ExplainersMedia LiteracySecurity

Cracking the Code: How social engineering is fueling mobile money fraud in Ghana

Winifred LarteyApril 22, 2025
4 minutes read
Momo stand in Ghana.
Momo stand in Ghana.
Getting your Trinity Audio player ready...

As mobile money continues to dominate Ghana’s financial transactions landscape, fraudsters’ tactics have become increasingly sophisticated.

In the first quarter of 2025 alone, 4.4 million Ghanaians reportedly fell victim to some form of cyber fraud, with social engineering emerging as the most prevalent method of attack. But what exactly is social engineering, and how are mobile money users being manipulated?

Social Engineering: The Human Hack

Michael Kumi Larbi, a cybersecurity consultant, describes social engineering as the psychological manipulation of people to elicit the disclosure of confidential information. According to him, these attacks rely heavily on deceiving users into believing they are engaging with a legitimate entity, often using real personal information to build trust.

“There’s no fixed tactic,” he told DUBAWA. “Fraudsters usually collect bits of real information—like your son’s name or where you work—and then decide which emotional trigger or story to use. If that works on you psychologically, they take it from there.”

Larbi emphasised that phishing links and malware are still widespread. Users unknowingly grant access to their devices through fake links, sometimes disguised as job offers, religious prayer sessions, or business ads.

“Once they’re in, they can quietly exploit your device. And yes, money can be withdrawn without you getting any alert,” he added.

His advice? Reboot your phone daily. While not foolproof, Larbi says it could interrupt malicious access paths. “If your phone’s been on for a month straight, you give the hacker room to do more.”

User vs. System Breach: Who’s Really at Fault?

When mobile money fraud occurs, telcos often shift blame to users for sharing one-time passwords (OTPs) or PINs. But is it always the user’s fault?

“Telecoms will never admit fault publicly,” Larbi claims. “Even if it’s an internal breach, they protect their reputation by blaming the user.”

The president of the Cyber Security Experts Association, Abubakar Issaka, agrees that user negligence plays a role, but also raises alarms about insider threats.

“More than 50% of financial fraud cases have been linked to insiders,” he noted. “MTN and others must audit their internal teams. You cannot claim to be secure when your employees are facilitating fraud,” he told DUBAWA.

Issaka added that even though many victims insist they didn’t share sensitive data, a quick review of communication patterns often reveals otherwise.

“Social engineering can be so subtle that people don’t even realise they’ve given out key information,” he said.

MTN in the spotlight

MTN Ghana, with its significant market share, has received the brunt of public scrutiny. Larbi noted that the telco’s system structure may be part of the problem.

“MTN’s interface, even the USSD menu, was once vulnerable to bugs that confused many illiterate users,” he recalled. “That made it easier for scammers to exploit them. Though they’ve patched some of those loopholes, the fraud continues.”

MTN responds

Godwin Tamakloe, Chief Regulatory, Risk and Compliance Officer at MTN Ghana, clarified that MoMo fraud is not due to systemic failure, asserting that most fraud incidents stem from social engineering and user error, rather.

“Today you don’t have any specific case where MTN systems have been hacked and funds have disappeared from the platform… We’d have a national security crisis by now if money just vanished without customer involvement,” Tamakloe said.

Tamakloe dismissed the claim that MTN’s USSD platform — a core interface used by many for MoMo transactions — had previously been vulnerable to bugs. He said this was a vague claim and unsubstantiated.

“What does he mean by ‘vulnerabilities on the USSD’? I have no idea. A vague comment like that is difficult to respond to. The USSD is one of the core channels we use for transactions.”

Tamakloe stressed that MTN is investing significantly in customer education across multiple platforms, including radio, TV, social media (TikTok, Instagram), and community outreach, to combat mobile money fraud.

“Most of the customers who fall victim to these scams are actually well-educated — lawyers, doctors, even cybersecurity analysts,” he revealed. “It’s not about literacy. It’s about awareness and decision-making at the point of attack.”

He reiterated that many fraud cases involve the customer receiving a phone call or SMS, during which they are manipulated into authorising transactions.

Customers are encouraged to report suspicious activity immediately through:

  • Calling 100
  • *Using 170#, then selecting Option 6 to report fraud
  • Emailing MTN’s customer support

“The earlier we’re notified, the higher the chance we can block the account and trace the funds. Even a delay of three to five minutes can make recovery impossible,” Tamakloe cautioned.

Once reported, MTN begins tracing the funds, often collaborating with other service providers and law enforcement. However, he emphasised that refunds are not guaranteed if fraud occurred due to customer error.

“We urge victims to report to the police. We’ll share any information they need. But unfortunately, many victims refuse to prosecute after recovering their money, which allows scammers to go free and reoffend.”

The Ghana Card Conundrum

Both experts pointed to the ineffective implementation of the Ghana Card system as a significant setback in fighting fraud. 

“If the Ghana Card worked as intended, fraud would drop drastically,” Larbi said. “Right now, you can still register SIMs with fake details. That’s an internal telecom issue.”

Issaka added that a national database linking the Ghana Card to banks, schools, and job applications could revolutionise identity verification.

“With a proper digital ID system, tracking fraudsters would be much easier. It’s not just about enforcement—it’s about infrastructure,” he explained.

What Can You Do?

Both experts agreed that public education is crucial. They encourage the public to remain sceptical of unsolicited calls, messages, and links—especially those asking for PINs or OTPs.

“The moment someone asks for a code or PIN, it’s fraud—no matter how convincing the story,” Issaka warned.

Ultimately, they say, preventing fraud is a shared responsibility: the public must stay informed, telcos must improve system integrity, and government agencies must enforce tighter digital identity and cybersecurity regulations.

Have you fallen victim to mobile money fraud? Report it to the Cybercrime Unit of the Ghana Police Service and notify your service provider as soon as possible.

Winifred LarteyApril 22, 2025
4 minutes read
Show More

Related Articles

Source: JohnMahama.org/ John Mahama

Reality Check: Has Mahama delivered on his 120-day pledges?

May 13, 2025
Photo of Chief Justice, Her Ladyship Gertrude Sackey Torkornoo

Part 3 of Test of Justice: Shining Stars’ petition to President Mahama over alleged misconduct of Ghana’s Chief Justice

May 7, 2025
Source: The Ghana Report

PART 2: Battle for Justice; ACOP Akolgo’s petition seeking removal of Chief Justice Gertrude Torkornoo

April 30, 2025
Source: Graphic.com

Ghana’s e-Passport Era Begins: What Citizens Need to Know

April 30, 2025

Make a comment

Back to top button