SIM Swap Fraud in Ghana: How It Works and How to Recover Your Money (2026 Guide)

Executive Summary

SIM swap fraud is a form of account takeover where criminals trick or bribe their way into getting your mobile number reissued on a new SIM card. Once they control your number, they can receive SMS one-time passwords (OTPs), reset banking and mobile money credentials, and sometimes lock you out entirely. Ghana’s Cyber Security Authority (CSA) explicitly warns that SIM swap can follow social-engineering attacks and can lead to loss of communications and access to OTPs and mobile wallets.

Data publicly cited from CSA briefings shows the scale of the broader cyber-fraud context that SIM swaps feed into. According to CSA-linked reporting, Ghana lost more than GHC 19 million to cybercrime between January and September 2025. Separately, CSA figures reported by the Business & Financial Times show 2,008 cyber incidents recorded in the first half of 2025, a 52 percent rise from 2024, with online fraud accounting for 36 percent of cases. A separate business report citing CSA figures puts financial losses in 2024 at GHC 23.3 million and mid-year 2025 losses at about GHC 14.9 million, with fraud and impersonation making up “more than 94 percent” of cases.

Recovery is possible, but it is time-sensitive. A Ghana Police case update reported by the Ghanaian Times describes investigators tracing a GHC 400,000 mobile money transfer linked to a gold robbery complaint. Police obtained a court order to freeze accounts, reverse the transaction, and retrieve funds pending the outcome of the case. That example shows that funds can be pulled back when the money remains traceable and authorities intervene before cashout chains complete. (Note: This case is best understood as a mobile-money tracing and recovery example, not a confirmed SIM-swap precedent.)

The core practical takeaway is an emergency sequence: freeze the SIM and wallet through your telco immediately, preserve evidence, report to CSA and the Police, and escalate complaints to regulators (NCA for telecom process failures and Bank of Ghana for e-money disputes) if providers do not act.

What SIM Swap Fraud Is and How It Works in Ghana

SIM swap fraud is not a “phone hack” in the technical sense. It is usually an identity and process exploit: the attacker manipulates human workflows, documentation checks, and customer-service controls to get your number moved to a SIM they control. Understanding how SIM cards are registered and replaced in Ghana is the first step to protecting yourself.

A Ghana-specific warning from CSA describes the outcome clearly: perpetrators impersonate a victim to a mobile network operator, obtain a new SIM card, and the victim loses communications while criminals potentially gain access to OTPs and mobile wallets.

An official Economic and Organised Crime Office (EOCO) case narrative also shows the bank-side impact. EOCO describes SIM swap and mobile banking app fraud as a social-engineering-driven method where victims are lured into disclosing phone numbers, passwords, PIN codes, and OTPs; fraudsters then take over bank and mobile money accounts.

The SIM swap moment

The typical chain works like this:

• Reconnaissance and targeting. The attacker identifies a victim whose mobile number is linked to mobile money, bank USSD/app, or messaging accounts. This may involve social engineering, stolen data, or insider access. EOCO and investigative reporting both highlight insider assistance as a risk factor in Ghana.
• Identity compromise. The attacker gathers enough personal data to pass replacement checks. A Ghana court case report notes fraudsters used altered or forged ECOWAS identity cards and relied on insiders within telcos and a bank. Investigative reporting also describes fake Ghana Cards being used as the basis for a SIM swap.
• SIM replacement or swap event. The attacker gets the telco to activate a replacement SIM for your number. At this moment, your SIM typically loses network service.
• OTP interception and credential reset. With your number controlled, attackers can receive SMS OTPs, reset mobile money PINs, reset banking app credentials, and re-register WhatsApp or similar services via verification code capture. CSA’s WhatsApp takeover alert explains how verification codes are the pivot point and explicitly links some cases to SIM swap.
• Cash-out and laundering. Funds are pushed through multiple wallets or accounts and quickly withdrawn through agents or merchants. A Ghana Police update on a GHC 400,000 case described funds moving across multiple accounts before intervention.

Why OTPs and USSD make it dangerous

NCA’s SIM registration process already includes identity validation, and new registrations require Ghana Card capture, a subscriber photo, and fingerprints. Once a SIM is swapped, attackers can often access bank USSD and app reset flows that assume the SIM owner is the legitimate user, because OTPs and many alerts route to the mobile number. This risk is central to why Ghana’s telcos and regulators emphasise strong identity verification processes.

How SIM Swap Attacks Happen in Ghana

Attackers use several methods that have been documented in Ghana through official advisories and court cases.

Social engineering and verification code capture

CSA reported 187 WhatsApp account takeover cases during a 2024 alert period driven by social engineering and verification code sharing. The same CSA notice states that some cases escalate into SIM swap fraud to fully hijack communications and access OTPs and mobile wallets. The practical implication is that a “code you received” is often the real asset attackers want, not your phone itself.

Insider collusion at retail or service points

EOCO’s conviction narrative describes fraudsters withdrawing remaining balances from agency points and notes this is “mostly achieved with support of agents from the banks and staff of telecommunication companies to swap sim.” A 2024 court-reported case similarly alleges insider assistance within Vodafone/Telecel, AT, and a bank to swap numbers linked to bank accounts without the actual account holders’ knowledge. (Note: These allegations come from the prosecution narrative, not a final judicial finding.)

ID fraud and document alteration

EOCO’s 2023 conviction account details a syndicate and explains the operational chain: victims disclose credentials, SIMs are swapped, and bank channels are taken over. A 2024 court report further describes altered ECOWAS identity cards being used as part of the SIM swap process. Investigative reporting adds the Ghana Card angle by describing fake Ghana Cards being used as the basis to swap a SIM.

Ghana Incidents and Statistics in the Relevant Window

According to CSA-linked reporting, Ghana lost more than GHC 19 million to cybercrime between January and September 2025. Separately, CSA figures reported by MyJoyOnline show 2,008 cyber incidents in the first half of 2025, a 52 percent rise from 2024; online fraud was 36 percent of cases.

The Business & Financial Times reported CSA figures that 2024 losses were GHC 23.3 million and first-half 2025 losses were about GHC 14.9 million; it also breaks down reported incident types and notes fraud and impersonation accounted for more than 94 percent of cases.

An investigative piece by The Fourth Estate similarly ties mobile money losses to rising cyber incidents and describes SIM swapping, fake Ghana Cards, and insider roles as common methods observed in their reporting.

A 2024 court-reported case (EOCO) describes a bank complaint that GHC 113,947.57 was stolen from six customers’ bank accounts via a sophisticated mobile money and SIM swap scheme. The prosecution alleged insider assistance at telcos and a bank, as well as altered identity documents. (Note: These are prosecution allegations, not final judicial findings.)

A 2026 Ghana Police update reported by the Ghanaian Times describes investigators tracing a GHC 400,000 mobile money transfer linked to a gold robbery complaint, moving across accounts, and obtaining a court order to freeze accounts, reverse the transaction, and retrieve funds pending the case. This is best understood as a mobile-money tracing and recovery example, not a confirmed SIM-swap precedent. For broader context on mobile money security and SIM re-registration efforts, see our dedicated guide.

Gap note: There is no single, consistently published official statistic that isolates “SIM swap fraud” counts and recovery rates nationwide for 2024 to 2026. Most public numbers are aggregated under cybercrime categories (online fraud, unauthorised access, impersonation) and must be interpreted as risk environment indicators, not SIM swap counts.

What to Do Immediately If You Suspect a SIM Swap

If you suddenly lose network service, see unknown PIN reset messages, or stop receiving bank alerts, act within the first hour. Quick action is critical – read our Ghana safety and relocation guide for broader precautions.

First-hour checklist

1. Call your telco immediately using the official numbers in the table below. State “suspected SIM swap and account takeover.”
2. Ask the telco to secure your SIM and wallet profile and to record a case reference number. Keep that number.
3. Preserve evidence: transaction messages, bank alerts, app screenshots, recipient numbers, and exact timestamps.
4. Report to CSA (292, WhatsApp 0501603111, report@csa.gov.gh, or the online reporting form) and request guidance.
5. Report to the Police Cyber Crime Unit (191 or 18555) and request that an investigator documents the case.

Evidence checklist

• Screenshots of “No Service” or SIM inactive messages
• SMS or app notifications of PIN changes or transfers
• Transaction IDs and recipient mobile money numbers
• Timeline of when you lost service and when unauthorised activity occurred
• Any reference numbers given by your telco, bank, or CSA

Who to Contact in Ghana

Telcos – immediate help channels

Contact details may change. Always verify using the operator’s official website.

CSA (Cyber Security Authority)

CSA provides multiple reporting points: incident reporting form online, email report@csa.gov.gh, call or SMS 292, WhatsApp 0501603111.

Police Cyber Crime Unit

The Ghana Police Service Cyber Crime Unit operates through regional commands across the country. Complaint contact channels: Police helpline 18555 or 191, and CID Headquarters digital address. For more on crime reporting and safety in Ghana, see our detailed overview.

NCA (consumer complaint escalation)

NCA’s consumer complaints FAQ explains you should first seek redress from your mobile network operator. If unresolved, lodge a complaint by completing a consumer complaint form, writing a letter, calling the complaint unit on 0307-011419, walking in, or emailing complaints@nca.org.gh.

Bank of Ghana (e-money and payments disputes)

The Bank of Ghana complaints procedure states that if you are not satisfied after complaining to your provider, you may complain to the Central Bank via walk-in, phone or WhatsApp 0593974486, or email complaints.office@bog.gov.gh. BoG complaints can involve complex cases and may take time depending on the documentation and provider response.

Recovery Workflow and Realistic Expectations

Follow this sequence for the best chance of recovering funds:

1. Warning signs appear (no network, SIM suddenly inactive, unknown PIN resets, missing bank/MoMo alerts).
2. Immediately contact your telco via official channels. Request: block/secure SIM, investigate SIM swap, secure wallet profile, reset credentials.
3. Preserve evidence (screenshots, SMS, timestamps, transaction IDs, recipient numbers, agent codes).
4. Report incident to CSA (form/email/292/WhatsApp).
5. Report to Police Cyber Crime Unit (191 or 18555).
6. Notify your bank(s): freeze linked accounts/cards, flag as account takeover.
7. If unresolved, escalate to BoG complaints office and NCA (for telco process failure).
8. If funds moved through multiple wallets, seek court-backed freezing when appropriate.
9. Document outcomes and reference numbers for legal or regulatory follow-up.

Realistic recovery timelines and success rates

Documented cases suggest the investigative and adjudication phases can take months. In the GHC 400,000 mobile-money case, the underlying fraud complaint dates to December 8, 2025, and court appearance dates extend into April 2026. Provider-level SIM swap restoration, by contrast, can be fast when the customer can complete identity verification. MTN publicly advertises self-service SIM swap through the myMTN app and *1333# for eligible users.

Ghana does not publish a nationwide, SIM-swap-specific recovery rate. In the absence of official reporting, the most defensible statement is conditional: your chances of recovery are materially higher when you report immediately and funds are still in a traceable wallet or bank account; they drop sharply after rapid cash-out chains. The public record supports the existence of both swift reversals under court-backed freezes and delayed or contested reversal complaints.

Prevention Best Practices That Actually Map to Ghana’s Threat Model

• Do not share mobile money PINs with anyone, including self-identified agents or telecom staff. CSA explicitly advises that agents and telecom workers are not to ask for your PIN.
• Do not share verification codes. CSA’s WhatsApp takeover alert emphasises that verification codes should be treated like passwords.
• Enable app-level protections where available: WhatsApp two-step verification is specifically recommended by CSA to reduce takeover risk even if a verification code is compromised.
• Assume insider risk exists and behave accordingly. EOCO and court reporting show that some cases involve collusion or compromised internal actors at telcos and banks.
• Use official channels only. MTN, Telecel, and AT publish official phone numbers and digital channels; use those, not numbers from random SMS messages.
• Keep your SIM registration up to date. If you haven’t already, ensure your SIM is properly registered with your Ghana Card to reduce vulnerability.

If you have suffered a significant financial loss from SIM swap fraud and need personalised legal assistance, consider reaching out to a qualified Ghanaian lawyer. Use the form below to get started:

Sources

• Cyber Security Authority (CSA) – Official Advisories and Reporting
• Economic and Organised Crime Office (EOCO) – Conviction and Case Narratives
• Ghana Police Service – Cyber Crime Unit
• National Communications Authority (NCA) – Consumer Complaints and Registration Process
• Bank of Ghana – Complaints Procedures and Payment Systems Act
• MyJoyOnline: “Ghana loses over GHC19 million to cybercrime in 2025”
• The Business & Financial Times: “GHC15m lost to cyberfraud in first-half 2025”
• The Fourth Estate: “Mobile money robberies: Inside Ghana’s rising cybercrime wave”
• Ghanaian Times: “Police probe GHC400,000 MoMo withdrawal linked to gold robbery”
• MTN Ghana – Contact and SIM Swap Information
• Telecel Ghana – Contact
• AirtelTigo – Contact
• Modern Ghana: “EOCO arrests four persons over GHC113,947 MoMo fraud”

Compliance note: All money transfer services must be licensed by the Bank of Ghana.