Shurugwi trio arrested for 29 cases of fraud after stealing US$17 000 and Zig 30 million from multiple individuals

SHURUGWI – A sophisticated cybercrime syndicate that has defrauded dozens of victims across Zimbabwe has been dismantled by police in Shurugwi. The trio, who employed advanced techniques to siphon money from unsuspecting individuals, are now in custody and facing a raft of charges related to phishing scams and mobile money fraud.

National police spokesperson Commissioner Paul Nyathi confirmed the arrests, stating that the suspects are believed to be part of a well-coordinated operation that has targeted victims across the country.

“Police in Shurugwi arrested three suspects believed to be part of a sophisticated cybercrime syndicate that defrauded dozens of victims across the country through phishing scams and mobile money fraud,” Commissioner Nyathi said in a statement.

The suspects have been identified as Tranos Taurai Muzanenhamo, aged 27, Rumbidzai Tsongora, aged 24, and Bradwell Shangwa, aged 25. All three are accused of stealing personal information, cloning SIM cards, and illicitly transferring money from victims’ accounts.

The arrest occurred on Friday, when police located the trio at a local lodge in Shurugwi, where they had been hiding out in an attempt to evade law enforcement.

During the operation, police recovered a Toyota Mark X, which they believe was used as the syndicate’s getaway car. In addition to the vehicle, authorities seized a cache of items, including fake national identification documents, multiple SIM cards, several mobile phones, bank cards, and even handcuffs. Of particular note was the discovery of a Starlink device, which police believe the suspects used to mask their online activities and maintain a secure, untraceable connection to the internet.

Commissioner Nyathi explained the modus operandi of the syndicate, outlining how they targeted victims through various online channels.

“Investigations show the syndicate targeted victims through phishing emails, data breaches, and fake online links, before impersonating them to request SIM replacements. Once they took control of phone numbers, they accessed mobile money, bank, and WhatsApp accounts, transferring cash and asking contacts for emergency funds,” he said.

The suspects are linked to at least 29 cases of cyber-related fraud, with the total amount defrauded from victims amounting to over US$17,000 and ZiG30,665,912.30. The scams have been reported in various locations across the country, including Harare and Bulawayo, as well as several other towns.

The police are urging members of the public to exercise caution and take steps to protect their personal information online. Commissioner Nyathi emphasised the importance of verifying communications before responding to them, particularly when they involve requests for sensitive data or financial transactions.

“These suspects were using advanced methods to steal people’s identities and funds. We urge citizens to protect their personal data and verify communications before responding,” said Commissioner Nyathi.

The suspects remain in police custody as investigations continue, and authorities are working to uncover the full extent of their criminal activities and identify any additional accomplices who may have been involved.

How the Scam Worked

The cybercrime syndicate employed a multi-faceted approach to defraud their victims, exploiting vulnerabilities in online security and leveraging social engineering tactics to gain access to personal information and financial accounts.

Phishing Emails: The suspects sent out deceptive emails that appeared to be from legitimate organisations, such as banks or mobile money service providers. These emails typically contained links to fake websites that mimicked the appearance of the real ones. When victims entered their login credentials or other personal information on these fake websites, the suspects were able to capture the data.

Data Breaches: The syndicate may have also obtained personal information through data breaches, either by hacking into databases or purchasing stolen data from other cybercriminals. This information could then be used to target victims more effectively.

Fake Online Links: The suspects created fake online links that, when clicked, would redirect victims to malicious websites or download malware onto their devices. These links were often spread through social media or messaging apps.

SIM Card Cloning: Once the suspects had obtained enough personal information about a victim, they would impersonate them to request a SIM card replacement from the mobile network operator. By taking control of the victim’s phone number, they were able to intercept SMS messages containing one-time passwords (OTPs) used for two-factor authentication.

Accessing Accounts: With control of the victim’s phone number, the suspects could then access their mobile money, bank, and WhatsApp accounts. They would transfer cash to their own accounts, make fraudulent purchases, or even ask the victim’s contacts for emergency funds, impersonating the victim in their messages.
Police Urge Vigilance

The arrest of this cybercrime syndicate serves as a reminder of the growing threat of online fraud and the importance of taking steps to protect oneself from becoming a victim.

Commissioner Nyathi urged citizens to be vigilant and take the following precautions:

Protect Personal Data: Be careful about sharing personal information online, especially on social media or untrusted websites.

Verify Communications: Always verify the authenticity of emails, SMS messages, or phone calls before responding to them, especially if they involve requests for sensitive information or financial transactions. Contact the organisation directly using a known phone number or website to confirm the communication.

Use Strong Passwords: Use strong, unique passwords for all online accounts, and avoid using the same password for multiple accounts.

Enable Two-Factor Authentication: Enable two-factor authentication (2FA) whenever possible, as this adds an extra layer of security to your accounts.
Be Wary of Suspicious Links: Avoid clicking on suspicious links in emails, SMS messages, or social media posts.
Keep Software Updated: Keep your computer, mobile phone, and other devices up to date with the latest security patches and software updates.

Monitor Accounts Regularly: Regularly monitor your bank and mobile money accounts for any unauthorised transactions.
The police are continuing their investigations into this case and are urging anyone who believes they may have been a victim of this cybercrime syndicate to come forward and report it to the authorities.