When conducting cybersecurity training sessions for individuals and organisations offered by Tinds Tech, I have always simulated real life examples to make the otherwise would be technical jargon simple for everyone to understand yet again relatable.

Nearly every Ugandan has on several occasions received this call “Hallo, I have sent to your number Mobile Money wrongly, have you seen the message?, ‘Bambi’, please send it back”

Now, this is a Social Engineering and Phishing attack that most cyber criminals use in order to corn individuals of their hard-earned money.
In Social Engineering, fraudsters exploit weakness not in technology but in Human Pysychology luring individuals to reveal confidential information such as PINs, or Account details which are then used to defraud the unsuspecting victim.

“Hallo, I have sent to your number Mobile Money wrongly, have you seen the message? ‘Bambi’, please send it back”

Mobile Money has played a crucial role in driving financial inclusion in Uganda and has been greatly adopted by multitudes revolutionalising how people transfer and manage money. From bill payments to sending money to friends and family, savings and loans.
However, as its use grows, so do the risks where malicious individuals employ Social Engineering and Phishing tactics to defraud users.

So what is Social Engineering and Phising?

Social Engineering doesn't require technical hacking skills but plays on Human behavior and Physchology to lure and manipulate individuals into performing actions or sharing person information such as PINs,Passwords,Account details, Date of birth etc which information is then used by fraudsters.

Phishing on the other hand is a form on Social Engineering where scammers send fake communication such as emails, SMS, infected files, and unsecure links with the purpose of obtaining confidential information or gaining access to systems or devices.

How is Social Engineering and Phising related to Mobile Money Fraud in Uganda?

So while having Lunch in Kampala, my ‘Learned Friend’, let’s call them XYZ, (name withheld), I know they will probably smile looking at this and so will other victims (definately not you) came up to me and said, “You guys of IT took my mobile money, I am not happy with you”

Turns out my ‘Learned Freind’ had received a phone call with a sweet but distressed female voice on the other end of the line mentioning they had sent him money wrogly and begged them to refund the money as it was meant for her ailing mother. Truly so, the learned friend received a fake SMS showing receipt of the said funds. Cutting the long story short, they never recieved any money, but they sent an equivalent of the money in the text message…

Other Social Engineering and Phishing tricks used include;

1. The “Customer Support” Call Scam: a fraudster impersonates staff, calls and requests for confidential information like PIN
2. Fake SMS Alerts with requests to call fake customer care number or links redirecting to fake websites where customer information is compromised.

Social Engineering and Phishing in Cooporate Organisations.

• A staff may receive an email appearing to come from a top executive with an infected attachment or link say payroll.
• The sender mentions they want the information ASAP.
• The moment the staff clicks on the link is game over.
• The infected file will grant access to the hacker while clicking on the link enables the hacker to receive your personal information.

How to spot Phishing Emails.

• Sense of Urgency. The sent tempts you to respond immediately.
• Double check the sending address. Normally its an external emai or the sending email might look similar but totally different on closer look.

How to avoid falling for these scams.

• Do not open the attachement or click on any links.
• Never share any confidentail information like logins.
• Report to you IT Team immdiately you receive these.

Importance of User Awareness and Continous Trainings for Organisations.

As we have seen both for Mobile Money scenarios and organisations, the fraudsters are not exploiting the vulnerabilities in the netwoks, firewalls, or systems of the organisation.
They instead are exploiting Human Error and this is the greatest threat to cybersecurity strong networks and systems not with standing.

Organisations must therefore regulary train their staff to increase awareness and this is exactly what we do at Tinds Tech. We support your staff with real simulated trainings to guard against such attacks.