How conmen steal cash on mobile money lines

The recent hacking into Uganda’s mobile money networks has plunged the country’s telecommunication industry and banking sector into a state of both uncertainty and extra alertness.

The cyber fraud that happened on October 3, arose from a security breach at Pegasus Technologies, a company that integrates mobile money transactions between telecom companies, banks, and other local, regional, and international money transfer services. 

Unidentified hackers intruded into the systems of Pegasus Technologies, making off with billions of shillings.

However, Daily Monitor has made an underground investigation on how the hacking is developed and finally executed.

Credible security sources with the telecom companies told Daily Monitor that the fraud starts from the field persons who are authorised to register SIM cards for different clients.

A source said there is a machine named Login–KYC (Know Your Customer) that is provided by telecom companies to the field personnel to register new subscribers. He indicated that the field teams collude with the telecom’s IT personnel to manipulate the internal system to allow unrecognised numbers.      

“With manipulated KYC machines, the telecom agents who register SIM cards use them to also register SIM cards for persons without National Identity card for Ugandans, passport for foreigners and refuge cards for refugees who are in Ugandan camps,” he said.

The telecom agents use existing particulars of already registered persons, which are in the system, to register active lines for people without the requirements.

“Such cards that are not in the system of telecom companies are the ones that conmen use to call MTN or Airtel customers deceiving them that they have won money with MTN or Airtel adverts and they authorise them to dial some codes,”  the source said.

Login identity

Another source who is well- versed with telecom systems told Daily Monitor that there is an IT application which doubles as the login identity for a telecom company. This application is used to transfer active lines of one telecom company to another.

“On this issue, what the agent does is that he or she gets the particulars of the person he has registered with the telecom firm and he just changes the code number of that telecom network to another telecom system and makes the active line for someone without the required documents,” the source said.

This kind of cybercrime is increasing and has been used to execute many high profile crimes. Once the fraudsters get into your telephone line system, they reset the pin and withdraw money from the mobile money account. 

Another way in which fraud is executed is if the agent knows a client who deposits money on his or her mobile phone number. The agent, using other particulars, does a SIM swap and resets the pin and withdraw the money.

If fraudsters also estimate that a certain line has money on its account, they truck the owner of the line to trick them that they are from a telecom company and are upgrading the Mobile Money system. They then ask them to enter their PINs in order to activate the number. 

The moment one enters the pin, the money is taken instantly.

Application of pin reset

There is also another move that involves a mobile application which is used to do a PIN reset. This application can hack into the data base of National Identification Regulatory Authority (Nira).

The application retrieves people’s particulars from the Nira data base and uses them to hack into people mobile money and bank accounts.

Mr Thomas Muhumuza, a victim of mobile money fraud, said: “I remember when I lost my phone, they didn’t only end up withdrawing my money on the SIM card but they also borrowed money in my name which I had to pay. There must be some insiders doing this.”  

Mr Kiiza Willy, a trader in Kikubo, downtown Kampala, said his mobile line abruptly stopped working and when he called the MTN customer care, he was told to enter figures 8272 to activate the line but it did not become active. 

He said the customer care told him to again enter figure 6581 but the line did not work. He said finally he received a message that his pin had been blocked.

“After some minutes, another number called me and the caller told me to retry my pin after 12 hours.  Before 12 hours elapsed, I tried to check my mobile money account and I found out that Shs1,000,000m was withdrawn,” Mr Kizza said.

Ms Sumin Namaganda, the spokesperson for Airtel Uganda, a telecom company,  said the company follows guidelines issued by Uganda Communications Commission.

“As far as line registration is concerned, for one to get an active line, he or she must have a valid National Identity card, passport for foreigners and refuge card for refugees,” Ms Sumin said.

On the issue of manipulating the KYC machines, Ms Namaganda said the information is new to them but she would contact the company’s technical people to investigate the matter more.

The spokesperson of the Criminal Investigations Directorate, Mr Charles Twine, said they receive about 20 cases of fraud per week. 

Swapping lines

Another trick of stealing from mobile money accounts is through SIM card swapping. This is also known as SIM card replacement. It is normally done to upgrade from 3G to 4G network or replacing lost SIM cards or damaged SIM cards.

‘‘During SIM card swap, the agent asks you whether you have money on your number that you want to replace. If a customer has the money on the account, the agent gives the customer the line that is not active saying it will be active within 48 hours. Then the agent immediately swaps the line, makes it active and does a pin reset and withdraws the money,” a source said. 

The number will not be activated even after the lapse of the 48 hours. It remains inactive until you complain to the telecom company, which then checks in the system only to find that the mobile money was withdrawn on the day one swapped the SIM card.