A cybersecurity expert has urged telecommunications companies, especially mobile money operators, to rigorously assess their systems for hidden vulnerabilities as incidents of mobile money fraud continue to escalate across the country.
Speaking on JoyNews’ NewsDesk, Yaw Ansu Gyeabour warned that the surge in scams suggests potential loopholes within the platforms that could be exploited by hackers or even insiders.
“These incidents may be due to vulnerabilities within the system that have either gone undetected or are being exploited by hackers. It could also involve insider threats, where information is leaked from within,” he explained.
His comments follow a viral TikTok video in which an MTN customer alleged her Mobile Money (MoMo) account was wiped out without her knowledge — one of several similar complaints making rounds on social media in recent weeks.
In response to the growing concerns, MTN’s MobileMoney Limited issued a statement addressing fraud reports on its platform, assuring the public of ongoing efforts to tighten security.
Mr. Gyeabour, however, advised telcos to go a step further by conducting ethical hacking or penetration testing to uncover and fix system weaknesses before criminals can exploit them.
“There’s something called ‘zero-day vulnerability,’ where a flaw exists in a system or app but it’s unknown to the developer, vendor, and user. Ethical hacking helps identify and fix such vulnerabilities before they are exploited,” he noted.
However, Mr Gyeabour recommended that telcos urgently conduct ethical hacking or penetration testing to uncover any hidden flaws in their systems.
He emphasized the importance of proactive security measures, pointing out that mobile phones often host multiple apps that could serve as entry points for cybercriminals.
Beyond the efforts of service providers, Mr. Gyeabour also urged mobile money users to exercise caution when handling unsolicited calls and messages. He highlighted common fraud tactics, including tricking users into sharing personal information like PINs or clicking on malicious links disguised as official communication from telecom companies.
“Never share verification codes or PINs with anyone, even if they claim to be from your service provider,” he cautioned. “Some links contain malware that can install keyloggers on your phone, recording everything you type, including sensitive banking details.”
He further warned users against indiscriminately accepting cookies from unfamiliar websites and highlighted the risks linked to browsing suspicious sites, particularly those known for adult content.
ALSO READ: