Beware of mobile wallet thieves, CA tells Kenyans
What you need to know:
- Some come as messages asking recipients to form a relationship with the sender.
- CA defines social engineering as an attack that manipulates people into breaking normal security procedures.
- Some victims of sim swaps have accused mobile service providers of aiding the fraud.
“Dear Customer, KCB M-Pesa soft loan is now available to all M-Pesa users. Send 555555 to 0101009601 to request a loan from Sh10,000 to Sh250,000 or call 0101009601.”
“Dear customer your ATM card has been BLOCKED because you have not updated yet. If you want to keep using your ATM card, please call our number …92146993.”
You may have received such texts in the same format or others from individuals nudging you to either send money urgently, refund cash that has been “accidentally received to your account”, access mobile app loans or get a shipment you never ordered.
Others come as messages asking recipients to form a relationship with the sender.
These are the new social engineering tricks that sim swap/sim jacking fraudsters are using to steal from mobile money, loan apps and bank accounts.
Social engineering
The Communications Authority of Kenya (CA) defines social engineering as an attack that manipulates people into breaking normal security procedures and best practices to gain access to systems, networks or physical locations for financial gain or information.
This can be done through phishing, where victims are sent emails or texts drafted in a manner that creates some sense of urgency, curiosity or fear.
“It is through this that victims reveal sensitive information or end up clicking on malicious website links,” CAK says.
It is also done through pre-texting, where the fraudster pretends to be in need of information so as to confirm the identity of the person he or she is talking to.
Tricks
This happens often when the caller pretends to verify if you are the winner of a competition you never took part in.
They ask to confirm your mobile number, location and availability to collect your prize.
Other tricks include hackers calling and pretending to be mobile service providers’ technical support staff. They usually ask victims questions to get confidential information like passwords and bank accounts details.
Once they have access to your identification number, passwords and bank accounts, they port your number to a SIM card that is under their control.
Some victims of sim swaps have accused mobile service providers of aiding the fraud.
A politician last year shared details of his accounts and mobile number with a call centre at his bank and ended up losing Sh1.9 million while in Israel.
Ikinu Ward Representative Stanley Kiarie Wanjiku reported that Sh1.873 million and Sh40,000 was withdrawn without his approval from his bank accounts and M-Pesa respectively.
What he did not know was that his line had been replaced and his M-Pesa PIN regenerated and issued to strangers.