A Mobile Money Social Engineering Framework For Detecting Voice & Sms Phishing Attacks - A Case Study Of M-Pesa

Social engineering refers to the use of deception by an attacker, with the intent of psychologically manipulating the target/victim, into sharing crucial/confidential information which could either be leaked or used to swindle them. Without a clear understanding of social engineering, mobile users may be highly likely to be victims of social engineering crimes. Regarding social engineering on the mobile money platform, there are few existing documents/statistics on the study. Therefore, this research study focuses on social engineering on M-Pesa. The specific objectives of the study are: evaluating the prevalence of social engineering crimes, suggesting solutions that can deter them, and creating a framework that could be used to detect social engineering threats in M-Pesa.

Going beyond the methods used by social engineers, this study reviews the current comprehension of social engineering on M-Pesa. To gain good understanding of this issue, this research presents results of a survey conducted by the author, for testing the feasibility of the study.

According to our data, it was observed that 87% of the sample population had agreed that social engineering was indeed prevalent. On most occasions the social engineers / attackers usually take advantage of people’s lack of knowledge on the topic to psychologically manipulate them. The study revealed that despite having technological solutions to defend against social engineering, the best way of mitigating against such threats would be using security education, training and awareness programs.

The study led to the development of the Mobile Money Social Engineering (MMSE) detection framework that aids mobile users in detecting against social engineering threats that occur via Voice Calls and SMS. The proposed framework was derived from careful review and evaluation of the survey participant’s responses. This framework serves as a point of reference for future research in the field of social engineering on the mobile money platform. It could also be adopted and evaluated by experts with the aim of improving it further. Mobile service providers could also use this framework in combination with their institutional training programs to provide support to mobile users.