As soon fraudsters in Kenya learned how mobile money, especially M-PESA, worked, they went into full gear to exploit the loopholes. Telecommunications companies like Safaricom failed to educate people on how to keep off these fraudsters.
There have been some successes in arresting some of these M-PESA fraudsters and hackers.However, it is always a good idea to know their methods and be on the lookout lest you become a victim.
Below are some of the methods they use.
When you receive an SMS indicating that you have received money from somebody, you need to double check the identity of the sender.
Some fraudsters will send you an SMS saying you've received money, and then they proceed to call you asking you to send the money back. Some people did not know that all legitimate M-PESA text messages come from the SMS sender ID M-PESA, and thus, some Kenyans of goodwill would proceed to comply with the fraudsters request and send the money back, if they had an equivalent or higher amount in their M-PESA accounts.
Mobile SIM card replacement
Since M-PESA was launched in Kenya before there was a requirement for SIM card registration, some people realized that once you were able to steal someone’s M-PESA PIN, you could replace their SIM card.
Once you had a person's M-PESA PIN and their mobile SIM card, fraudsters would then withdraw all the money that is in their victim's M-PESA account.
Unfortunately, this still happens today through the co-operation of some rogue Safaricom agents who conspire to replace SIM cards.
Tuma kwa hii number (Send to this number)
With so many people using M-PESA every day, chances are high that if you surveyed a random sample of a 100 people, there could be one about to send money to someone.
A fraudster would broadcast messages to hundreds of people, asking them to "Send to this number."
They do this with the hope that one of their targets would've been asked to send money to a contact. As such, the victim would interpret the broadcast message to mean that the specific contact wants them to send to a different M-PESA account, and thus they would proceed to send the money without asking questions.
As simple as it sounds, some people have fallen victims to such tricks.
Safaricom introduced a cardless ATM service, whereby one can go to an ATM, choose to withdraw money from M-PESA via the ATM, and all that one needed to do is go through a process on their phone, and they would be sent a one-time-pin (OTP) code which they could punch in the ATM and receive their money.
Since some people do not know about the existence of the service, fraudsters realized that they could trick people to go through the process and send them the authorization code. Minutes later, one would receive an SMS indicating that they have withdrawn money from an ATM hundreds of miles away.
Cover image credit: Individual using the MPESA mobile money transfer.