If you woke up to several unattended calls from an unknown number, what would you do? Call back? Text? Ignore? Contact your service provider?
The fashion in which the calls come in – one-ring then drop, and with the several missed calls – creates an air of urgency about it which you have to wonder how the caller got your contact.
The urge to call back a missed call becomes irresistible. Especially when they are numerous missed calls from a strange international caller. However, to some, it makes more sense to call their service provider.
On the eve of Valentine’s Day, when most people’s minds were tuned to the rhythm of love, random international callers with +243 prefixes contacted several Kenyan Safaricom subscribers, taking psychological advantage of the moment of affection.
Alan Mwenda, one of those contacted, reached out to Safaricom – the service provider, but he was advised to “share such numbers on SMS to 333 (free) for investigation and look up the “One Ring Scam.” However, the telco is yet to share their stance.
But, what really was happening? How potential is this type of cyber security threat? Who exactly are these callers?
One ring and drop nature of the calls has been dubbed ‘Wangiri’ by America’s Federal Communications Commission report that derived it from the calls’ characteristic nature of calling and hanging up immediately, leaving a missed call notification from an international caller.
Mr Fred Wahome, vice chair of Kenya Cybersecurity and Forensic Association and an information security expert explains: “The calls are computer generated. It takes one to have an algorithm that can generate random numbers with their target telco’s prefix, say, between 070 and 079 as the instance with Safaricom, then the computer makes random calls to the unsuspecting subscribers.”
He adds, “The goal is not always to make you answer the call. It is persuading you to call back.”
Calling the fraudster would activate the exorbitant charges which then generates cash to the fraudsters. The best way to deal with such, according to him, is to ignore the allure of returning the call.
Service providers, he says, are mostly not able to track down these numbers as call data records may not have recorded them, because the computer generated algorithms make massive calls simultaneously to their subscribers.
When the victim calls back, then that would be considered as cyber fraud.
Dr Bright Mawudor, a cybersecurity expert at Internet Solutions Kenya says that the number, if at all not an algorithm, could be calling from anywhere in the world and not necessarily from Kinshasa.”
The ‘international caller’, he explains, could have purported to be calling from Kinshasa. “It could even have come from right here in Kenya. They usually change the phone dialing proxies to fool target user accounts, and make their attack plans easier to execute,” he expounds.
Vodafone, a global mobile communications provider, operating in 26 countries advises subscribers not to return international calls that they don’t recognise.
When befell by the same fate, the report also prescribes various means to ensure that would be employed to minimalise chances of the getting scammed.
Users must check out for the identity of the caller before receiving any call, even international, dismiss the temptation to answer or call back missed calls from unusual international numbers.
“You should ask your service provider to block incoming international calls on your line after any suspected attempt to breach your phone security.”
In 2017, Kenya’s digital economy lost Sh21.1 billion to cybercrime, which increased by 39.8 per cent in 2018 to Sh29.5 billion according to pan-African based cyber-security and business consultancy Serianu.
Heavy finances have been invested in cyber security infrastructure, but the menace keeps chopping off millions of shillings from companies’ profits, and stealing sensitive data from targeted senior employees.