Mobile money has quickly become a powerful tool for financial inclusion in Ghana, promising convenience and improved financial services.
But the explosive digital financial landscape is coming along with cybersecurity challenges, as mobile money users bear the greatest brunt.
Mobile money fraudsters are advancing strategies that utilize the trust and reliance of patrons on mobile money agents.
Ella Baby is an ardent mobile money user who received what she thought was a blow of luck.
“I got a message that read that I had received GHS780. Within minutes, I received 3 calls from an unknown number. I wanted to confirm this so I checked my MoMo account balance which apparently was empty,” she said.
This wasn’t a mistake or glitch; it was a carefully coordinated scam.
Mobile Money fraud is becoming a norm with fraudsters exploiting trust and private information in orchestrated creative scamming strategies.
Ella’s story is not unique. But who is to be blamed?
“The serious issue here is, how did they get my contact? I understand that when you are transacting, you provide certain personal information, but how did this person claiming to have made a wrong transaction, get my name as well?
“I suspect that some of these scammers work with MoMo agents and operators. The possibility of such people being former MoMo workers could also be true,” she said.
Cyber criminals and fraudsters, who are constantly changing their strategies, leverage the trust in MoMo agents, and kind feelings to pounce on their victims.
The fraudsters take the form of agents or connected people from the telecommunication network; they obtain customer details (including names and phone numbers) from agents’ record books or through illicit channels.
Using this information, they send a message that takes the messaging format of mobile money transaction prompts.
They follow up with a call to the targeted mobile money user, calling them by name, and sharing stories of their previous transaction making the scamming process appear legitimate and trustworthy.
The fraudster then claims there has been a wrong transaction or an error in depositing funds into the user’s account.
They will often pressure the user to send back the “excess” money or provide their private information, claiming that it’s necessary to resolve the supposed issue or threaten to block the user.
“I received a message from them that read that my number had been blocked and that I can’t perform any transaction,” Ella said.
This type of social engineering attack relies on the trust established in mobile money agents making it hard to determine genuine communication and fraudulent activity.
Unsuspecting victims often fall to these scams, forfeiting their hard-earned money.
“It’s getting serious because I have witnessed a man send money to people who faked his son’s illness. He only realized this when the harm was done,” she said.
These instances of susceptibility stall the growth of mobile money services in Ghana, reducing their efficiency and reliability as a financial tool for the public.
The total number of MoMo transactions dipped significantly, falling to 644 million compared to the 668 million recorded in May 2024.
Similarly in 2023, the total loss value surged to approximately GH¢72 million, indicating a 29 percent increase over the GH¢56million recorded in 2022.
MoMo agent, Sammy, has recognized the setbacks and aims to protect his clients.
“I record details for transaction in a note book. But I know there are some scrupulous people who secretly try to take pictures of previous transaction to later call the people and pretend as though they are the agent. They usually demand that the money be reversed. It has happened for quite some time. So I don’t usually put my record book away from public eye,” he said.
Cybersecurity Consultant, Yaw Ansu Gyeabour, shed more light on the dire intersections of frauds and the many forms they take beyond physical interactions.
“Users need to guide against administrative privilege to their phones. When someone asks you to send a code that will appear on your phone to them, do not do it. Also through phishing, such perpetrators can also take control of your phone using a key logger malware, to spy or retrieve credentials,” he said.
Guarding against MoMo fraud involves a blend of adequate awareness, with technological, and regulatory innovative approaches.
These approaches involve users, agents, experts and business executives.
Sammy believes telecommunication networks can be innovative by providing agents with digital devices for transactions, requiring digital inputs and data storage.
The suggestion is aimed at encrypting databases and reducing the risk of theft and information leakage.
“I think the telecommunication networks can be innovative. If they are able to give us a digital device to work with that will require digital inputs and keeping of data, it will be very beneficial to us,’ Sammy said.
Cybersecurity Consultant, Yaw Ansu Gyeabour, says telecommunication networks offering mobile money services need to regularly update and seal vulnerabilities in their software.
Managing and training its human resources, including agents, have become paramount to safeguarding users’ digital wallets and information.
“I believe that institutions running these interventions will tighten security, by ceiling vulnerabilities of the software they use. Even if it’s paid software, they have a responsibility to play, by managing their resources which also includes your workers’ training and awareness.
For users, never share personal codes or information via phone calls or messages. They should report any suspicious activity immediately to their service provider. And also use secure, unique passwords for their MoMo account” he said.
The stories of digital and MoMo fraud recounted by victims are only but a test of the trust in mobile and digital money services, which prompts the urgent need to safeguard users’ wallets to promote financial inclusion.
ALSO READ:
*********This report is produced under the DPI Africa Journalism Fellowship Programme of the Media Foundation for West Africa and Co-Develop.