A new wave of sophisticated EcoCash scams is sweeping across Zimbabwe, and this time, the thieves do not even need your PIN. Our latest investigation reveals a terrifying “SIM-swap” technique where scammers are able to clone your identity and take over your mobile money account in a matter of seconds. Many victims have reported waking up to empty bank accounts, despite never sharing their passwords with anyone. How is this possible?
We go undercover to talk to former “runners” who explain the “inside job” nature of these crimes. It appears that rogue employees within the telecommunications sector may be providing the “master keys” to these syndicates. We simplify the hidden details of how a simple “network glitch” on your phone could actually be the moment your life savings are being drained.
The story also links these scams to the rising “digital tax confusion,” where scammers pose as tax officials to trick business owners into “verifying” their accounts. This is a must-read for anyone who uses mobile money. We provide a step-by-step guide on how to spot the signs of a SIM-swap before it is too late. This is not just gossip; it is a vital survival guide for the digital age in Zimbabwe, where the “click of a button” can lead to financial ruin.
The Silent Theft: Waking Up to Zero
The most frightening aspect of this new epidemic is the sheer invisibility of the crime. Victims are not being mugged in dark alleys, nor are they carelessly handing over their personal identification numbers (PINs) to strangers. Instead, the robbery happens silently, through the very airwaves that connect us.
The mechanism behind this digital heist is known as a SIM-swap scam. In a traditional phishing attack, a scammer might trick you into revealing your password. But in a SIM-swap, the attacker bypasses the need for your password entirely by hijacking your phone number. Once they control your number, they control your digital life. They can intercept the One-Time Passwords (OTPs) sent by banks and mobile money platforms like EcoCash, granting them unfettered access to your funds.
“I never gave anyone my PIN. I never clicked on any suspicious links. My phone just lost network for a few hours, and when it came back, my money was gone,” lamented one victim, whose story echoes the experiences of many others across the nation. This loss of network signal is often the only warning sign that a SIM-swap is in progress. While you assume it is just a temporary glitch from your service provider, a scammer is busy draining your account.
The Inside Job: Rogue Employees and the Master Keys
How does a scammer manage to convince a telecommunications company to transfer your phone number to their SIM card? The answer, our investigation reveals, points to a deeply troubling reality: the “inside job.”
We spoke to former “runners”—individuals who previously operated within these criminal syndicates—to understand the mechanics of the operation. Their testimonies paint a picture of a highly organised network that relies heavily on the complicity of rogue employees within the telecommunications sector.
“You cannot do a SIM-swap without someone on the inside,” explained a former runner, who asked to remain anonymous for fear of reprisal. “We would identify targets with high balances, and then we would pay off someone at the network provider to process the swap. They have the master keys. They can bypass the security checks.”
This chilling revelation is supported by recent court cases. In September 2025, three Econet employees — Manuel Makuvise, Kudzanai Learnmore Taraziva, and Kudzaishe Shadreck Chakanyuka — along with an accomplice, Joshua Nyaruwashe, were dragged to court for allegedly masterminding a SIM-swap scheme that duped two unsuspecting individuals of US$4,485.
According to the prosecutor, Garry Sengweni, the gang targeted an EcoCash account belonging to Eliah Nkomo. The Econet employees allegedly harvested details of the account holder and supplied them to Chakanyuka, who created a fake identity card bearing Nkomo’s details but Chakanyuka’s face. The employees then processed a SIM card replacement, disabling Nkomo’s line and taking charge of his EcoCash account, subsequently withdrawing US$1,946. In a second incident, they used the same method to steal US$2,539 from another victim, Lynace Phiri.
These cases highlight a systemic vulnerability. When the gatekeepers themselves are compromised, the security of the entire system is thrown into jeopardy. The telecommunications companies are now faced with the monumental task of rooting out corruption within their own ranks to restore public trust.
Digital Tax Confusion: A New Hunting Ground
The rise in SIM-swap scams is not happening in a vacuum. It coincides with a period of significant regulatory change and public confusion in Zimbabwe, specifically regarding the newly introduced “Digital Services Withholding Tax.” This 5% charge on payments to foreign digital platforms has created a fertile ground for scammers to exploit.
The government introduced this tax to collect revenue from international tech giants, but the implementation has been fraught with misunderstandings. Citizens are confused about double taxation—being charged Value Added Tax (VAT) by the company and the new 5% tax by their local bank. There is also confusion about how banks differentiate between physical goods and digital services when processing payments.
Scammers have been quick to capitalise on this chaos. Posing as tax officials or customer service representatives from EcoCash or local banks, they contact business owners and individuals under the guise of helping them navigate the new tax regulations. They claim that the victim needs to “verify” their account to avoid being overcharged or penalised.
During this fake verification process, the scammers trick the victims into revealing sensitive information or, more insidiously, use the interaction to gather the personal details needed to execute a SIM-swap. The confusion surrounding the digital tax provides the perfect cover, making victims more susceptible to manipulation.
“The reality is you just want to hit Zimbabweans with more tax. Which is what I believe it is,” noted a commentator discussing the digital tax. This sentiment of frustration and distrust makes it easier for scammers to present themselves as helpful figures offering a solution to a complex problem.
The Broader Context: A Nation Under Pressure
To fully understand the proliferation of these scams, one must look at the broader socio-economic context of Zimbabwe. The country is currently grappling with a surge in various forms of crime and lawlessness, as evidenced by the recent police crackdowns on overloading and reckless driving.
The Zimbabwe Republic Police (ZRP) has initiated major nationwide operations to curb errant motorists, impounding vehicles and arresting drivers for offences ranging from driving without registration to operating under the influence. “Drivers caught drinking and driving will be arrested. The police also warned public transport operators against overloading their vehicles,” stated a recent police alert.
This environment of general indiscipline and economic hardship creates a breeding ground for opportunistic crimes, including digital fraud. When traditional avenues for income are strained, some individuals turn to illicit means to survive. The sophisticated nature of the SIM-swap syndicates suggests a level of organisation and technical expertise that is alarming, indicating that these are not isolated incidents but part of a larger, systemic issue.
Survival Guide: How to Protect Your Digital Wealth
In this perilous digital landscape, knowledge is your best defence. Understanding how these scams operate and knowing the warning signs can mean the difference between keeping your savings and facing financial ruin. Here is a step-by-step guide to protecting yourself from SIM-swap scams:
- Beware the “Network Glitch”: The most common indicator of a SIM-swap in progress is a sudden and unexplained loss of network signal on your mobile phone. If your phone says “No Service” or “Emergency Calls Only” while others around you have a signal, do not assume it is a temporary network issue. Contact your service provider immediately using another phone to verify the status of your account.
- Guard Your Personal Information: Scammers need your personal details (like your ID number, full name, and address) to convince the network provider to process a SIM-swap. Be extremely cautious about sharing this information, especially over the phone or online. Do not post sensitive details on social media.
- Verify the Caller: If you receive a call from someone claiming to be from EcoCash, your bank, or the tax authority, be sceptical. Scammers can easily spoof caller ID numbers. Hang up and call the organisation back using an official, verified phone number. Never provide personal information or OTPs to an unsolicited caller.
- Understand OTPs: A One-Time Password (OTP) is a security measure designed to protect you. As experts advise, an OTP is only ever required when you are actively making a payment or changing your account settings. If you receive an OTP that you did not request, it means someone is trying to access your account. Never share an OTP with anyone, under any circumstances.
- Monitor Your Accounts: Regularly check your bank and mobile money statements for any unauthorised transactions. The sooner you spot suspicious activity, the quicker you can take action to freeze your accounts and limit the damage.
- Use Strong Authentication: Where possible, enable two-factor authentication (2FA) using an authenticator app rather than SMS. Authenticator apps generate codes locally on your device and are not vulnerable to SIM-swaps.
- Report Suspicious Activity: If you suspect you have been targeted by a scammer, report it to your service provider and the police immediately. Your report could help authorities track down the syndicates and prevent others from falling victim.
Conclusion: A Call for Vigilance and Reform
The EcoCash SIM-swap epidemic is a stark reminder of the vulnerabilities inherent in our increasingly digital lives. The convenience of mobile money comes with significant risks, especially when the systems designed to protect us are compromised from within.
The telecommunications companies must take decisive action to secure their internal processes and root out the rogue employees who facilitate these crimes. Stricter access controls, enhanced monitoring, and severe penalties for complicity are essential steps in restoring public confidence.
Furthermore, the government and regulatory bodies must work to clarify policies like the Digital Services Withholding Tax, ensuring that citizens are not left confused and vulnerable to exploitation. Clear communication and transparent implementation are crucial in preventing scammers from using regulatory changes as a smokescreen for their illicit activities.
Ultimately, the responsibility also lies with the individual. In a world where the “click of a button” can lead to financial ruin, vigilance is paramount. By staying informed, guarding our personal information, and questioning unsolicited requests, we can build a robust defence against the digital predators who seek to empty our bank accounts in seconds. The fight against SIM-swap scams is not just about protecting our money; it is about safeguarding our digital identities and ensuring that the promise of technology is not overshadowed by the threat of exploitation.