A man works on an agent banking transaction. Agent banks are the other source of mobile money fraud. PHOTO/Isaac Kasamani


How fraudsters are raiding mobile money accounts

What you need to know:

  • Many people are losing their mobile money at the hands of fraudsters who have made it their trade to obtain information through a series of cleverly crafted lies.
  • With about Shs1 million, you can acquire as many SIM cards previously used by the dead. So fraudsters use these opportunities to access as many numbers as possible and use it to perpetuate mobile money fraud and related transactions.

Every week, the main telecom service providers in the country register what they describe as multiple complaints of mobile money fraud.

Although they note that such cases are increasingly declining, the problem is: many of such incidences go unreported.

According to cyber security analysts, this silence by victims of mobile money fraud is a “real problem”, considering that it emanates from human error or manipulation, which is much less predictable, making them harder to identify and thwart compared to vulnerabilities in software and operating systems.

For example, just last week, one James Barigye, a boda-bode rider, got an “urgent” call from supposedly a Uganda Communication Commission staffer whose brief he claims was to maintain mobile money network that apparently broke down.

To safeguard his mobile money future transaction, he convinced James to have his Personal Identification Number (PIN), also lazily referred to as PIN number or PIN code changed, only that this time he dutifully assigned himself that role.

Like many victims, James didn’t seem to have the conviction to resist or even question the “alleged UCC staffer” in anyway, after all he was dealing with “the system maintenance officer” of a known government institution.

After the quick “persuasive” call, James was disarmed, this time not under a gun point, but what is technically known as social engineering— implying a broad range of malicious activities accomplished through use of psychological manipulation to trick a target (victim) into giving away sensitive information, just as James did after few minutes of buying into the fraudster’s manipulation.

Within a fraction of a minute after “willingly” giving away his PIN, James got a notification of an amount he didn’t withdraw from his mobile money account!
At that point, he quickly came to his senses, only that it was too late for him recover an amount of money that is nearly three quarters of what he makes in a day these days.
He also didn’t see the need to report the case because he doesn’t believe the recourse will be quick enough to help him recover the losses.  

Countless victims
With the deepening uptake of mobile money service and growing number of registered mobile money customers in the country estimated at over 30 million as of February 2021, according to industry statistics, Mr Barigye’s predicament is just a tell-tale sign of what many people are encountering in the hands of fraudsters who have made it their trade to obtain information through a series of cleverly crafted lies.

Normally, according to the lead campaigner of the ‘Stop the fraud’ (Bafere) initiative, Pastor Ssempa, the scam is often initiated by a perpetrator pretending to need sensitive information from a victim so as to perform a critical task.

People wait outside mobile money kiosks. Mobile money fraudsters appeal to people’s senses to get rich quick and establish trust with their victim. PHOTO/ISAAC KASAMANI

In most cases, according to the Financial Intelligence Authority operation analyst, Mr Kenneth Natukunda, the fraudster starts by establishing trust with their victim by impersonating co-workers, police, bank and tax officials, or other persons who have right-to-know authority before they begin asking questions that are required to confirm the victim’s identity, through which they gather important personal data to allow them “strike”.

“And once you lose the money, it is often very difficult to recover,” he said during an engagement between the digital payment system providers, banks and other key stakeholders to raise awareness and fight mobile money fraud held at MTN headquarters in Kampala recently. 

Number of the dead…
So did you know that the number being used to lure victims into a false promise or to arouse their greed or even curiosity, could have been most likely been for a person who is long dead.
According to FIA’s investigation, it was found out that many of the SIM cards being used to commit mobile money fraud belong to people who have since died and in some cases even forgotten.
“We discovered that mobile phone numbers of people who died three or even four years ago are being used for such fraud. So you have a situation of where people are dead but their mobile numbers are still very much alive,” Mr Natukunda disclosed.

He continued: “With about a million shillings, you can acquire as many SIM cards previously used by the dead. So fraudsters use these opportunities to access as many numbers as possible and use it to perpetuate mobile money fraud and related transactions.

“These numbers are basically used for mobile money transactions and for making calls or sending messages, this is why once the transfer funds is done and withdrawal is accomplished, the number becomes almost defunct or non-existent.”

Once the source of the number is established as for a deceased, the investigation hits a dead end and that is why most such cases go cold.

A woman listens to a phone conversation. Many numbers (SIM card) used by fraudsters to commit mobile money fraud belong to dead people. PHOTO/Isaac Kasamani

Then there is this common problem. Several numbers registered with the many other names.  For example, there are scenarios where one has up to 15 SIM cards registered in other people names, mostly the elderly or senior citizen in remote parts of the country and used to commit fraud and crime.

Cat out of the bag
If there is one thing that you shouldn’t fall for, no matter how hard you have fallen in love, is to reveal your PIN to anybody, including your mobile money service provider or even the regulator.  

“Most mobile money fraud happens once you surrender your PIN to the fraudster,” Mr Stephen Wakhula, the head audit and forensics at MTN, noted in an awareness engagement, adding, “This is normally as a result of social engineering which manipulates emotions in more ways than one before stealing or extracting information that would otherwise be personal and used for their selfish gain.”

 Beware when somebody calls you saying your SIM card is about to be disconnected, sending you into a panic mode, and as a result, you are therefore required to provide some of personal information, including a PIN.

“Just know it is a lie! Don’t fall for any of that,” Ms Wakhula warns. 
Then there are those who are creating excitement normally for a grand draw or promotion that in most cases you are not even part of. Con artists use this to either get your PIN and other personal details. They ask you to send them some money for them to send your gift or present that you have won in a draw or competition you didn’t enter.

There are also cases where one could entrust you with a PIN. In this case, it could be a friend, relative or in-law to perform specific business but ends up initiating transactions that were not part of the agreed plan. This is coupled by a mix-up or confusion where one may authorise a transaction that he or she did not request for.

Further, there are also cases of one’s phone being stolen and money withdrawn from the account by person who either knows the PIN or better still if you have those digits somewhere in your phone’s contact inbox.

Inherent greed
Most victims end up losing money because of greed. According to the head of financial services, Airtel Mr Andrew Rugamba, fraudsters appeal to people’s senses to get rich quick. That is why people send money to fraudsters for registration numbers for a vehicle they don’t own.
But it is very easy to access one’s account. All you need is to dial required commands and you will access one’s account as if it is yours. This is normally possible if one has a weak password.

“If you check, you will realise that many people’s passwords are 1,2,3,4, and this is so easy to breach. Change such passwords immediately because strong passwords are your first line of defense,” Mr Rugamba said.

In her submission, Ms Patricia Amito, the Uganda Bankers Association spokesperson, noted that agents are the other source of fraud.
She said: “There are times when you deposit money through an agent and it doesn’t hit your account on the grounds that the system is either weak or off. Hours later, the money hasn’t hit your account yet before you know it, you have been defrauded.”

She continues: “As human beings we have a tendency of trusting people around us because we have seen them around. This is why we leave money with an agent whom we have seen and it doesn’t reach your account then you end up as a victim.”

All these, according to Pastor Sempa who did a study on Mobile Money Fraud, can be minimised or drastically controlled with concerted efforts in terms of education that empowers potential unsuspecting victims.