Mobile Money FRAUD: the new trick and how to stop it

Share this

I just learned from trustworthy sources that a former employee of one of the telecoms who worked with a group of fraudsters to steal from mobile money users is still engaging in criminal behavior while serving a prison sentence at Ankaful Prisons.

According to reports, the individual is still giving fraudsters essential tips and strategies on how to get around the system, get consumer data, and convince victims to let down their guard so they may be taken advantage of.

In fact, their most recent ruse makes it abundantly evident that someone other than a social engineer is behind it. Someone with more knowledge than the usual fraudster is exploiting his inside information in this case.

More information about this particular imprisoned fraudster and his kind is gradually emerging.

However, it is critical to lift the veil on the new trick so that we are all aware and vigilant.

Anomaly or Intentional?

The MTN employees informed me that the anomaly had been fixed, so I didn’t do anything about it.

However, I also brought up the problem to some of my other coworkers on a WhatsApp platform, and numerous users there claimed to have experienced the same pop-up notifications from various vendors.

The fact that all of the pop-ups originated from separate POS devices used by different merchants, rather than from one single POS device, makes the claim that it was an aberration from the specific vendor who tried to steal my money unsustainable.

Not long ago, my wife and I both received pop-ups on our phones around the same time, requesting that we APPROVE the transfer of GHS150 each from our wallets to separate merchant wallets.

We didn’t, of course.

I notified MTN of the problem and provided information about the pop-up.

A very helpful MTN employee checked things out and returned to me, saying the pop-up on my phone was from a POS (point of sale) device of one of their merchants and that it was normal.

This is where I sometimes get worried with how telcos handle some of these issues and the kind of feedback they give to customers.

And that is how fraudsters are boldened and they keep doing it and getting the gullible few who only get to know about this tricks after the fact – when they have already been defrauded.

The telcos are daily cautioning customers about fraud, which is good. But if they would be honest about some of these specific issues we report and heighten the caution to the public when such issues come up, rather than saying it is a mere anomaly, it will help all of us.

The JUMPED trick

In mine, and my wife’s cases, they just sent pop-up messages for us to approve a transfer from our own wallet. But the new trick they use now, I am told, is called JUMPED.

What they do is they send you a small amount of about GHS10 or GHS20, and quickly initiate a withdrawal of a bigger amount from your wallet remotely. So, if you try to go into your wallet to check your balance, once you dial *170#, the first thing that comes up is a pop-up message of a pending APPROVAL of a transfer from your wallet. If you don’t watch careful and key in your PIN, they will steal your money easily.

So in fact, the fraudster makes a real deposit with his number into your wallet – it’s not a fake deposit. But the problem is that right after he makes the deposit, he launches a withdrawal on your number. How they initiate a withdrawal from your number remotely, is a trick that could only come from person(s) who have worked in the mobile money space before or still work in it. It is understandable if a remote withdrawal is initiated from a POS device or a merchant number. But from a personal phone number is still something that beats my mind. And that is where the guy in jail and people like him come in.

How to stop JUMPED

The key requirement here is vigilance.

1. When you receive cash, never enter you wallet via *170# and dial your PIN to check your balance. Just open the SMS notification and check if the cash received has actually been added to the money on your wallet. If you are not sure, wait for a long while before you actually use *170# to check. Don’t rush. When you rush you crush! Remember that.

2. When you dial *170#, remember your only aim is to “CHECK BALANCE”, which means you have select number 6. My Wallet, then 1. Check Balance, before you key in your PIN. Apart from that, any other pop-up that requires your PIN should be ignored and be reported to your service provider.

3. The other trick you can adopt to beat the fraudsters is when you receive a deposit, and that APPROVAL pop-up comes, just type in the wrong PIN and that will cancel all withdrawal requests, before you check your balance with your real PIN later on.

Telcos used to deny that their staff were involved in the mobile money fraud problem. But the police recently expressed worry over how telcos put stumbling blocks in the way of the police when they are closing on criminals in the midst of the telcos.

The last time, at a forum by the Ghana Chamber of Telecommunications, the telcos openly admitted for the first time that they have caught and penalized criminals in their midst quietly. When I asked why they did not do “naming and shaming”, their spokesperson made an analogy which I thought was fair, that all organization catch and punish wrongdoers in the midst all the time, but it is usually done on the quiet because of the implication it may have on the reputation of the entire organization. It is understandable, but let’s know that some of the criminals who launch attacks on our mobile money wallets are telco staff or former telco staff.

With that said, let’s all be vigilant because you never know what the next new trick will be.

credit: https://www.techgh24.com/