Small business owner Naledzani Davhana, who runs a boutique in Limpopo, was shocked to discover one morning that she couldn’t access her banking app.
Within an hour, R18,000 had vanished. Worse, her WhatsApp Business account was hacked, and she was logged out.
“Customers thought I was ignoring them, and suppliers assumed I wasn’t paying,” she recalled. “It nearly killed my business.”
Her story mirrors hundreds of others across SA and highlights the terrifying reality of SIM swap fraud, a crime in which fraudsters empty bank accounts, silence customer lines, and shatter trust in a matter of minutes.
For SMMEs already juggling rising costs, power cuts, and a sluggish economy, this kind of attack is not just an inconvenience; it is a direct threat to survival. The scam works like a silent heist.
Criminal syndicates trick mobile operators into transferring a business owner’s number to a new SIM card.
Suddenly, every call, every message, every one-time PIN is in the fraudster’s hands.
Banking apps become playgrounds for theft, suppliers can not be paid, and customers see nothing but unanswered messages. In the digital age, losing your number is like losing your keys to the front door.
The Communication Risk Information Centre’s (Comric) 2025 Telecommunications Sector Report revealed that telecom-related fraud cost South Africa around R5.3 billion in 2024.
SIM swaps, subscription fraud, and identity theft were among the most pressing threats. In 2023 alone, SIM swap incidents accounted for nearly 60% of mobile banking fraud cases, with over 5,700 reported incidents.
Without dedicated IT security teams, entrepreneurs become easy prey for syndicates that know mobile banking is the backbone of their daily operations.
Another victim, Megan Rose, related her ordeal.
“My small business account was hacked,my email and phone number were changed within minutes of being out of the country”, said Rose, who runs a wedding supplies business on Amazon.
“They placed orders for themselves worth R3 558”,she said.
Behind each statistic is a small business, often without the safety nets larger corporations enjoy.
Cybersecurity expert Tshegofatso Masango says SMEs are easy prey because they live on their phones.
“Banking, messaging, supplier orders — all through one SIM card. Most rely only on SMS OTPs, and that’s exactly what syndicates exploit,” he said.
Even as mobile operators tighten security with biometrics and two-factor authentication, syndicates adapt. A major weakness lies in the “opt-out” system used by some networks. Victims must actively reject a SIM swap request, which is impossible if they are asleep, travelling, or offline.
For small businesses, the lesson is brutal but clear. Prevention is the only real defence. Experts urge entrepreneurs to ditch SMS OTPs in favour of authenticator apps, separate personal and business lines, use dual authorisation for payments, and report suspicious activity the moment their phone signal disappears.
