One side effect of Statutory Instrument 127 of 2021 is that I have observed an uptick in the use of the RTGS dollar. This is driven in part by increased usage of mobile money, swipe and ZIPIT. Thanks to the new law people would rather buy using RTGS as most popular shops no longer offer USD discounts. Having gotten used to cash a lot of people have been relearning electronic transactions and some have fallen prey to savvy scammers. One trending trick is the fake Ecocash SMS. This is how it works:
- The scammer downloads a texting app or opens a texting website on their phone
- When you ask for payment they ask for your phone number as if they are about to send you money via Ecocash
- Instead they use a premade fake Ecocash transaction confirmation message. They edit the template by inserting the amount of the current transaction.
- They then change the from field in the app to +263164 or Ecocash
- The SMS is then sent to your phone making it appear as if you have received money from said individual
- You give them your money or goods
- When you try to transact you discover that your Ecocash wallet is empty. You never received the money.
This is where I point out that there are variations to this scam. The message might be worded differently or you might not even receive the message about there being an upgrade. The scam can also involve ZIPIT or even traditional RTGS transfers. In essence, the scammer is presenting fake proof of payment. It’s a confidence scam and usually, the criminal is unassuming and tries to appear trustworthy in order to knock you off your game.
How to stop such attacks dead in their tracks?
Vigilance is the name of the game. You need to be always alert when transacting with other people especially where electronic transfers are involved. Now that I think about it, you need to be vigilant even when transacting using cash, otherwise, you will be tricked using fake bills.
Anyway, back to electronic transactions, you need to be very alert and infuse a bit of paranoia in there too. The following tips will serve you well:
- Whenever possible use the “online” payment method to receive Ecocash as opposed to having people send money to your phone. Most Point of Sale (POS) machines support this method. This is where you enter the customer’s number and they receive a prompt on their phone, enter their mobile wallet pin and the POS confirms the transfer. This is safer for everyone involved. Invest in this if you are a merchant.
- Pay attention to the confirmation message you receive. Read it and make sure it indeed corresponds to other messages.
- Make sure you get a message that shows what you have received, from whom, the approval code and your final balance. Scammers in most cases cannot fake this unless you told them your balance in advance.
- For large/material transactions make sure to check your balance before you deliver service or hand over the goods.
For banks, checking your balance is free if you use internet banking because most banking platforms are now zero-rating. There is therefore no excuse for you not to check your balance after each ZIPIT/Swipe transaction.
You should also read:
- EcoCash warns customers of account hijacks (again)
- Minister loses US$44 000 to a sim card hijack
- “Sent my 6 digit code by mistake” text is from hackers trying to gain access to your WhatsApp