Spike in mobile money scams prompts call for urgent action from telecom operators

As mobile money fraud cases surge across the country, a cybersecurity expert is urging telecommunications companies—particularly mobile money operators—to conduct urgent system audits and proactively hunt for security vulnerabilities.

Speaking on JoyNews’ NewsDesk, cybersecurity analyst Yaw Ansu Gyeabour highlighted growing concerns that the recent wave of MoMo fraud could stem from systemic flaws, either exploited by hackers or leaked by insiders.

“These incidents may be due to vulnerabilities within the system that have either gone undetected or are being exploited by hackers,” Gyeabour said. “It could also involve insider threats, where information is leaked from within.”

His warning comes in the wake of a viral TikTok video in which an MTN customer alleged her MoMo account was emptied without her consent—a claim that echoes a growing number of similar complaints surfacing on social media.

In response, MTN’s MobileMoney Limited issued a statement acknowledging rising concerns and reiterating its commitment to combatting fraud on its platform.

However, Gyeabour believes more direct action is required. He urged telcos to carry out ethical hacking, or penetration testing, to expose hidden system flaws before they are exploited.

“There’s something called a ‘zero-day vulnerability’—a flaw that exists in a system or app but is unknown to the developer, vendor, and user,” he explained. “Ethical hacking helps identify and fix such vulnerabilities before bad actors can take advantage.”

Gyeabour stressed that telecom companies must shift from reactive to proactive security strategies, noting that mobile phones now host numerous apps that can serve as potential gateways for cyberattacks.

While much of the responsibility lies with service providers, he also cautioned consumers to be vigilant. He warned mobile money users against engaging with unsolicited calls or messages and highlighted common scams where fraudsters pose as telco representatives to extract PINs or lure victims into clicking malicious links.

“Never share verification codes or PINs with anyone, even if they claim to be from your service provider,” he said. “Some links may contain malware designed to install keyloggers on your phone, capturing everything you type, including sensitive banking details.”

He further advised users to avoid accepting cookies from unknown websites and to steer clear of suspicious or unverified web platforms—particularly those hosting adult content, which are often breeding grounds for malware.

As digital transactions become increasingly central to daily life, experts warn that safeguarding mobile money systems must remain a top priority—not just for companies, but for the millions of Ghanaians who rely on them.