ABSTRACT
Social engineering is one of the most common attacking vectors in mobile money transactions. With the increasing rate of mobile money use, it has directly increased the number of social engineering incidents in mobile money services. It is therefore important to evolve a framework for detecting malicious and phishing messages. This could help to reduce threats posed by mobile phone criminals. As of now, some customers and agents have already lost thousands of shillings due to social engineering attacks. This study, investigated the common social engineering techniques used by cybercriminals to steal money from mobile money users. PIN sharing, lack of security awareness, PIN requests and storing PINs in address books were recognized as major sources of vulnerability in mobile money theft. The study revealed that, mobile money users were conned by social engineers using techniques such as, business collaboration benefits, alleged wrong remittance of money, SIM swaps, impersonation of mobile company officials, promotional benefits, employment opportunities, SMS phishing and fraudulent SMS from lost or stolen phones. The study recommends that mobile network operators set time limit for customers to reset their PINs. They should also periodically provide security education to their customers through advertisements and SMS. Customers are also advised not to share their PINs or store them in the address book of their phones to reduce exposure to cyber criminals. Furthermore governmental institutions are advised to acquire professional knowledge, get educational trainings and form strong collaboration to fight against cybercrimes in general and social engineering particularly.