Mobile Money FRAUD: the new trick and how to stop it
I just learned from trustworthy sources that a former employee of one of the telecoms who worked with a group of fraudsters to steal from mobile money users is still engaging in criminal behavior while serving a prison sentence at Ankaful Prisons.
According to reports, the individual is still giving fraudsters essential tips and strategies on how to get around the system, get consumer data, and convince victims to let down their guard so they may be taken advantage of.
In fact, their most recent ruse makes it abundantly evident that someone other than a social engineer is behind it. Someone with more knowledge than the usual fraudster is exploiting his inside information in this case.
The JUMPED trick
In mine, and my wife’s cases, they just sent pop-up messages for us to approve a transfer from our own wallet. But the new trick they use now, I am told, is called JUMPED.
What they do is they send you a small amount of about GHS10 or GHS20, and quickly initiate a withdrawal of a bigger amount from your wallet remotely. So, if you try to go into your wallet to check your balance, once you dial *170#, the first thing that comes up is a pop-up message of a pending APPROVAL of a transfer from your wallet. If you don’t watch careful and key in your PIN, they will steal your money easily.
So in fact, the fraudster makes a real deposit with his number into your wallet – it’s not a fake deposit. But the problem is that right after he makes the deposit, he launches a withdrawal on your number. How they initiate a withdrawal from your number remotely, is a trick that could only come from person(s) who have worked in the mobile money space before or still work in it. It is understandable if a remote withdrawal is initiated from a POS device or a merchant number. But from a personal phone number is still something that beats my mind. And that is where the guy in jail and people like him come in.
How to stop JUMPED
The key requirement here is vigilance.
1. When you receive cash, never enter you wallet via *170# and dial your PIN to check your balance. Just open the SMS notification and check if the cash received has actually been added to the money on your wallet. If you are not sure, wait for a long while before you actually use *170# to check. Don’t rush. When you rush you crush! Remember that.
2. When you dial *170#, remember your only aim is to “CHECK BALANCE”, which means you have select number 6. My Wallet, then 1. Check Balance, before you key in your PIN. Apart from that, any other pop-up that requires your PIN should be ignored and be reported to your service provider.
3. The other trick you can adopt to beat the fraudsters is when you receive a deposit, and that APPROVAL pop-up comes, just type in the wrong PIN and that will cancel all withdrawal requests, before you check your balance with your real PIN later on.
Telcos used to deny that their staff were involved in the mobile money fraud problem. But the police recently expressed worry over how telcos put stumbling blocks in the way of the police when they are closing on criminals in the midst of the telcos.
The last time, at a forum by the Ghana Chamber of Telecommunications, the telcos openly admitted for the first time that they have caught and penalized criminals in their midst quietly. When I asked why they did not do “naming and shaming”, their spokesperson made an analogy which I thought was fair, that all organization catch and punish wrongdoers in the midst all the time, but it is usually done on the quiet because of the implication it may have on the reputation of the entire organization. It is understandable, but let’s know that some of the criminals who launch attacks on our mobile money wallets are telco staff or former telco staff.
With that said, let’s all be vigilant because you never know what the next new trick will be.