problem inherent in how mobile money transactions are done
I have a colleague who received a rather suspect SMS that, at first glance seemed to advise of money rcvd from someone and a few minutes later someone called to say he had sent the money and error and has a crisis of sorts and would like the money sent back. I have seen this twice. Tricksters at work. When using mobile money I have always wondered about the privacy of such transactions since one is required to sign a sheet with details of the transactions - details which are clearly visible to everyone. I note both ZAP and Mpesa have such sheets. It would only take a keen eye to quickly pick out a number next to a high value, memorise it - under the pretext of doing a small transaction and then claim a victim within hours of the person depositing money into their account. I suppose unregistered mobile numbers must now be de-activated ASAP. Be on the look out.
Hi Kindly advise them to forward the texts to '333' which is to our Mpesa Fraud team for further investigation. Regards Muchoki From: kictanet-bounces+support=safaricom.co.ke@lists.kictanet.or.ke [mailto:kictanet-bounces+support=safaricom.co.ke@lists.kictanet.or.ke] On Behalf Of Francis.Hook@gmail.com Sent: Tuesday, March 15, 2011 3:38 PM To: Safaricom Support Cc: KICTAnet ICT Policy Discussions Subject: [kictanet] problem inherent in how mobile money transactions aredone I have a colleague who received a rather suspect SMS that, at first glance seemed to advise of money rcvd from someone and a few minutes later someone called to say he had sent the money and error and has a crisis of sorts and would like the money sent back. I have seen this twice. Tricksters at work. When using mobile money I have always wondered about the privacy of such transactions since one is required to sign a sheet with details of the transactions - details which are clearly visible to everyone. I note both ZAP and Mpesa have such sheets. It would only take a keen eye to quickly pick out a number next to a high value, memorise it - under the pretext of doing a small transaction and then claim a victim within hours of the person depositing money into their account. I suppose unregistered mobile numbers must now be de-activated ASAP. Be on the look out. ##################################################################################### NOTE: All emails sent from Safaricom Limited are subject to Safaricom�s Email Terms & Conditions. Please click here to read the policy. #####################################################################################
Thanks Muchoki - there are aware of such recourse. And while its good to have a fraud line its better to take action to prevent the fraud taking place thus my two queries: 1 - Can user privacy be assured somehow when signing for a deposit 2 - Can unregistred numbers be de-activated ASAP On a different note - it would be interesting to know from your fraud unit how many such cases are reported and what percentage are prosecuted - that will lead back to whether its not more important to protect uninformed folk from these tricksters by deactivating unregistered lines and, as an industry, devising new ways to ensure users security/integrity/privacy. Having a fraud line will not deal with the end game. Very soon it will be a form of armed robbery where a depositor is is marked by a mole who signals (SMS) to an accomplice or accomplices to trail and accost the depositor. If the above two were addressed, then mobile money becomes safe once again...for a while perhaps. If I may put it differently - I'd rather own six security dogs and barricade myself in the house than have a false sense of security by the mere presence of a police post 100 meters away - if they caught enough burglars and patrolled more I'd relax knowing something is being done about it. Right now I cannot. Likewise mobile money users who are becoming aware of this new form of trickery. On , Safaricom Support <Support@safaricom.co.ke> wrote:
Hi
Kindly advise them to forward the texts to '333' which is to our Mpesa Fraud team for further investigation.
Regards
Muchoki
From: kictanet-bounces+support=safaricom.co.ke@lists.kictanet.or.ke [mailto:kictanet-bounces+support=safaricom.co.ke@lists.kictanet.or.ke] On Behalf Of Francis.Hook@gmail.com
Sent: Tuesday, March 15, 2011 3:38 PM
To: Safaricom Support
Cc: KICTAnet ICT Policy Discussions
Subject: [kictanet] problem inherent in how mobile money transactions aredone
I have a colleague who received a rather suspect SMS that, at first glance seemed to advise of money rcvd from someone and a few minutes later someone called to say he had sent the money and error and has a crisis of sorts and would like the money sent back. I have seen this twice. Tricksters at work.
When using mobile money I have always wondered about the privacy of such transactions since one is required to sign a sheet with details of the transactions - details which are clearly visible to everyone. I note both ZAP and Mpesa have such sheets. It would only take a keen eye to quickly pick out a number next to a high value, memorise it - under the pretext of doing a small transaction and then claim a victim within hours of the person depositing money into their account.
I suppose unregistered mobile numbers must now be de-activated ASAP.
Be on the look out.
Note:
All emails sent from Safaricom Limited are subject to Safaricom's Email Terms & Conditions. Please click here to read the policy.
This just happened to me 30 minutes ago. Luckily i just dismissed the caller and asked them to call Safaricom to recover the money instead. I will just forward the text to MPESA fraud. The call and SMS came from the same number while ordinarily the SMS notifications came from MPESA. Thanks Francis for raising this. Muthoni On Tue, Mar 15, 2011 at 3:54 PM, Safaricom Support <Support@safaricom.co.ke>wrote:
Hi
Kindly advise them to forward the texts to ‘333’ which is to our Mpesa Fraud team for further investigation.
Regards
Muchoki
*From:* kictanet-bounces+support=safaricom.co.ke@lists.kictanet.or.ke[mailto: kictanet-bounces+support=safaricom.co.ke@lists.kictanet.or.ke] *On Behalf Of *Francis.Hook@gmail.com *Sent:* Tuesday, March 15, 2011 3:38 PM *To:* Safaricom Support *Cc:* KICTAnet ICT Policy Discussions *Subject:* [kictanet] problem inherent in how mobile money transactions aredone
I have a colleague who received a rather suspect SMS that, at first glance seemed to advise of money rcvd from someone and a few minutes later someone called to say he had sent the money and error and has a crisis of sorts and would like the money sent back. I have seen this twice. Tricksters at work.
When using mobile money I have always wondered about the privacy of such transactions since one is required to sign a sheet with details of the transactions - details which are clearly visible to everyone. I note both ZAP and Mpesa have such sheets. It would only take a keen eye to quickly pick out a number next to a high value, memorise it - under the pretext of doing a small transaction and then claim a victim within hours of the person depositing money into their account.
I suppose unregistered mobile numbers must now be de-activated ASAP.
Be on the look out. *Note:* All emails sent from Safaricom Limited are subject to Safaricom’s Email Terms & Conditions. Please click here<http://www.safaricom.co.ke/index.php?id=954>to read the policy. ------------------------------ * *
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: dmuthoni@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/dmuthoni%40gmail.com
-- Muthoni My Blog: http://rugongo.blogspot.com/ -------------------------------------------- Mahatma Gandhi once said:- First they ignore you, Then they laugh at you, Then they fight you, AND THEN YOU WIN!!!
Francis, This happened to me last week. Luckily I don't do money transfer so the person was unable to trick me and quickly disconnected. Not sure what can be done to track such. Edith ________________ Edith Ofwona Adera Senior Program Specialist ICT4D Program and Climate Change & Water Program International Development Research Centre | Centre de recherches pour le développement international Regional Office for Eastern and Southern Africa Tel: +254202713160 | Fax/Téléc: +254202711063 | Skype: edithadera eadera@idrc.or.ke<mailto:eadera@idrc.or.ke> | www.idrc.ca<http://www.idrc.ca/> | www.crdi.ca<http://www.crdi.ca/> ________________________________ From: kictanet-bounces+eadera=idrc.or.ke@lists.kictanet.or.ke [kictanet-bounces+eadera=idrc.or.ke@lists.kictanet.or.ke] On Behalf Of Francis.Hook@gmail.com [Francis.Hook@gmail.com] Sent: 15 March 2011 15:37 To: Edith Adera Cc: KICTAnet ICT Policy Discussions Subject: [kictanet] problem inherent in how mobile money transactions are done I have a colleague who received a rather suspect SMS that, at first glance seemed to advise of money rcvd from someone and a few minutes later someone called to say he had sent the money and error and has a crisis of sorts and would like the money sent back. I have seen this twice. Tricksters at work. When using mobile money I have always wondered about the privacy of such transactions since one is required to sign a sheet with details of the transactions - details which are clearly visible to everyone. I note both ZAP and Mpesa have such sheets. It would only take a keen eye to quickly pick out a number next to a high value, memorise it - under the pretext of doing a small transaction and then claim a victim within hours of the person depositing money into their account. I suppose unregistered mobile numbers must now be de-activated ASAP. Be on the look out.
this trick is the mobile phone equivalent for email based phishing attacks. It did happen to me late last year. Someone smsed me a fake but realistic looking MPESA transaction, crediting my account by a mere 200sh. She then called me immediately thereafter claiming it was a wrong transaction and can I plse re-credit her account accordingly. Since i consider myself an ethically upright citizen (by Kenyan standards ;-) i planned to MPESA her back the 200sh but got caught up with work. In the evening I got some time to do this but with time on my side, my sixth sense (courtesy of some IS audit training) told me to just check my MPESA credit. It had ofcourse not changed (credited) as alleged by my caller(scammer) and so I ignored the process of "returning" her money. But i was quite impressed at how, Kenyans are getting on with these tricks. I think within 3-5yrs, we shall be giving the Nigerians a run for their money and we shall also have our own wikipedia page :-( walu. --- On Tue, 3/15/11, Edith Adera <eadera@idrc.or.ke> wrote: From: Edith Adera <eadera@idrc.or.ke> Subject: Re: [kictanet] problem inherent in how mobile money transactions are done To: jwalu@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Tuesday, March 15, 2011, 6:39 PM Francis, This happened to me last week. Luckily I don't do money transfer so the person was unable to trick me and quickly disconnected. Not sure what can be done to track such. Edith ________________ Edith Ofwona Adera Senior Program Specialist ICT4D Program and Climate Change & Water Program International Development Research Centre | Centre de recherches pour le développement international Regional Office for Eastern and Southern Africa Tel: +254202713160 | Fax/Téléc: +254202711063 | Skype: edithadera eadera@idrc.or.ke | www.idrc.ca | www.crdi.ca From: kictanet-bounces+eadera=idrc.or.ke@lists.kictanet.or.ke [kictanet-bounces+eadera=idrc.or.ke@lists.kictanet.or.ke] On Behalf Of Francis.Hook@gmail.com [Francis.Hook@gmail.com] Sent: 15 March 2011 15:37 To: Edith Adera Cc: KICTAnet ICT Policy Discussions Subject: [kictanet] problem inherent in how mobile money transactions are done I have a colleague who received a rather suspect SMS that, at first glance seemed to advise of money rcvd from someone and a few minutes later someone called to say he had sent the money and error and has a crisis of sorts and would like the money sent back. I have seen this twice. Tricksters at work. When using mobile money I have always wondered about the privacy of such transactions since one is required to sign a sheet with details of the transactions - details which are clearly visible to everyone. I note both ZAP and Mpesa have such sheets. It would only take a keen eye to quickly pick out a number next to a high value, memorise it - under the pretext of doing a small transaction and then claim a victim within hours of the person depositing money into their account. I suppose unregistered mobile numbers must now be de-activated ASAP. Be on the look out. -----Inline Attachment Follows----- _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet This message was sent to: jwalu@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
participants (5)
-
Dorcas Muthoni -
Edith Adera -
Francis.Hook@gmail.com -
Safaricom Support -
Walubengo J