related to investigations varying from alleged money laundering activities, mobile money fraud, ATM fraud, theft by false pretense, corruption and evasion of tax. In all these investigations, the bank said it was required to either submit sworn statements, customer information and video footage. In its 2019 report, the bank said as more and more customers chose to transact online and through mobile devices, it was making the necessary investment to protect itself and its customers from cyber threats. “The benefits of enhanced customer due diligence capabilities and greater systems security essentially go to the core of our systemic role and allows us to be more proactive in fulfilling that role as a key gate keeper to the financial system,” the bank said.

Comments (0 posted):

Post your comment comment

Please enter the code you see in the image: