While smartphones such as Samsung and Apple have built-in anti-fraud technology, the reality is that mobile fraud is becoming an increasingly pressing issue, especially in Africa’s growing tech space.

AppsFlyer’s 2023 Global State of Fraud report reveals that finance apps are the biggest targets, followed by shopping and gambling apps. This is confirmed by the banking ombud’s annual report for 2021, which highlights that the key trend of the past decade was fraud and theft by cyber fraudsters.

The top categories of complaints, namely, internet banking, current accounts and credit cards, showed that fraudsters are targeting individuals through phishing emails and links, and vishing calls pretending to be from bank staff.

Online purchases in South Africa passed the R50-billion milestone in 2022, driven by an ongoing boom in demand for home deliveries, according to an Online Retail in South Africa 2022 study conducted by World Wide Worx with Mastercard.

‘Pandemic dividend’

“One can call this the pandemic dividend,” says World Wide Worx MD Arthur Goldstuck, principal analyst on the research project. “The 2020 boom in home deliveries has continued for the past two years, as retailers compete aggressively in every area of online shopping.”

On the iOS platforms, there was a 210% year-on-year surge in fraud on shopping apps. The finance sector accounted for more than 50% of all mobile fraud in 2022. The report states that a substantial portion of fraud within the finance sector is perpetrated by fraudsters generating fake users.

“This is because it is considerably easier for fraudsters to concoct a fake user with a counterfeit device than to dupe a real user. The pandemic only fuelled the fire, offering a fertile environment for fraudsters to scale up their mobile fraud schemes to take advantage of the remarkable surge in mobile device usage,” the report says.

AppsFlyer anti-fraud specialist Andreas Naumann explains that install hijacking describes a group of fraud schemes that try to poach credit for driving a real user to download an app while not actually advertising to the user. 

“The most common form of this fraud is click injection — where the fraudster injects a click after you have decided to download an app. Another example is click hijacking where an attacker tries to manipulate the attribution process by following your real click with a fake click of their own in order to poach attribution from the legitimate ad publisher,” he says. DM/BM