On emergent mobile phone-based social engineering cyberattacks in developing countries: The case of the Zambian ICT sector

Abstract

The number of registered SIM cards and active mobile phone subscribers in Zambia in 2020 surpassed the population of the country. This development and the integration of mobile phone systems with financial payment systems has not come without a cost. Cyberattackers, using various social engineering techniques have jumped onto the bandwagon to defraud unsuspecting users. Considering the aforesaid, this paper presents a high-order analytical approach towards mobile phone-based social engineering cyberattacks (phishing, SMishing, and vishing) in Zambia which seek to defraud benign victims. This paper presents a baseline study to reiterate the problem at hand. The research used a mixed-methods approach, combining quantitative and qualitative data, and adopted a hybrid descriptive research design. Furthermore, an attack model and an evaluation framework were devised to ascertain the most prevalent types of mobile phone-based cyberattacks. Based on logistic regression analysis, the findings indicate that the most prevalent type of mobile phone-based social engineering cyberattack in Zambia is SMishing. Based on the results and observed insights, recommendations to mitigate these emergent social engineering cyberattacks were suggested. This research serves as a valuable baseline for understanding and addressing the growing challenges posed by mobile phone-based cyberattacks in Zambia's evolving technological landscape.