Many people are losing a lot of hard earned money through Mpesa hacking. Hacking is exploiting the security of computer network ,computer or device like smartphone victim to gain personal data or to transfer money without owner concern. Social engineering is one example of cyber attack where attacker manipulate people to give confidential information or by doing something the attacker want victim to do like transferring money to the attacker.
Most of Kenyan people who do their transaction daily via Mpesa Platform are vulnerable to scamming via social engineering
Here are the form that scammer's use to exploit Kenyan via social engineering.
1. Using compelling story or message .
Cyber criminal are very creative there several techniques that scammer uses.
a) Romance and Dating messages
Example of such message is "Am Dr. Kelly Martins (32yrs ) from Texas America Now working with (W.H.O) At Lodwar-Turkana. Am searching for a soulmate. if interested send SMS with your names and location" if you dare call them they use your curiosity to trap you to send them money Never try.
b) Transactional fake message or mistakenly sent money
This is one example that scammer send "MPESA EYR73939 Confirmed. You have received Ksh. XXXX (may be 1 to 10 thousand shillings) from XXXX (a Kenyan name) 21/4/20 New M-PESA balance is *(LOOCKED)* .To reverse dial *33*0000# " Avoid this this SMS because you will send all money that you have to scammer. The sender number is private and it is not from MPESA.
c) Message from so called daughter or son from a teacher.
Message coming from scammer claiming to be from a teacher asking for money either because pupil have accident or want to buy a book.
d) Fake Lottery Message.
Victim may receive message claiming that you have won Lottery like Tatua , Safaricom Promotional message or Mega Jackpot. Scammers tell you that for you to receive lottery money you have to send transaction fee.
e) Fake Advertisement Message for loan.
Scammer send message saying that you can now request a loan by requesting it by dailing certain number that they give.
2.Calling pretending to be Safaricom customer care.
This method is dangerous especially for those who are ignorant and also old guys who are not aware of this method.
Scammer trigger a conversation that make victim aware that password is personal that they should not give but most of them usually tell victim that their personal identification number ID have registered several times at it will be barred from using service if they don't cooperate with them .Scammer can either tell victim whether they have another phone so that they can be guided on how to solve such case they end up transferring money to scammer via USSD .They tell you to dial some random number like *35*0000*16# This enable SMS barring for 5 minutes so that you don't receive any SMS message because victim may suspect fraud .
Tip to prevent being scammed.
1.Safaricom will always call you with 0722000000.
2.Never attempt to follow any instruction told online by anybody like who you don't know and trust like dialing Safaricom Mpesa menu or any USSD *numbers#
3.Ensure originality of the message sender .
4.Use extreme caution when sending money correct phone number .
5.Keep personal and financial information out of scammer conversation.
6.Incase of doubts send suspicious SMS to 333 for confirmation from Safaricom.
Content created and supplied by: Wasksofts-technology (via Opera News )