Emerging Mobile Phone-based Social Engineering Cyberattacks in the Zambian ICT Sector

TL;DR

This paper analyzes the rise of mobile phone-based social engineering attacks in Zambia, identifying prevalent attack types and proposing a framework for understanding and mitigating these cyber threats.

Contribution

It introduces an attack model and evaluation framework for mobile social engineering attacks in Zambia, with a logistic regression analysis identifying the most common attack types.

Findings

Phishing, SMishing, and Vishing are prevalent in Zambia.

Logistic regression identifies the most common attack type.

Recommendations for mitigating social engineering attacks.

Abstract

The number of registered SIM cards and active mobile phone subscribers in Zambia in 2020 surpassed the population of the country. This clearly shows that mobile phones in Zambia have become part of everyday life easing not only the way people communicate but also the way people perform financial transactions owing to the integration of mobile phone systems with financial payment systems. This development has not come without a cost. Cyberattackers, using various social engineering techniques have jumped onto the bandwagon to defraud unsuspecting users. Considering the aforesaid, this paper presents a high-order analytical approach towards mobile phone-based social engineering cyberattacks (phishing, SMishing, and Vishing) in Zambia which seek to defraud benign victims. This paper presents a baseline study to reiterate the problem at hand. Furthermore, we devise an attack model and an evaluation framework and ascertain the most prevalent types of attack. We also present a logistic regression analysis in the results section to conclude the most prevalent mobile phone-based type of social engineering attack. Based on the artifacts and observed insights, we suggest recommendations to mitigate these emergent social engineering cyberattacks.