"We Even Borrowed Money From Our Neighbor"

Abstract

Mobile-based scams are on the rise in emerging markets. However, the awareness about these scams and ways to avoid them remains limited among mobile users. We present a qualitative analysis of the dynamics of mobile-based fraud (specifically, SMS and call-based fraud) in Pakistan. We interviewed 96 participants, including different stakeholders in the mobile financial ecosystem: 71 victims of mobile-based scams, seven non-victims, 15 mobile money agents, and three officials from regulatory agencies that investigate mobile-based fraud. Leveraging the perspectives from these stakeholders and analyzing mobile-based fraud with a four-step social-engineering attack framework, we make four concrete contributions: First, we identify the nuances as well as specific tactics, methods, and resources that fraudsters use to scam mobile users. Second, we look at other actors, beyond the victim and the adversary, involved or affected by fraud and their roles at each step of the fraud process. Third, we discuss victims' understanding of mobile fraud, their behavior post-realization, and their attitudes toward reporting fraud. Finally, we discuss possible points of intervention and offer design recommendations to thwart mobile fraud, including addressing the vulnerabilities discovered in the ecosystem, utilizing existing actors to mitigate the consequences of these attacks, and realigning the design of fraud reporting mechanisms with the sociocultural practices.