THE recent arrest of eleven alleged hackers in Zimbabwe, accused of defrauding EcoCash users by luring them with fake free data offers, highlights some of the weaknesses of digital money systems and underscores the need for stronger digital security.
The suspects, aged between 20 and 26, are facing hacking charges after reportedly stealing over US$61,000 from unsuspecting victims’ EcoCash accounts. Thirty-one complainants are involved in the case.
According to the State, the accused conspired to exploit Econet Zimbabwe’s EcoCash platform, targeting victims through phishing schemes.
Starting in November last year, the suspects allegedly sent fraudulent links to users, falsely claiming to offer free data bundles.
Victims who clicked on these links were directed to fake portals, where they were instructed to provide personal details, including their mobile numbers.
In a final deceptive move, the suspects would call the victims, requesting the One-Time PIN (OTP) sent to their phones.
Using the OTP, the hackers gained unauthorised access to the victims’ EcoCash accounts, transferring funds to accounts they controlled.
Weaknesses and strengths of digital currencies
While several countries have been moving towards cashless economies, phishing has become increasingly common.
For instance, in the United States and other countries transitioning to digital payments, some fraudsters create fake portals that allow them to extract money from Visa-enabled gift cards whenever users attempt to check their balances online.
Typically, they design pages that closely resemble the official landing pages used by the companies administering the gift cards.
As a result, users may unknowingly input their debit card details, directly handing sensitive information to criminals.
Surveillance
In other cases, digital currencies mean that most transactions occur online, making it easier for governments and other entities to access individuals’ transactional histories.
This also means that authorities can more easily freeze or bar assets at any time.
However, this has been defended as a positive measure because it helps track and prevent unlawful transactions that may finance terrorism or other criminal activities.
Digital safety
One key lesson is that digital currencies and mobile money platforms must be designed with multi-layered authentication beyond OTPs, behavioural monitoring to detect unusual transactions, and real-time fraud alerts that can freeze suspicious transfers before money is moved.
Cybersecurity experts argue that telecom and fintech companies need to invest more in proactive threat detection rather than reacting after losses occur.
This could include artificial intelligence systems that flag abnormal login patterns, rapid takedown of phishing sites, and closer collaboration with law enforcement to disrupt criminal networks early.
Consumer education has also emerged as critical.
Regular public campaigns should warn users never to share OTPs, passwords or personal details, and to avoid clicking unsolicited links.
Regulators, meanwhile, must strengthen oversight of digital financial services by setting minimum cybersecurity standards, mandating transparent fraud reporting, and ensuring victims can recover funds when platforms fail to protect them.
