Abstract:

Communications technologies such as 2G, 3G, 4G and 5G define a significant portion of today’s cyberspace and has attracted innovative value-added services and financial technologies such as mobile money (MM) transactions. The success of MM introduction in Kenya has significantly influenced its global adoption in other developing countries, such as Ghana. While MM systems are widely studied for their economic transformation impact within the Ghanaian context, this paper hypothesised that, there is limited research on its contribution to widening the attack surface of social engineering (SE) attacks as a result of its exposure of personally identifiable information (PII) during transactions. The paper explored the hypothesis with a quantitative methodology adopted with primary data collected through questionnaires designed to capture user experiences, perceptions, and insights on privacy and security concerns during MM transactions. The findings confirmed the hypothesis: 96.7% of respondents acknowledged that their PII is visible to recipients during transactions, and 76.7% believed this exposure increases their vulnerability to scams. Additionally, 48.3% reported experiencing phishing attempts or suspicious behaviour where their PII was referenced after MM transaction.

References:

[1].   A. Amoah, K. Korle, and R. K. Asiama, 2020,"Mobile money as a financial inclusion instrument: what are the determinants?". International journal of social economics, vol. 47, no. 10, pp. 1283-1297

[2].   I. Akomea-Frimpong, C. Andoh, A. Akomea-Frimpong, and Y. Dwomoh-Okudzeto,2019,"Control of fraud on mobile money services in Ghana: an exploratory study,2019".Journal of Money Laundering Control, vol. 22, no. 2, pp. 300-317

[3].   M. R. Arabia-Obedoza, G. Rodriguez, A. Johnston, F. Salahdine, and N. Kaabouch,2020,"Social Engineering Attacks a Reconnaissance Synthesis Analysis".In 2020 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), vol. IEEE, pp. 0843-0848

[4].   M. Sillanpää, and J. Hautamäki, 2020,"Social engineering intrusion: A case study".In Proceedings of the 11th International Conference on Advances in Information Technology.

[5].   S. Roy, N. Sharmin, J. C. Acosta, C. Kiekintveld, and A. Laszka, 2022,"Survey and taxonomy of adversarial reconnaissance techniques".ACM Computing Surveys, vol. 55, no. 6, pp. 1-38

[6].   I. Makhdoom, M. Abolhasan, J. Lipman, N. Shariati, D. Franklin and M. Piccardi, 2024,"Securing Personally Identifiable Information: A Survey of SOTA Techniques, and a Way Forward". IEEE

[7].   J. A. Jamin, M. S. Noor, N. Rosli, and A. Shukry, 2019,"Privacy concern of personal Information in the ict usage, internet and social media perspective".Malaysian E Commerce Journal, vol. 3, pp. 15-17

[8].   H. Nissenbaum, 2011,"Privacy in context: Technology, policy, and the integrity of social life,2011".Journal of Information Policy, vol. 1, pp. 149-151

[9].      R. N. Zaeem, and K. S. Barber, 2020,"The effect of the GDPR on privacy policies: Recent progress and future promise,2020".ACM Transactions on Management Information Systems (TMIS), vol. 12, no. 1, pp. 1-20

[10].  R. Apau, and F. N. Koranteng, 2020,"An overview of the digital forensic investigation infrastructure of Ghana".Science International: Synergy, vol. 2, pp. 299-309

[11].  A. Narayanan, and V. Shmatikov, 2008,"Robust de-anonymization of large sparse datasets".In 2008 IEEE Symposium on Security and Privacy (sp 2008), pp. 111-125

[12].  M. Mitra, and S. Roy, 2018,"Identification and Processing of PII Data, Applying Deep Learning Models With Improved Accuracy and Efficiency".Journal of Data Acquisition and Processing, vol. 33, no. 6, p. 1337

[13].  Ö. Aslan, S. S. Aktuğ, M. Ozkan-Okay, A. A. Yilmaz, and E. Akin, 2023,"A comprehensive review of cyber security vulnerabilities, threats, attacks, and solutions".Electronics, vol. 12, no. 6, p. 1333

[14].  K. Krombholz, H. Hobel, M. Huber, and E. Weippl,2015,"Advanced Social Engineering Attacks".Journal of Information Security and applications, vol. 22, pp. 113-122

[15].  G. Iachello. and J. Hong, 2007,"End-user privacy in human–computer interaction".Foundations and Trends® in Human–Computer Interaction, vol. 1, no. 1, pp. 1-137

[16].  P. Burda, L. Allodi, and N. Zannone, 2024,"Cognition in social engineering empirical research: a systematic literature review". ACM Transactions on Computer-Human Interaction, vol. 31, no. 2, pp. 1-55

[17].  FBI, 2023,"Federal Bureau of Investigation".Internet Crime Complaint Center (IC3) Annual Report 2023, https://www.ic3.gov/AnnualReport/Reports/2023_IC3Report.pdf

[18].  V. Bhavsar, A. Kadlak, and S. Sharma, 2018,"Study on phishing attacks".International Journal of Computer Applications, vol. 182, no. 33, pp. 27-29

[19].  H. Shahbaznezhad, F. Kolini, and M. Rashidirad, 2021,"Employees’ behavior in phishing attacks: what individual, organizational, and technological factors matter?".Journal of Computer Information Systems, vol. 61, no. 6, pp. 539-550

[20].  M. Zaeifi, F. Kalantari, A. Oest, Z. Sun, G. J. Ahn, Y. Shoshitaishvili, and A. Doupé, 2024,"Nothing Personal: Understanding the Spread and Use of Personally Identifiable Information in the Financial Ecosystem".In Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy, pp. 55-65

[21].  K. Thomas, F. Li, A. Zand, J. Barrett, J. Ranieri, L. Invernizzi, and E. Bursztein, 2017,"Data breaches, phishing, or malware? Understanding the risks of stolen credentials".In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, pp. 1421-1434

[22].  A. Yunoose, A. R. Varghese, R. Anagha, A. Prakash, and D. Babu, 2022,"Phishing".International Journal of Engineering Technology and Management Sciences, vol. 5, no. 6, pp. 574-579

[23].  C. Andrade, 2020,"The limitations of online surveys".Indian journal of psychological medicine, vol. 42, no. 6, pp. 575-576

[24].  NCA, 2024,"Shaping the Future – The NCA’s Achievements".National Communications Authority, https://nca.org.gh/wp-content/uploads/2024/12/NCAs-Achievements-1.pdf

[25].  B. Walther, S. Hossin, J. Townend, N. Abernethy, D. Parker, and D. Jeffries, 2021,"Comparison of electronic data capture (EDC) with the standard data capture method for clinical trial data".PloS one, vol. 6, no. 9, p. e25348

[26].  A. Travis, 2024,"Digital Literacy and Media Consumption among Different Age Groups," Journal of Communications

[27].  A. Antonio, and D. Tuffley, 2015,"Bridging the age-based digital divide".International Journal of Digital Literacy and Digital Competence (IJDLDC), vol. 6, no. 3, pp. 1-15

[28].  J. Lappeman, S. Marlie, T. Johnson, and S. Poggenpoel, 2022,"Trust and digital privacy: willingness to disclose personal information to banking chatbot services".Journal of Financial Services Marketing, vol. 28, no. 2, p. 337

[29].  J. Qian, M. Zheng, Y. Yu, C. Zhou, and D. Miao, 2025,"A dynamic anonymization privacy-preserving model based on hierarchical sequential three-way decisions".Information Sciences, vol. 121316, p. 686

[30].  M. Silveira, D. Santos, M. Souza, D. Silva, M. Mesquita, J. Neto, and R. L. Gome, 2023,"An Anonymization Service for Privacy in Data Mining".In Proceedings of the 12th Latin-American Symposium on Dependable and Secure Computing, pp. 214-219