SA mobile users fall prey to malicious payment apps

Read time 3min 00sec

Around 19% of mobile payment transactions in Africa were made without the user’s consent in the first half of 2021, with SA ranking among the top three countries with mobile fraud prevalence on the continent.

This is according to the recently-released ‘State of Mobile Fraud in Africa’ report by Paris-headquartered anti-fraud firm Evina.

The report, which helps mobile stakeholders understand the scale of mobile fraud in Africa, notes that professional cyber criminals from around the world are increasingly targeting Africa’s one billion mobile phone users, with almost one-fifth of mobile transactions being fraudulent.

From January to June 2021, mobile fraud remained a significant problem in three key countries: Angola, Egypt and SA – where 34%, 25.5% and 29.5% of mobile transactions were identified as suspicious, respectively.

Egypt and Burkina Faso follow, with 25.5% and 12.1% suspicious transactions, respectively.

“When it comes to fighting fraud, it is crucial to put in place a strategy backed by insightful data. Malicious apps made up 17.6% of all fraudulent attempts across Africa in the first six months of the year, while long-standing clickjacking accounted for 62.3% of all attempts,” says David Lotfi, CEO of Evina.

“Another mobile-based fraud – remote-controlled fraud − is listed in the Evina report as being responsible for 7.6% of all fraudulent mobile activities targeting African cellular users. This is where malware takes control over devices to make fraudulent payments.”

Evina asserts that professional cyber criminals from around the world are costing Africa billions every year that could be spent on infrastructure and social services.

According to the company, Africa’s mobile fraud losses will continue to rise above last year’s $4 billion, to peak at a record $5 billion by the end of 2021, if nothing is done to prevent global cyber criminals from looting the continent’s wealth in a new, virtual ‘scramble for Africa’.

The evolution of the mobile fraud rate in Africa this year.
The evolution of the mobile fraud rate in Africa this year.

Three other types of fraud identified in the report accounted for almost 10% of mobile fraud: spoofing (6.8%), bypass fraud (1.7%) and replay attack (1.1%).

“Direct carrier billing, where users are billed for purchases directly on their phone bills, is primarily impacted by two forms of mobile fraud in Africa: malicious apps, that secretly contain malware and are programmed to make payments on behalf of the user without his knowledge, and clickjacking, where a fraudster intercepts a legitimate click and unknowingly directs the user to a website where sensitive financial and other details can be stolen,” adds Lotfi.

The top three malicious apps in Africa in the first half of this year, according to the report, were: Funny SMS, Asters Wallpapers and Magic Photo Editor, each downloaded over more than 10 000 times. These apps have already been removed from the app stores.

In a separate report released last year, Evina found that South African cellular users are often subscribed to wireless application service provider services without their consent.

After Kenya, SA was the African country most affected by these services, with 31% of local mobile subscription requests last July found to be fraudulent.

“As Africa’s most advanced economy, it is particularly tragic that South African mobile users are falling victim to subscription frauds that are well managed in many other countries. This, when we are all under significant financial pressure following the worst of the COVID-19 pandemic,” said Lotfi, at the time.

See also