With technology advancements and as pretty much everything digitises, the threat of being ‘hacked’ constantly faces us. Not that we should fear this change since to be fair whether we remain archaic or not, we will indeed always be faced with some big threat in one way or the other. The best we can do is identify these threats and continuously figure out how to curb them.
Also, in Zimbabwe it then doesn’t help the case that we’re in trying times. Instead of progressive innovation, people are ever trying to find ways in which they can manipulate systems in order to survive… either way, not justified!
Of late, a message has been circulating on WhatsApp on how some couple is duping people into thinking they have already paid for the goods they are ‘buying’ via EcoCash. Just in case you haven’t come across it, let me tell you how they are doing it.
We all know how EcoCash can sometimes delay confirming a payment right? Whether via SMS or by adding the amount to your balance so that at least even if you don’t see the SMS immediately, you can at least check and confirm the payment through your balance. Now someone figured that to be loophole and chose to exploit it.
The person also took advantage of the trust that we have in the SMS system. We generally believe that there’s no way of manipulating the sender nor the contents of an SMS as you could do on these other messaging apps. Therefore, whenever someone shows us an SMS confirming something, all doubts generally fly out the window unless of course you really don’t trust the person showing you the text or are paranoid.
But, unfortunately (or fortunately) there are applications that can be used to generate fake SMS. On such apps you can customize not only the text, but the contact of the text like so:
So now bearing those things in mind, a couple decided “hey wait, why don’t we go around ‘shopping’ using EcoCash and trick people into thinking we’ve paid by showing them this evidence?” and as it turns out they went for it. They then found a fake text generating app on Play Store or Apple Store (lest you think I’m discriminating) and then started ‘making payments’.
The couple basically shows (oh yes it’s in present tense because they are still at large) the retailer an SMS which indeed looks like it’s from +263164 stating that a payment of the stipulated amount has been paid. Then maybe wait a few minutes and complain about the network being slow and naturally, the retailer will release them on the premises that (s)he will receive the SMS too at some point but well, the SMS never arrives.
We don’t know how many have fallen victim of this, if at all, for all we know it might just be fake news meant to ‘cause alarm and despondency’ but hey glad we have a full ministry to protect us from such 😉 Nevertheless, regardless of authenticity, it’s only fair that people are warned. Besides, it’s not like one now needs to take some drastic measures to protect themselves from such scams which are obviously not being carried out by just that one couple.
So to protect yourself, all you need to do is wait. Wait till you receive that SMS from EcoCash notifying you that indeed you have received such and such an amount from so and so. That is exactly why EcoCash made it a ‘two-step verification process’ DO NOT take shortcuts, just trust the the process no matter how redundant it might sound or be.
However, on EcoCash’s part, we do believe that the network upgrade Econet is carrying out will go a long way in ensuring that EcoCash has less downtime or such complications, seeing that it’s these ‘little things’ that facilitate such fraudulence behavior.
10 comments
tipy, but pre-emptying, the culprits now are knows they are in for it
pre emptying, surely you mean pre-empting? and “the culprits now are knows..”? damn!!
copied that from your name dude
still have no idea what you are trying to say
I think it’s a bad idea linking the app on here,coz some people will actually start using it on other people!
You’re right. Let me remove it. But then again they can always look for it themselves.
That’s the flip side of tryna warn people smh
“We generally believe that there’s no way of manipulating the sender nor the contents of an SMS”, who is we? If there have been any messaging systems that have been easy to manipulate, it’s email and SMS. With a bit more work, you can even do a similar trick on a chimbudzi, to make it more convincing. Even years ago in Zimbabwe, there was a spate of fake SMSes, with affected individuals claiming may have gotten their sim cards cloned. So fake SMSes have been around for a while.
The trick doesn’t rely on people not thinking that SMSes cannot be forged, it just relies on trust. The same trust existed when people wrote cheques, or sent photocopied RTGS proof of payments. That trust was broken once cheques started bouncing and proof of payments started getting faked. That’s why cheques are no longer used, and why we don’t use proof of payments but wait till the money actually reflects.
“The person also took advantage of the TRUST that we have in the SMS system. We GENERALLY believe that there’s no way of manipulating the sender nor the contents of an SMS as you could do on these other messaging apps”.
Key word there being generally, meaning yes you can but the majority just believes you can’t. Just like you are mentioning that you can even do it on a mbudzi phone, unless proven otherwise I’d say it’s a minority that knows that hence generally.
2ndly, I’d say the Trust came as a result of the fact that GENERALLY people do not believe that SMSes can be manipulated. So the more they are manipulated and people see that, the more we lose that trust, just as we did for the cheques
SMS’s cannot be manpulated as they are generated by SMS center in a network that is also attached to the core network and payment system and when sent the reason for delays is sometimes people have no service or their phone is off so the sms stays at the operators SMS center then when the users phone has signal it arrives at the receivers device. the people that done this crime did play on businesses trust an by this happening it highlights 1 of the dangers of mobile banking.
But why give someone goods when you haven’t received the SMS on your end? The SMS being received on both ends was a security measure. Can you do that on P n P supermarket?