Mobile money is now a huge sector in Uganda’s economy. A recent report by the Uganda Communications Commission (UCC) revealed that there is over a trillion shillings deposited in mobile wallets of Ugandans.
But with this enormous growth, which, by the way, thanks to the introduction of mobile money taxes, could even be way bigger, emerges financial hazards: mobile money scams.
The advent of technology added more meaning to the binary construction of mankind: as some folks are innovating for the good of society, others are inventing to destroy it.
Telecom companies and other financial service providers developed mobile wallets to grow the banked ecosystem, but vicious crooks are continuously developing ways to frustrate this process.
There are different types of mobile money scams. Some can be avoided at an individual level, while some are so sophisticated that when carried out, a collection of minds has to be strung together to get a solution.
Below we’ve compiled a list that will give you an insight into the pervasive nature of mobile money scams that are threatening the digital transfer of funds globally.
Social engineered mobile money scams
According to Wikipedia, Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information.
Put another away — the scammer packages his/her message in a manner that will appeal to your psychological weaknesses to perform an intended activity.
Friend/relative/boss in distress
To carry out this type of mobile money scam, the fraudster will first do some research and find out the kind of people you care about.
Armed with this information, they’ll either hack into their (people you care about) emails, access their phones to send a money request for an urgent problem.
The scammer, impersonating your friend/relative/employee, will tell you that they are stuck somewhere and they need you to urgently send them money.
It is now possible for hackers to hack into your email or clone your phone communication apps or SIM cards, and IVR has also made voice impersonation possible. So, when you receive an instant-cash call, you’ve to be creative in proving whether you really know the person that’s making the request.
Some of the key things to look out for are: uncharacteristic behavior, being rushed to skip standard procedure and being rushed along.
Also, some of the information about the people you care about can be picked from your social media, those of you who like revealing a lot about your private information in your social media posts.
Unemployment is a big problem in this day and age. So, scammers are now exploiting this to make some quick money from you. This type of mobile money scam was common in Uganda in 2018.
People would post jobs on social media or inbox you with job offers. Because we include a lot of information about us in our social media accounts, it is a bit easier for someone to track your level of education and employment status.
For instance, when you update your information on quitting a job, completing school or share pictures from your graduation event, people within your social network are notified.
So, scammers, in this case, send you information about a job opening and then forward a document for you to fill in your details.
The only put a condition requesting you to send some money (your social media lifestyle will guide them on how much to ask you) in order to speed up the process; they’ll claim it’s a bribe to motivate the HR or competition is too high so you need to pay something to be shortlisted (considering bribing for a job is now a common trend.)
When you’re too quick to send the money, it’s the last time you’ll ever hear from them. Some who are aggressive will even request money to buy equipment (e.g laptops, company uniform) you’ll need while at work.
When such happens, you need to research about the company if it’s unfamiliar, and if you know the company, check their social media pages, website or make a phone call to the company to confirm if they are actually hiring and demanding for the items the scammer is requesting for.
You can also do some research on the person you’re dealing with. Bottom line: Do as much research as you can before sending any money.
Nigerian inheritance scam
If you’ve been using email or Facebook, you should have already received a message where a ‘lawyer’ claimed that he lost a client who shared a last name with you and died before preparing a Will, so, he/she is writing to you for an opportunity to inherit the money the deceased left in their bank account.
But to be able to get the funds, the scammer claims, you need to send your personal details by email or pay a certain amount of money to support the process of releasing the funds.
The scammers involved in this type of mobile money fraud have different ways of packaging this message, you just need to avoid them. Any conversation you hold with them puts your personal data at risk.
Some of the key things to look out: the message is too good to be true, you don’t know any other characters involved, being rushed along, suspicious pretext of requesting money.
Being able to help makes us feel important to society and it gives meaning to life. For a scammer, this element of human nature can be exploited to make a quick buck.
Here, a scammer will send to you a link to a website asking you to send money to donate to a cause: a person with a chronic illness, a certain part of the country has been struck by disaster. The scammer will ask you to send money using a wire transfer service.
If you don’t do enough research to confirm whether the project is real, you’ll add some money to a scammer’s pocket. (Scammers don’t need to ask a lot of money in such a scheme; they can only request of a contribution for as little as Sh1000 but if the money is wired by many people it will turn into a big sum.)
Mind games and blackmail mobile money scams
Extortion — If you have information you don’t want to land in the public eye and a hacker comes across it, they’ll use it to make you send them mobile money.
In some cases, a fraudster might also be told about it and deceive you that they’ll unleash it to the public if you don’t wire money to their accounts.
The only solution here’s to inform authorities. Paying a scammer doesn’t stop them from defrauding you if it’s the kind of content that can be turned into many copies. He/she might give you the original copy but retain another to extort you when the money you gave them is finished.
Alternatively, some scammers can send death threats or launch viruses onto your computer.
Having them brought to book is the only solution here. To avoid all this, don’t put any sensitive information in places it can be easily found.
Lost and found property – The other way a scammer will get mobile money from you is learning that you lost property and then they call you to claim they’ve found it.
If someone asks for advance payment before returning the property, don’t do it if there’s a way of meeting in person. There’s also a possibility that you might wire the money and they don’t return the property.
Mobile money agent fraud – Agent-customer scams have been greatly reduced because of improving the mobile money interface. Right now, what agents do is charging fees for transactions that are not supposed to be billed; for instance, deposits.
Remotely initiating a withdraw transaction — These days when you visit a mobile money agent to withdraw cash, they’ll do everything and your only role is to complete the transaction with a PIN. If an agent knows your number, they can initiate a withdraw transaction remotely, and you realise that you completed an unintended transaction.
Fake prizes/messages – This is one of the oldest types of mobile money scams. The trick here is a scammer sending you a message that you’ve won a cash prize but to get it you need to first wire a certain fee to pay for taxes or any other cooked-up reason.
Or they’ll send you a text message that appears like the one you’d get after a mobile money transaction. Immediately, they call you saying that they sent money to your account in error so you need to reverse it.
If you don’t take time to check your balance, you’ll end up giving out your own money. The application of this trick in scamming people has gone down since most people now know about it.
Key things to look out for: too good to be true, being distracted, source of message.
When you get attracted to purchasing illegal items or services online, there are high chances of being cheated and the scammer well knows you won’t report anywhere.
For instance, there are lots of online sites in Uganda claiming to be selling sex workers. Normally, they ask you to send some money before they deliver. It is not advisable to pay money to a service that you’ve just discovered and you don’t know anyone who’s used it before.
Sophisticated types of mobile money scams
These are mobile money scams, which, when you become a victim of, to climb out of them, a service provider or authorities have to intervene, for the most part.
Sim card hacking and inside jobs
Most of us use phone numbers when opening social media accounts, bank accounts, email addresses and so on. Technology, unfortunately, has made it possible for someone to clone and hack your sim card.
All they need is a few seconds with your sim card and they’ll be able to hack it so they can easily access your banking details and other private information.
The other way is working with insiders in banking institutions or telcos providing mobile money services to get such details. (The scammer and the insider share the money after stealing it.) Last year we saw Members of Parliament lose their money at the hands of unscrupulous MTN staffers.
Communication impersonating a trustworthy entity, such as a bank or mortgage company, intended to mislead the victim into providing personal information or passwords. A Phish is a fraudulent attempt, usually made through email (although can also be made via phone or text), to steal your personal information or propagate malicious code or software onto your computer.
The advent of interactive voice responses, or IVR, has enabled scammers to create fake voices using robotic programming so that they can call you to get information about you.
Be on the lookout for phony initial coin offerings or ICOs.
In these arrangements, scammers seek investors who are willing to pony up some virtual currency to back a start-up. In exchange, the investors receive a token issued by the company.
In April, the Securities and Exchange Commission filed charges against two founders of a cryptocurrency firm for their role in a fake ICO that raised more than $32 million from investors in 2017. (Source: CNBC)
ATM/credit card skimming
This should be the scariest of all. In ATM/credit card fraud, there is a device called a shimmer: A paper-thin, card-size shim containing an embedded microchip and flash storage inserted into the “dip and wait” card slot of an ATM or gas pump payment terminal that’s indoors or outdoors.
This device is used to intercept data off your credit or debit card’s EMV chip for fraudsters.
The intercepted data is used to create a magnetic stripe version of the card that can be used in payment terminals that haven’t been updated with EMV chip technology.
How to protect yourself from shimmers
1. Use the contactless tap-and-go feature on your credit or debit card instead of swiping or inserting your card.
2. Use contactless mobile services such as Apple Pay or Samsung Pay to tap and pay.
3. If you’re withdrawing cash at a bank, go inside to a teller.
4. Use ATMs in banks rather than more vulnerable standalones.
5. Cover the keypad with your hand when entering your PIN.
6. Don’t proceed with a transaction if your card encounters resistance when it is inserted.
7. Contact the bank, merchant and your card issuer is you suspect your card has been compromised.
Ways of averting mobile money scams
1 Never give your MTN mobile money PIN to anyone; if you’re to give it out, it should the person you’d trust your money with.
2. Make you PIN harder for people to guess; use varying figures when setting up one instead of a recurring figure.
3. Don’t give your phone to mobile money agents
4. Wait for confirmation of your deposit or any transaction before leaving the agent’s kiosk.
5. Count money in front of agent or in front of the camera when in an ATM.
6. Beware of fraudulent text messages and calls
7. Don’t click on suspicious links in emails
8. Report any suspicion of a fraudulent person/agent or transaction immediately
9. Don’t download suspicious apps
10. Do not open a Facebook account with your mobile money number; it can easily be profiled by fraudsters
11. Use your phone’s built-in password system. If you have a smart phone with a Personal Identification Number (PIN) style password, make sure to create a tricky PIN; 1234 is too easy for a thief to guess. (Source: CBA)
12. Adjust your settings so that you phone locks within seconds after you’ve stopped using it. (Source: CBA)
13. Never keep your passwords for online banking or your PIN for your debit or credit card on your phone. (Source: CBA)
If your phone is taken along with your wallet and you have these passwords stored, it will make it easy for the thief to take money out of your account. (Source: CBA)
14. Log out of websites once you are done using them. Again, don’t make it easy for someone looking to defraud you to access your bank account or personal information. (Source: CBA)
15. Use your phone’s app that allows you to locate your lost mobile device and/or delete sensitive information remotely. Or download a reputable one if your phone doesn’t already have this kind of app built in. (Source: CBA)