Mobile-based scams are on the rise in emerging markets. However, mobile users' awareness about these scams and the ways to avoid them remains limited. We present an analysis of a qualitative study to examine dynamics of SMS and call based frauds, collectively referred to as mobile-based frauds in the paper, in Pakistan with 96 participants, including different stakeholders in the mobile financial ecosystem: 71 victims of SMS and voice scam, seven non-victims, 15 mobile money agents, and three officials from regulatory agencies that investigate mobile-based phishing attacks. Leveraging the perspectives from different stakeholders, we make four concrete contributions: First, using the four-step social-engineering attack framework, we identify the nuances as well as specific tactics that fraudsters use to scam mobile users. Second, we look beyond the victim and the adversary to study all the actors involved or affected, the roles they played at each step, and the methods and resources used by the adversaries. Third, we discuss victims' understanding of mobile frauds, their behavior post-realization, and their attitudes toward reporting fraud. Finally, we discuss possible points of intervention and offer design recommendations to thwart mobile fraud, including addressing the vulnerabilities in the ecosystem discovered during this study, utilizing existing actors to mitigate the consequences of these attacks, and revisiting the design of fraud reporting mechanisms to be in line with the sociocultural practices.
https://doi.org/10.1145/3449115
The 24th ACM Conference on Computer-Supported Cooperative Work and Social Computing