[kictanet] problem inherent in how mobile money transactions are done

Walubengo J jwalu at yahoo.com
Wed Mar 16 08:39:09 EAT 2011


this trick is the mobile phone equivalent for email based phishing attacks. It did happen to me late last year.  Someone smsed me a fake but realistic looking MPESA transaction, crediting my account by a mere 200sh.  She then called me immediately thereafter claiming it was a wrong transaction and can I plse re-credit her account accordingly.

Since i consider myself an ethically upright citizen (by Kenyan standards ;-) i planned to MPESA her back the 200sh but got caught up with work.  In the evening I got some time to do this but with time on my side, my sixth sense (courtesy of some IS audit training) told me to just check my MPESA credit.  It had ofcourse not changed (credited) as alleged by my caller(scammer) and so I ignored the process of "returning" her money.

But i was quite impressed at how, Kenyans are getting on with these tricks. I think within 3-5yrs, we shall be giving the Nigerians a run for their money and we shall also have our own wikipedia page :-(

walu.




--- On Tue, 3/15/11, Edith Adera <eadera at idrc.or.ke> wrote:

From: Edith Adera <eadera at idrc.or.ke>
Subject: Re: [kictanet] problem inherent in how mobile money transactions are done
To: jwalu at yahoo.com
Cc: "KICTAnet ICT Policy Discussions" <kictanet at lists.kictanet.or.ke>
Date: Tuesday, March 15, 2011, 6:39 PM


 
 

 
Francis,
 
This happened to me last week. Luckily I don't do money transfer so the person was unable to trick me and quickly disconnected.
 
Not sure what can be done to track such.
 
Edith



________________                                   

 
 
Edith
 Ofwona Adera  
Senior Program Specialist

ICT4D Program and Climate Change & Water Program
International
 Development Research Centre | Centre de recherches pour le développement international 
Regional Office for Eastern
 and Southern Africa
Tel:
 +254202713160 | Fax/Téléc: +254202711063 | Skype: edithadera
eadera at idrc.or.ke
 | www.idrc.ca
 | www.crdi.ca





From: kictanet-bounces+eadera=idrc.or.ke at lists.kictanet.or.ke [kictanet-bounces+eadera=idrc.or.ke at lists.kictanet.or.ke] On Behalf Of Francis.Hook at gmail.com [Francis.Hook at gmail.com]

Sent: 15 March 2011 15:37

To: Edith Adera

Cc: KICTAnet ICT Policy Discussions

Subject: [kictanet] problem inherent in how mobile money transactions are done





I have a colleague who received a rather suspect SMS that, at first glance seemed to advise of money rcvd from someone and a few minutes later someone called to say he had sent the money and error and has a crisis of sorts and would like the money sent
 back. I have seen this twice. Tricksters at work.



When using mobile money I have always wondered about the privacy of such transactions since one is required to sign a sheet with details of the transactions - details which are clearly visible to everyone. I note both ZAP and Mpesa have such sheets. It would
 only take a keen eye to quickly pick out a number next to a high value, memorise it - under the pretext of doing a small transaction and then claim a victim within hours of the person depositing money into their account.



I suppose unregistered mobile numbers must now be de-activated ASAP. 



Be on the look out.
 

-----Inline Attachment Follows-----

_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet

This message was sent to: jwalu at yahoo.com
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20110315/8a8489cd/attachment.htm>


More information about the KICTANet mailing list