GiveDirectly Fraud Steals 1.2M via SIM Swap in DRC

GiveDirectly, an international charity focused on poverty alleviation, uncovered a $1.2 million fraud scheme in the Democratic Republic of the Congo (DRC) earlier this year. The theft involved SIM swapping, a technique where fraudsters impersonate phone users to access their accounts and divert funds meant for aid recipients. Local staff allegedly colluded with criminals to siphon money through the breach, highlighting vulnerabilities in the region’s digital infrastructure.

SIM swapping typically occurs when victims are tricked into sharing personal details with someone posing as an official. This allows fraudsters to intercept two-factor authentication codes, gaining entry to bank accounts and sensitive data. The DRC’s rapid digital expansion has created new opportunities for such attacks. By 2025, mobile phone subscriptions in the country reached nearly 74 million, up from 29.3 million in 2017, according to industry data.

Average data usage per mobile user rose over 24 times between 2016 and 2025, driven by smartphone adoption and improved connectivity. The government’s €8 billion national digital infrastructure plan aims to modernize services but has also exposed gaps in cybersecurity. Nathalie Kienga, DRC’s head of cybersecurity, noted that the country’s internet resilience score stands at 34%, indicating only “medium” capacity to handle disruptions.

Kienga emphasized that digital growth is outpacing the nation’s ability to secure its systems. “Mobile money, fintech, and digital public services are transforming the economy, but this creates pressure on cybersecurity,” she said. Key sectors like finance, energy, and healthcare face heightened risks as they become more interconnected. Future threats may include ransomware, critical infrastructure attacks, and AI-driven social engineering.

Private sector involvement is growing. In 2024, French telecom company Orange began offering cybersecurity services in the DRC. The government also ratified the African Union’s cybersecurity convention in 2023 and launched a national strategy to boost resilience. Proposals include a National Cybersecurity Agency, a computer emergency response team, and a security operations center for real-time threat monitoring.

However, enforcement remains a challenge. Generis Global Legal Services pointed out that regulatory agencies often lack funding and technology to enforce compliance effectively. International partners like the World Bank and French Development Agency (AFD) are stepping in. In February, they announced a $500 million package to support digital transformation, including a government cybersecurity center.

Related: 10 Ways to Be More Sustainable

Kienga highlighted efforts to build local expertise through training and international collaboration. “Cybersecurity is a foundation of investor trust,” she said. Strengthening governance and institutions could attract foreign investment, boost e-commerce, and reduce fraud. The DRC aims to position itself as a trusted digital hub in Africa, balancing market size with institutional reliability.