News / National
Ecocash fraudsters in fake SMS scam
08 Apr 2018 at 09:23hrs | Views
A new form of fraud involving EcoCash transactions has hit the country, with fraudsters now using Android mobile phone applications to generate fake transaction confirmation SMS to dupe unsuspecting businesses, investigations have shown.
Although Econet Wireless, who own the facility, has assured the public that the EcoCash mobile money system was safe, it acknowledged that there had been some cases of fraud. The fraudsters show the fake SMSs to a shop attendant as confirmation of a completed transaction before getting their desired goods. Mobile money has become the preferred mode of transaction among most businesses and individuals in Zimbabwe owing to liquidity challenges.
Investigations by Sunday News showed that fraudsters were targeting businesses where biller codes would be displayed.
The fraudsters mostly target businesses where no mechanism to verify authenticity of the transaction confirmation SMS would be in place. Some businesspeople prefer not to leave the mobile phone which verifies mobile money transactions with their shop attendants, resulting in the shop attendants relying on the customer's phone to verify transactions. With network challenges often delaying receipt of confirmation SMS on the retailer's mobile phone, shop attendants are sometimes forced to rely on the confirmation SMS on the customer's phone. Both scenarios leave retailers vulnerable to fraudsters, most of whom only realise they would have been conned upon reconciling transactions at the close of business.
Previously the fraudsters used to edit the SMS from previous transactions, a trick that was easily detectable as one would simply pay particular attention to the date and time the transaction was made. The latest trick using Android mobile phone applications which are easily downloadable on Google Play Store, is not easily detectable as the applications can create real time fake SMS.
Econet Wireless media relations and communications executive Mr Fungai Mandivei said the company has been raising public awareness on fraud cases involving EcoCash as part of efforts to curb the practice. He said, however, the EcoCash system was "very safe and secure".
"Econet is aware of fraudsters that are going about targeting unsuspecting EcoCash users with a view to defraud them, largely through misrepresentation and identity fraud. We have been raising public awareness of such incidences through various media — including our Econet and EcoCash Facebook pages, our Twitter accounts, via fliers distributed by our brand ambassadors and product distributors, and through direct SMS alerts to our EcoCash customers. We are also passing the same message to our merchants and agents, and are actively assisting the police to investigate and bring to book any perpetrators of such fraud against our customers," he said.
National police spokesperson Chief Superintendent Paul Nyathi said, "I would need to make enquiries on that with the relevant department then get back to you."
Technology expert Mr Tonderai Rutsito said it was possible for one to generate a fake SMS using mobile phone applications downloaded from Google Play Store. Mr Rutsito, who is also the editor of a technology magazine TechnoMag, said the fake messages were not easy to detect as they looked authentic. He urged retailers not to rely on customers' phones to verify transactions but to wait for confirmation messages to be sent to their phone first before completing the transaction.
"We've heard of several such cases here in Harare, particularly at Kwame Mall where a number of Small to Medium Enterprises operate from. It's easy to create a fake SMS that look like an actual confirmation message from EcoCash. One simply uses fake SMS generating applications which are readily available on Google Play Store. The same applications can also create fake call logs," he explained.
Mr Rutsito said retailers should not be too trusting and rely only on confirmation messages on their phone to verify transactions.
He also urged Econet Wireless to improve security features on their EcoCash platform to protect retailers from being duped.
"I think Econet needs to improve their platform to offer more security to users. They can do better to protect retailers. Retailers also need to be vigilant.
There's no substitute to waiting for a confirmation message on your phone. It's that simple, no confirmation, no transaction," said Mr Rutsito.
A number of android phone applications on Google Play Store can be used to generate fake call logs, SMS and WhatsApp conversations often to prank people but are now being abused by fraudsters, in some cases to blackmail people.
Although Econet Wireless, who own the facility, has assured the public that the EcoCash mobile money system was safe, it acknowledged that there had been some cases of fraud. The fraudsters show the fake SMSs to a shop attendant as confirmation of a completed transaction before getting their desired goods. Mobile money has become the preferred mode of transaction among most businesses and individuals in Zimbabwe owing to liquidity challenges.
Investigations by Sunday News showed that fraudsters were targeting businesses where biller codes would be displayed.
The fraudsters mostly target businesses where no mechanism to verify authenticity of the transaction confirmation SMS would be in place. Some businesspeople prefer not to leave the mobile phone which verifies mobile money transactions with their shop attendants, resulting in the shop attendants relying on the customer's phone to verify transactions. With network challenges often delaying receipt of confirmation SMS on the retailer's mobile phone, shop attendants are sometimes forced to rely on the confirmation SMS on the customer's phone. Both scenarios leave retailers vulnerable to fraudsters, most of whom only realise they would have been conned upon reconciling transactions at the close of business.
Previously the fraudsters used to edit the SMS from previous transactions, a trick that was easily detectable as one would simply pay particular attention to the date and time the transaction was made. The latest trick using Android mobile phone applications which are easily downloadable on Google Play Store, is not easily detectable as the applications can create real time fake SMS.
Econet Wireless media relations and communications executive Mr Fungai Mandivei said the company has been raising public awareness on fraud cases involving EcoCash as part of efforts to curb the practice. He said, however, the EcoCash system was "very safe and secure".
"Econet is aware of fraudsters that are going about targeting unsuspecting EcoCash users with a view to defraud them, largely through misrepresentation and identity fraud. We have been raising public awareness of such incidences through various media — including our Econet and EcoCash Facebook pages, our Twitter accounts, via fliers distributed by our brand ambassadors and product distributors, and through direct SMS alerts to our EcoCash customers. We are also passing the same message to our merchants and agents, and are actively assisting the police to investigate and bring to book any perpetrators of such fraud against our customers," he said.
Technology expert Mr Tonderai Rutsito said it was possible for one to generate a fake SMS using mobile phone applications downloaded from Google Play Store. Mr Rutsito, who is also the editor of a technology magazine TechnoMag, said the fake messages were not easy to detect as they looked authentic. He urged retailers not to rely on customers' phones to verify transactions but to wait for confirmation messages to be sent to their phone first before completing the transaction.
"We've heard of several such cases here in Harare, particularly at Kwame Mall where a number of Small to Medium Enterprises operate from. It's easy to create a fake SMS that look like an actual confirmation message from EcoCash. One simply uses fake SMS generating applications which are readily available on Google Play Store. The same applications can also create fake call logs," he explained.
Mr Rutsito said retailers should not be too trusting and rely only on confirmation messages on their phone to verify transactions.
He also urged Econet Wireless to improve security features on their EcoCash platform to protect retailers from being duped.
"I think Econet needs to improve their platform to offer more security to users. They can do better to protect retailers. Retailers also need to be vigilant.
There's no substitute to waiting for a confirmation message on your phone. It's that simple, no confirmation, no transaction," said Mr Rutsito.
A number of android phone applications on Google Play Store can be used to generate fake call logs, SMS and WhatsApp conversations often to prank people but are now being abused by fraudsters, in some cases to blackmail people.
Source - zimpapers