Monday, April 30, 2018

How crooks steal from your phone


Your phone is the new banking hall, and in it fraudsters roam
Kenyans lost more than Sh17 billion last year to fraud,
Kenyans lost more than Sh17 billion last year to fraud, and mobile phones aided much of the theft. PHOTO | FILE 
By NATION TEAM
More by this Author

Geoffrey Karanja, a Makuyu mechanic, was full of joy last Friday after receiving a call from a man
who said he wanted to contract him to fabricate a body for his truck. He would pay him well too, the caller promised, and immediately wired Sh450,000 to Mr Karanja’s bank account. The transaction was confirmed by the bank, whose name we are not revealing for legal reasons.
A couple of hours later, the client called and asked Mr Karanja to send him Sh80,000 as he had an emergency. He would pay him back once the fabrication job was complete, he promised.
“I reasoned that I’d still retain his Sh370,000, so I sent him the money,” Mr Karanja told the Nation this week.
As it turned out, he should have reasoned more, because the following day the bank sent him a message indicating that the Sh450,000 transaction had been reversed.
CONNED
Mr Karanja had been conned of his Sh80,000 in the smoothest way possible, joining thousands of other Kenyans who are losing billions of shillings annually to mobile phone fraudsters.
This theft is mostly under-reported and rarely leads to any convictions, in part because the police do not have the capacity to investigate and successfully prosecute this sort of cybercrime, and also because banks keep hiding the inefficiencies of their financial transactions platforms from their clients.
The victims, like Mr Karanja, are left to lick their wounds in agonising silence.
“When I called the bank, an agent informed me that clients have the right to reverse electronic money transactions,” he said.
In Nakuru, Mary Wambui says she was touched when someone called to plead that he had inadvertently sent her Sh5,000 on M-Pesa, so could she be kind enough to send back the money, which was meant for school fees, less the transaction cost? She obliged without even checking the balance in her mobile money account, and ended up losing her Sh5,000 in seconds.
HYENAS
The cons, who are like a pack of hyenas hunting in the dark, prey on the ignorance, gullibility and vulnerability of their targets to steal. Their messages are sent out randomly in the belief that at least one person will respond. And, often, they hit jackpots.
For instance, 83-year-old Wangechi Nderitu recently received a message informing her that she had won Sh100,000 in a raffle competition that she had registered for, and needed to call a particular number to claim her prize money.
When she did, she was asked to send Sh10,000, which would be used to book an appointment to collect the prize, as well as for other small administrative matters. She did as asked, and then waited for further instructions. They never came.
“The man on the other end went off the network soon after I sent him the Sh10,000,” recalls the granny from Othaya, Nyeri County.
SECURITY
Questions abound on the security of mobile money transaction platforms, and also on the capacity of security agencies to tame the fraud. Mobile phone users must register their subscriber identification module (SIM) cards with the service providers, who in turn have the capacity to trace the movement and withdrawal of money within their networks.
The con artists are also preying on the emotions of parents by asking them to send money to pay for the emergency medical costs of the parents’ children, whom they claim have fallen ill while in school.
“They usually claim that they are good Samaritans in a hospital and urgently need cash for the children to get admitted,” said Imenti South police boss John Cheruiyot. “Schools have been forced to issue warnings to parents over the vice as the fraudsters, who often pose as teachers, have so much detail about their target children and the schools they attend.”
CHEAP
The tricks might appear lame and cheap, but they are a fraudster’s manna from the dark reaches of the criminal underworld. The criminals have a ready, fat market waiting for them, sitting within the motherboards of millions of mobile phones and hundreds of electronic bank vaults like lame ducks on a wintry night.
The Economic Survey of 2018 indicates that mobile money transfers totaled Sh1.76 trillion last year, from about 600 million transactions. Police records show financial institutions lost Sh17 billion to fraudsters in 2016 and Sh14 billion in 2015, but there is no data on amounts lost through mobile money fraud.
Police say the fraudsters are now manipulating victims to reveal the PINs to their mobile money accounts, leading to their depletion of funds in no time. Some cases involve deception, use of technology and fake money to steal from the public and M-Pesa dealers.
M-PESA PIN
“Since it is hard for them to infiltrate the M-Pesa system, they use non-technical methods, or social engineering, as it is popularly known. This involves tricking unsuspecting people into breaking normal security procedures and manipulating them into, among others, revealing their M-Pesa PINs,” said Nakuru County Commissioner George Natembeya.
Ms Mary Nyamoita, an M-Pesa agent in Kivumbini area of Nakuru, says she receives at least 10 complaints every day from customers who have been defrauded as they seek to have the transactions reversed. Depositors giving fake notes is the biggest threat to her business, and traders in Embu, Mombasa and Narok also said this is a big risk to them too.
Detectives in Narok last week arrested five people who are believed to be members of a syndicate involved in SIM card-swapping. The suspects are accused of stealing millions of shillings from the M-Pesa and M-Shwari accounts of unsuspecting victims.
The criminals pose as mobile customer care desks where people with mobile money transactions hitches are attended to. They then randomly pick mobile numbers to which they send fraudulent messages purporting to be original M-Pesa transaction texts.
MOBILE MONEY FRAUD
Nakuru criminal investigations boss Zachary Kariuki said a man from Baringo County recently lost Sh2 million to mobile money fraud, which is usually perpetrated by digital-savvy youth as young as 18 years.
In Embu, Geoffrey Kamau Maina and Elizabeth Wanjiru Kamau were recently almost lynched by a mob after giving fake money to an M-Pesa agent. They denied the charges before Embu Resident Magistrate Samuel Mutai, who released them on a Sh100,000 bail with a surety of a similar amount, or a Sh50,000 bond. The case is ongoing.
In Laikipia, Clement Alumasa was convicted of hacking the M-Shwari account of Stephen Ouma on March 30 this year and fined Sh150,000 or two years in jail. He appealed the judgment, and the High Court swiftly threw out his application.
RECEIVED CALL
His case was of particular interest because it revealed yet another tactic that fraudsters are using. Mr Ouma said he received a phone call from a man who identified himself as Anthony, an an employee of Safaricom.
The caller informed him that Safaricom had received a complaint from someone that his cell phone number was interfering with theirs. Mr Ouma gave Antony his personal details except the M-Pesa PIN.
After the telephone conversation Mr Ouma’s line went dead, only for him to later discover that his M-Shwari account was short of Sh120,000. Records at Safaricom showed the withdrawals were made using a cellphone registered to Mr Alumasa, who was tracked to Moi University and arrested.
 Reporting by Joseph Wangui, Isabel Githae, Charles Wanyoro, Ndung’u Gachane, George Sayagie, Eric Matara, Rushdie Oudie, Lucy Mkanyika, Brian Wachira, Kalume Kazungu and Fredrick Fadhili

No comments :

Post a Comment