Outsmarting MPESA Fraudsters

Just read a fascinating paper titled ‘Why do Nigerian Scammers Say they are from Nigeria? authored by Cormac Herley from Microsoft Research. The paper explores strategies employed by scammers to maximize returns on spam e-mails sent to millions of people around the world. The more intriguing aspect emanates from the use of machine learning techniques to analyze the scammers’ economics. Here is a parallel to the Kenyan situation.

The Game
MPESA fraudsters in Kenya unknowingly face a problem already familiar to data scientists all over the world – the problem of false positives. In the scamming world, a false positive would be someone targeted for a con but they don’t fall for it. In data science, it is categorizing a data point as belonging to group A while it belongs to group B – a misclassification.

To create accurate prediction models, data scientists endeavor to minimize false positives. Similarly, successful con-artists have to reduce their false positives since they incur a cost, C (both time and money) in every pursuit of dishonesty. A functional approach involves calculating a value; let’s call it X, that reveals a user’s vulnerability, obtained via subtle information sources such place of work, area of residence, type of phone, language use, et cetera.

The Jinx
Still, a conman experiences two types of problems. Sometimes he will attack a non-vulnerable user and gain nothing (thereby losing C), sometimes he will decide not to attack a vulnerable user (thereby foregoing a net gain of G). Thus, he faces a binary classification problem. Every attack results in either a true positive (vulnerable user found) or false positive (non-vulnerable user found). Ideal classification requires that the attacker knows exactly which users will repay effort and which will not, and never makes the mistake of attacking unnecessarily or of leaving a vulnerable target alone.

The Trap
The MPESA con normally involves an initial SMS campaign which has a cost per recipient. When potential victims respond a labor-intensive and costly effort of following up by SMS or phone call commences. The con-artist aims to separate vulnerable users from non-vulnerable ones with luring anecdotes. However, a remedy exists, by baiting the con-artists into time-wasting conversations it increases their false positives and deteriorates their prospects of a successful con.

You can read the paper here:


Addendum (22-01-2016)
On Twitter, a few people are already partaking in this game of wits via #KamitiMPESAChallenge . Here’s a collection to some of the correspondence.















Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s