this trick is the mobile phone equivalent for email based phishing attacks. It did happen to me late last year.  Someone smsed me a fake but realistic looking MPESA transaction, crediting my account by a mere 200sh.  She then called me immediately thereafter claiming it was a wrong transaction and can I plse re-credit her account accordingly.

Since i consider myself an ethically upright citizen (by Kenyan standards ;-) i planned to MPESA her back the 200sh but got caught up with work.  In the evening I got some time to do this but with time on my side, my sixth sense (courtesy of some IS audit training) told me to just check my MPESA credit.  It had ofcourse not changed (credited) as alleged by my caller(scammer) and so I ignored the process of "returning" her money.

But i was quite impressed at how, Kenyans are getting on with these tricks. I think within 3-5yrs, we shall be giving the Nigerians a run for their money and we shall also have our own wikipedia page :-(

walu.




--- On Tue, 3/15/11, Edith Adera <eadera@idrc.or.ke> wrote:

From: Edith Adera <eadera@idrc.or.ke>
Subject: Re: [kictanet] problem inherent in how mobile money transactions are done
To: jwalu@yahoo.com
Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke>
Date: Tuesday, March 15, 2011, 6:39 PM

Francis,
 
This happened to me last week. Luckily I don't do money transfer so the person was unable to trick me and quickly disconnected.
 
Not sure what can be done to track such.
 
Edith

________________                                   

Edith Ofwona Adera

Senior Program Specialist

ICT4D Program and Climate Change & Water Program

International Development Research Centre | Centre de recherches pour le développement international

Regional Office for Eastern and Southern Africa

Tel: +254202713160 | Fax/Téléc: +254202711063 | Skype: edithadera

eadera@idrc.or.ke | www.idrc.ca | www.crdi.ca

From: kictanet-bounces+eadera=idrc.or.ke@lists.kictanet.or.ke [kictanet-bounces+eadera=idrc.or.ke@lists.kictanet.or.ke] On Behalf Of Francis.Hook@gmail.com [Francis.Hook@gmail.com]
Sent: 15 March 2011 15:37
To: Edith Adera
Cc: KICTAnet ICT Policy Discussions
Subject: [kictanet] problem inherent in how mobile money transactions are done

I have a colleague who received a rather suspect SMS that, at first glance seemed to advise of money rcvd from someone and a few minutes later someone called to say he had sent the money and error and has a crisis of sorts and would like the money sent back. I have seen this twice. Tricksters at work.

When using mobile money I have always wondered about the privacy of such transactions since one is required to sign a sheet with details of the transactions - details which are clearly visible to everyone. I note both ZAP and Mpesa have such sheets. It would only take a keen eye to quickly pick out a number next to a high value, memorise it - under the pretext of doing a small transaction and then claim a victim within hours of the person depositing money into their account.

I suppose unregistered mobile numbers must now be de-activated ASAP.

Be on the look out.

-----Inline Attachment Follows-----

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet

This message was sent to: jwalu@yahoo.com
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com