Ivan Zhakata-Check PointDesk
SAMUEL MUGANHU was on his way home to Budiriro from the city centre in Harare on Thursday last week when his phone buzzed around 7pm with three messages that left him stunned.
The first alert indicated US$100 had been transferred from his FBC account to his EcoCash account.
A second message added another US$20.
Moments later, a third notification confirmed that the entire US$120 had been sent to someone by the name of Sandra Auxilia Rapoko.
“This was Thursday, around 7pm, when I was travelling home,” he said.
“To my surprise, I received a message that my funds were transferred from my FBC account using my EcoCash number, which I could hardly believe because I had never done such a transaction.
“Those messages made me believe that someone was tampering with my accounts, but I was confident no one knew my confidential PINs.”
Shaken by the rapid stream of the messages, Muganhu immediately called his bank to block the account and later contacted EcoCash, which attempted to call the recipient of the funds without success.
Muganhu was advised to file a police report and submit his bank statements so investigators could trace what had happened.
His case mirrors a growing wave of cyberattacks that experts say are now being fuelled by criminals exploiting hidden mobile phone identifiers — the international mobile subscriber identity (IMSI) and the international mobile equipment identity (IMEI) — to target victims without ever needing their phone numbers.
Cybersecurity experts have warned that these identifiers are becoming powerful tools for criminals conducting sophisticated attacks, a trend reflected in a rising number of arrests across the country.
“People think their phone number is the key to their privacy, but hackers do not even need it anymore,” said Harare-based cybersecurity specialist Mr Tawanda Moyo.
“Once they capture your IMSI or IMEI, they can track you, spy on you or even hijack your communications.”
The risks are not theoretical.
The IMSI — a 15-digit number stored on the SIM card — contains Zimbabwe’s mobile country code 648 and network codes such as 04 for Econet and 01 for NetOne.
The IMEI identifies the physical handset.
Although invisible to users, both identifiers can be intercepted by illegal devices such as IMSI catchers, which mimic legitimate mobile towers and trick phones into revealing their identities.
Digital forensics analyst Mr Nyasha Chikowore said these tools pose a serious threat.
“IMSI catchers force phones to reveal their identities.
“ Once a hacker captures the IMSI, they can monitor the device or initiate a SIM swap without ever knowing the phone number,” he said.
Recent cases in Zimbabwe show how criminals have weaponised these hidden identifiers.
Police recently arrested suspected cybercrime ringleader Tranos Taurai Muzanenhamo, accused of orchestrating a series of SIM-swap and WhatsApp-hacking scams that led to the loss of thousands of dollars.
Investigators said the syndicate allegedly used intercepted identifiers and social engineering to deactivate victims’ SIM cards and take over their mobile accounts.
In another operation, a group of suspects was arrested in Shurugwi after allegedly carrying out more than two dozen SIM-swap and mobile-hacking frauds.
Police reported that the suspects targeted victims by gaining access to their mobile identities, allowing them to breach banking platforms linked to the compromised numbers.
A senior telecommunications engineer, Mr James Matonhodze, said operators maintain secure databases linking IMSIs to subscriber phone numbers, but interception devices bypass these protections.
“Our systems are protected but these external interception tools capture identifiers before they reach the network,” he said.
“That is where the danger is.”
Cybersecurity experts said the public remained largely unaware of how vulnerable their phones are because the identifiers operate silently.
“Your IMSI and IMEI operate silently in the background. If criminals get them, your phone becomes a surveillance device without your knowledge,” Mr Chikowore said.
The surge in cases has prompted renewed calls for stronger regulatory oversight of equipment capable of intercepting mobile identifiers, as well as tighter verification processes for SIM replacements.
Across the region, similar tactics have been reported in South Africa, Kenya and Nigeria, where law-enforcement agencies have warned about the growing use of IMSI catchers and SIM-swap fraud by organised cybercrime groups.
The Communications Authority of Kenya has previously highlighted a rise in mobile-identity interception linked to financial scams, while South Africa’s banks have long flagged SIM-swap attacks as one of the country’s most persistent digital threats.
Cybersecurity analysts say these trends mirror a wider global shift in which criminals increasingly target mobile identifiers instead of phone numbers, exploiting weaknesses in telecommunication networks before communications reach secure operator systems.
Zimbabwe’s recent cases, experts say, place the country within this broader continental pattern of attackers leveraging hidden mobile identities to breach digital accounts.
As the authorities continue to crack down on cyber-related crimes, experts said Zimbabweans must remain vigilant.
“The threat is growing,” Mr Moyo said. “People need to understand that the real danger is not the phone number a hacker doesn’t know; it is the hidden numbers the victim does not even see.”
Additional reporting by Precious Manomano.




