More details on the new form of fraud involving Ecocash transactions hitting the country using Android mobile phone applications to generate scam transaction confirmation SMSes to dupe unsuspecting businesses have emerged.
Investigations by TechnoMag revealed that what happening is that Econet allows the fake or spoofed sender to reflect as 164 which then dupes the merchant into believing a transaction was done.Zimbabwe Information Communication Technologies chairperson Engineer Jacob Mutisi demonstrated the vulnerability of Zimbabweans to such kinds of scams at the Cyber security conference.
“The Zimbabwe government launched the National Financial Inclusion Strategy (NFIS), which seeks to increase the delivery of financial services within the country from 69% in 2014 to 90% in 2020. Financial inclusion is a target for the government to deliver financial services at affordable cost to all sections of disadvantaged and low income segments of the Zimbabwean society as Zimbabwe continue to push for a cashless society.
“This comes with its disadvantages On the 10th of April 2018 there was requested by our ZICT member to prove that our money transaction systems are vulnerable. This was done by sending a fake money transaction message to some of the guest that were attending the Cyber security conference. A further follow up was done by sending a fake bank transfer to stakeholders,” said Engineer Mutisi.
With this scam thousands of dollars have been stolen. Although Econet Wireless, who own the facility, has assured the public that the EcoCash mobile money system was safe, it acknowledged that there had been some cases of fraud. The fraudsters show the fake SMSs to a shop attendant as confirmation of a completed transaction before getting their desired goods. Mobile money has become the preferred mode of transaction among most businesses and individuals in Zimbabwe owing to liquidity challenges.
The fraudsters mostly target businesses where no mechanism to verify authenticity of the transaction confirmation SMS would be in place. Some businesspeople prefer not to leave the mobile phone which verifies mobile money transactions with their shop attendants, resulting in the shop attendants relying on the customer’s phone to verify transactions. With network challenges often delaying receipt of confirmation SMS on the retailer’s mobile phone, shop attendants are sometimes forced to rely on the confirmation SMS on the customer’s phone. Both scenarios leave retailers vulnerable to fraudsters, most of whom only realise they would have been conned upon reconciling transactions at the close of business.
Previously the fraudsters used to edit the SMS from previous transactions, a trick that was easily detectable as one would simply pay particular attention to the date and time the transaction was made. The latest trick using Android mobile phone applications which are easily downloadable on Google Play Store, is not easily detectable as the applications can create real time fake SMS.
Econet Wireless media relations and communications executive Mr Fungai Mandivei said the company has been raising public awareness on fraud cases involving EcoCash as part of efforts to curb the practice. He said, however, the EcoCash system was “very safe and secure”.
“Econet is aware of fraudsters that are going about targeting unsuspecting EcoCash users with a view to defraud them, largely through misrepresentation and identity fraud. We have been raising public awareness of such incidences through various media — including our Econet and EcoCash Facebook pages, our Twitter accounts, via fliers distributed by our brand ambassadors and product distributors, and through direct SMS alerts to our EcoCash customers. We are also passing the same message to our merchants and agents, and are actively assisting the police to investigate and bring to book any perpetrators of such fraud against our customers,” he said.