{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T01:59:36Z","timestamp":1777514376209,"version":"3.51.4"},"reference-count":72,"publisher":"Association for Computing Machinery (ACM)","issue":"CSCW1","license":[{"start":{"date-parts":[[2021,4,13]],"date-time":"2021-04-13T00:00:00Z","timestamp":1618272000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Hum.-Comput. Interact."],"published-print":{"date-parts":[[2021,4,13]]},"abstract":"Mobile-based scams are on the rise in emerging markets. However, the awareness about these scams and ways to avoid them remains limited among mobile users. We present a qualitative analysis of the dynamics of mobile-based fraud (specifically, SMS and call-based fraud) in Pakistan. We interviewed 96 participants, including different stakeholders in the mobile financial ecosystem: 71 victims of mobile-based scams, seven non-victims, 15 mobile money agents, and three officials from regulatory agencies that investigate mobile-based fraud. Leveraging the perspectives from these stakeholders and analyzing mobile-based fraud with a four-step social-engineering attack framework, we make four concrete contributions: First, we identify the nuances as well as specific tactics, methods, and resources that fraudsters use to scam mobile users. Second, we look at other actors, beyond the victim and the adversary, involved or affected by fraud and their roles at each step of the fraud process. Third, we discuss victims' understanding of mobile fraud, their behavior post-realization, and their attitudes toward reporting fraud. Finally, we discuss possible points of intervention and offer design recommendations to thwart mobile fraud, including addressing the vulnerabilities discovered in the ecosystem, utilizing existing actors to mitigate the consequences of these attacks, and realigning the design of fraud reporting mechanisms with the sociocultural practices.<\/jats:p>","DOI":"10.1145\/3449115","type":"journal-article","created":{"date-parts":[[2021,4,22]],"date-time":"2021-04-22T17:47:59Z","timestamp":1619113679000},"page":"1-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":27,"title":["\"We Even Borrowed Money From Our Neighbor\""],"prefix":"10.1145","volume":"5","author":[{"given":"Lubna","family":"Razaq","sequence":"first","affiliation":[{"name":"University of Washington & Lahore Information Technology University, Seattle, WA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tallal","family":"Ahmad","sequence":"additional","affiliation":[{"name":"Lahore University of Management Sciences, Lahore, Pakistan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Samia","family":"Ibtasam","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, WA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Umer","family":"Ramzan","sequence":"additional","affiliation":[{"name":"Information Technology University Lahore, Gujranwala, Pakistan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shrirang","family":"Mare","sequence":"additional","affiliation":[{"name":"Western Washington University, Bellingham, WA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,4,22]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-71078-5_28"},{"key":"e_1_2_1_2_1","volume-title":"Personal data of a billion Indians sold online for \u00a36. Retrieved","author":"Adhaar Leak","year":"2018","unstructured":"Adhaar Leak [n.d.]. Personal data of a billion Indians sold online for \u00a36. Retrieved Jan 2018 2020 from https:\/\/www. theguardian.com\/world\/2018\/jan\/04\/india-national-id-database-data-leak-bought-online-aadhaar"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3287098.3287136"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2909609.2909661"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3025961"},{"key":"e_1_2_1_6_1","volume-title":"Control of fraud on mobile money services in Ghana: an exploratory study. Journal of Money Laundering Control","author":"Akomea-Frimpong Isaac","year":"2019","unstructured":"Isaac Akomea-Frimpong, Charles Andoh, Agnes Akomea-Frimpong, and Yvonne Dwomoh-Okudzeto. 2019. Control of fraud on mobile money services in Ghana: an exploratory study. Journal of Money Laundering Control (2019)."},{"key":"e_1_2_1_7_1","unstructured":"Pakistan Telecommunication Authority. [n.d.]. Biometric Verification. https:\/\/www.pta.gov.pk\/en\/consumer-support\/ complaints\/biometric-verifications"},{"key":"e_1_2_1_8_1","unstructured":"Pakistan Telecommunication Authority. [n.d.]. Telecom Indicators. https:\/\/www.pta.gov.pk\/en\/telecom-indicators"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","unstructured":"Geoffrey Barbier and Huan Liu. 2011. Data Mining in Social Media. In Social Network Data Analytics Charu C. Aggarwal (Ed.). Springer US. https:\/\/doi.org\/10.1007\/978-1-4419-8462-3_12","DOI":"10.1007\/978-1-4419-8462-3_12"},{"key":"e_1_2_1_10_1","unstructured":"Anurag Bhatia. [n.d.]. Decline of landline in India. https:\/\/telecomtalk.info\/decline-of-landline-in-india\/66093\/"},{"key":"e_1_2_1_11_1","volume-title":"Thirteenth Symposium on Usable Privacy and Security ({SOUPS}","author":"Bowers Jasmine","year":"2017","unstructured":"Jasmine Bowers, Bradley Reaves, Imani N Sherman, Patrick Traynor, and Kevin Butler. 2017. Regulators, mount up! Analysis of privacy policies for mobile money services. In Thirteenth Symposium on Usable Privacy and Security ({SOUPS} 2017). 18 pages."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3317549.3319723"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","unstructured":"V. Braun V. Clarke V. Braun and V. Clarke. 2006. Using Thematic Analysis in Psychology. Qualitative Research in Psychology 3 2 (2006) 25 pages. http:\/\/dx.doi.org\/10.1191\/1478088706qp063oa","DOI":"10.1191\/1478088706qp063oa"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3001913.3001919"},{"key":"e_1_2_1_15_1","article-title":"Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism","volume":"9","author":"Chiasson Sonia","year":"2011","unstructured":"Sonia Chiasson, Elizabeth Stobert, Alain Forget, Robert Biddle, and Paul C Van Oorschot. 2011. Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE Transactions on Dependable and Secure Computing 9, 2 (2011), 14 pages.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1057\/sj.2014.49"},{"key":"e_1_2_1_17_1","volume-title":"A comparison of password feedback mechanisms and their impact on password entropy. Information Management & Computer Security","author":"Ciampa Mark","year":"2013","unstructured":"Mark Ciampa. 2013. A comparison of password feedback mechanisms and their impact on password entropy. Information Management & Computer Security (2013)."},{"key":"e_1_2_1_18_1","unstructured":"DAWN. [n.d.]. FRADULENT ACTIVITIES: FIA recovers 2000 SIMS from eight suspecrs. http:\/\/www.fia.gov.pk\/en\/images\/ 2018\/nov\/full_news\/21-11-2018%201.jpg"},{"key":"e_1_2_1_19_1","volume-title":"Alignment of organizational security policies--theory and practice","author":"Dimkov Trajce","unstructured":"Trajce Dimkov. 2012. Alignment of organizational security policies--theory and practice. University of Twente (2012)."},{"key":"e_1_2_1_20_1","unstructured":"Jie Du and Gregory Schymik. 2018. Gender Difference on Students' Email Security Behaviors. (2018)."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102171"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1111\/jasp.12158"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359304"},{"key":"e_1_2_1_24_1","volume-title":"Managing the risk of fraud in mobile money","author":"Gilman Lara","year":"2012","unstructured":"Lara Gilman and Michael Joyce. 2012. Managing the risk of fraud in mobile money. GSMA: Mobile Money for Unbanked (MMU) (2012)."},{"key":"e_1_2_1_25_1","volume-title":"The\" cool factor\" of public access to ICT. Information Technology & People 23, 3","author":"Gomez Ricardo","year":"2010","unstructured":"Ricardo Gomez and Elizabeth Gould. 2010. The\" cool factor\" of public access to ICT. Information Technology & People 23, 3 (2010)."},{"key":"e_1_2_1_26_1","unstructured":"Government of Pakistan. 2020. Pakistan Telecommunication Authority. https:\/\/pta.gov.pk\/en"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102199.1102214"},{"key":"e_1_2_1_28_1","volume-title":"The Mobile Economy","author":"Intelligence GSM","year":"2019","unstructured":"GSM Intelligence. 2019. The Mobile Economy 2019. Annual. GSM Association. https:\/\/www.gsma.com\/mobileeconomy\/"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1083-6101.2007.00396.x"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3136560"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3209811.3209819"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359148"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1290958.1290968"},{"key":"e_1_2_1_35_1","volume-title":"Proceedings of the 17th ACM conference on Computer supported cooperative work & social computing. 13 pages.","author":"Johri Aditya","year":"2014","unstructured":"Aditya Johri and Janaki Srinivasan. 2014. The role of data in aligning the'unique identity'infrastructure in India. In Proceedings of the 17th ACM conference on Computer supported cooperative work & social computing. 13 pages."},{"key":"e_1_2_1_36_1","volume-title":"Agent Network Accelerator Research: Pakistan Country Report","author":"Khan Imran","year":"2017","unstructured":"Imran Khan, Mimansa Khanna, Sidra Butt, and Vera Bersudskaya. 2017. Agent Network Accelerator Research: Pakistan Country Report September 2017. Helix Institute of Digital Finance (Sept. 2017)."},{"key":"e_1_2_1_37_1","volume-title":"Consumer vulnerability to scams, swindles, and fraud: A new theory of visceral influences on persuasion. Psychology & Marketing 18, 7","author":"Langenderfer Jeff","year":"2001","unstructured":"Jeff Langenderfer and Terence A Shimp. 2001. Consumer vulnerability to scams, swindles, and fraud: A new theory of visceral influences on persuasion. Psychology & Marketing 18, 7 (2001), 21 pages."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSE.2009.241"},{"key":"e_1_2_1_39_1","unstructured":"Johnny Long. 2011. No tech hacking: A guide to social engineering dumpster diving and shoulder surfing. Syngress."},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3025875"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376167"},{"key":"e_1_2_1_44_1","volume-title":"Is online trust and trust in social institutions associated with online disclosure of identifiable information online? Computers in Human Behavior 28, 4","author":"Mesch Gustavo S","year":"2012","unstructured":"Gustavo S Mesch. 2012. Is online trust and trust in social institutions associated with online disclosure of identifiable information online? Computers in Human Behavior 28, 4 (2012), 7 pages."},{"key":"e_1_2_1_45_1","volume-title":"Social networking sites and low-income teenagers: between opportunity and inequality. Information","author":"Micheli Marina","year":"2016","unstructured":"Marina Micheli. 2016. Social networking sites and low-income teenagers: between opportunity and inequality. Information, Communication & Society 19, 5 (2016), 17 pages."},{"key":"e_1_2_1_46_1","unstructured":"Ministry of Interior Government of Pakistan. 2020. Federal Investigation Agency. http:\/\/www.fia.gov.pk\/en\/index.php"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44208-1_22"},{"key":"e_1_2_1_48_1","volume-title":"Social engineering attack examples, templates and scenarios. Computers & Security 59","author":"Mouton Francois","year":"2016","unstructured":"Francois Mouton, Louise Leenen, and Hein S Venter. 2016. Social engineering attack examples, templates and scenarios. Computers & Security 59 (2016), 24 pages."},{"key":"e_1_2_1_49_1","unstructured":"Adil Najam Faisal Bari et al. [n.d.]. Pakistan National Human Development Report 2017*. https:\/\/planipolis.iiep.unesco. org\/sites\/planipolis\/files\/ressources\/pakistan_nhdr_2017.pdf"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3025618"},{"key":"e_1_2_1_51_1","volume-title":"Nigerian Advanced Fee Fraud. Retrieved","year":"2020","unstructured":"nigerian scam [n.d.]. Nigerian Advanced Fee Fraud. Retrieved May 2020 from http:\/\/www.consumerfraudreporting. org\/nigerian.php"},{"key":"e_1_2_1_52_1","volume-title":"Privacy as contextual integrity, 79 Wash. L. Rev 119, 121","author":"Nissenbaum Helen","year":"2004","unstructured":"Helen Nissenbaum. 2004. Privacy as contextual integrity, 79 Wash. L. Rev 119, 121 (2004), -98 pages."},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3314344.3332500"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3209811.3209817"},{"key":"e_1_2_1_55_1","volume-title":"Phishing Attacks: Analyzing Trends in 2006.. In CEAS. Citeseer.","author":"Ramzan Zulfikar","year":"2007","unstructured":"Zulfikar Ramzan and Candid W\u00fcest. 2007. Phishing Attacks: Analyzing Trends in 2006.. In CEAS. Citeseer."},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00059"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978307"},{"key":"e_1_2_1_58_1","doi-asserted-by":"crossref","unstructured":"Stuart Ross Russell G Smith et al. 2011. Risk factors for advance fee fraud victimisation. Trends and Issues in Crime and Criminal Justice 420 (2011).","DOI":"10.52922\/ti268334"},{"key":"e_1_2_1_59_1","unstructured":"Kevin A Roundy Paula Barmaimon Mendelberg Nicola Dell Damon McCoy Daniel Nissani Thomas Ristenpart and Acar Tamersoy. [n.d.]. The Many Kinds of Creepware Used for Interpersonal Attacks. ([n. d.])."},{"key":"e_1_2_1_60_1","volume-title":"Understanding and capturing people's privacy policies in a mobile social networking application. Personal and Ubiquitous Computing 13, 6","author":"Sadeh Norman","year":"2009","unstructured":"Norman Sadeh, Jason Hong, Lorrie Cranor, Ian Fette, Patrick Kelley, Madhu Prabaker, and Jinghai Rao. 2009. Understanding and capturing people's privacy policies in a mobile social networking application. Personal and Ubiquitous Computing 13, 6 (2009), 12 pages."},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300232"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/3155050"},{"key":"e_1_2_1_63_1","volume-title":"Fourteenth Symposium on Usable Privacy and Security ({SOUPS}","author":"Sambasivan Nithya","year":"2018","unstructured":"Nithya Sambasivan, Garen Checkley, Amna Batool, Nova Ahmed, David Nemer, Laura Sanely Gayt\u00e1n-Lugo, Tara Matthews, Sunny Consolvo, and Elizabeth Churchill. 2018. \" Privacy is not for me, it's for those rich women\": Performative Privacy Practices on Mobile Phones by Women in South Asia. In Fourteenth Symposium on Usable Privacy and Security ({SOUPS} 2018). 16 pages."},{"key":"e_1_2_1_65_1","volume-title":"PTA blocks eight numbers over Ehsaas programme fraud. SAMAA News (April","author":"Ali Shehzad","year":"2020","unstructured":"Shehzad Ali. 2020. PTA blocks eight numbers over Ehsaas programme fraud. SAMAA News (April 2020). https: \/\/www.samaa.tv\/news\/pakistan\/2020\/04\/pta-blocks-eight-numbers-over-ehsaas-programme-fraud\/"},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/2371664.2371685"},{"key":"e_1_2_1_67_1","volume-title":"Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI). ACM, 49 pages.","author":"Singh Ranjit","unstructured":"Ranjit Singh and Steven J. Jackson. 2017. From Margins to Seams: Imbrication, Inclusion, and Torque in the Aadhaar Identification Project. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI). ACM, 49 pages."},{"key":"e_1_2_1_68_1","unstructured":"Russell G Smith and Alice Hutchings. 2014. Identity crime and misuse in Australia: Results of the 2013 online survey. (2014)."},{"key":"e_1_2_1_69_1","volume-title":"International Journal of Communication 12","author":"Srinivasan Janaki","year":"2018","unstructured":"Janaki Srinivasan, Savita Bailur, Emrys Schoemaker, and Sarita Seshagiri. 2018. Privacy at the margins| The poverty of privacy: Understanding privacy trade-offs from identity infrastructure users in India. International Journal of Communication 12 (2018)."},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/1897852.1897872"},{"key":"e_1_2_1_71_1","volume-title":"Census to start from 15th with Pak Army support. https:\/\/dailytimes.com.pk\/23621\/census-to-start-from-15th-with-pak-army-support\/","author":"Times Daily","unstructured":"Daily Times. [n.d.]. Census to start from 15th with Pak Army support. https:\/\/dailytimes.com.pk\/23621\/census-to-start-from-15th-with-pak-army-support\/"},{"key":"e_1_2_1_72_1","unstructured":"unbanked [n.d.]. State Bank of Pakistan. https:\/\/www.sbp.org.pk\/Finc\/About.asp"},{"key":"e_1_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/3209811.3209818"},{"key":"e_1_2_1_74_1","volume-title":"Proceedings of the ACM on Human-Computer Interaction 2, CSCW","author":"Vitak Jessica","year":"2018","unstructured":"Jessica Vitak, Yuting Liao, Mega Subramaniam, and Priya Kumar. 2018. 'I Knew It Was Too Good to Be True\" The Challenges Economically Disadvantaged Internet Users Face in Assessing Trustworthiness, Avoiding Scams, and Developing Self-Efficacy Online. Proceedings of the ACM on Human-Computer Interaction 2, CSCW (2018), 25 pages."},{"key":"e_1_2_1_75_1","volume-title":"Broken windows. Atlantic monthly 249, 3","author":"Wilson James Q","year":"1982","unstructured":"James Q Wilson and George L Kelling. 1982. Broken windows. Atlantic monthly 249, 3 (1982), 29--38."},{"key":"e_1_2_1_76_1","article-title":"Phishing, SMiShing & Vishing: an assessment of threats against mobile devices","volume":"5","author":"Yeboah-Boateng Ezer Osei","year":"2014","unstructured":"Ezer Osei Yeboah-Boateng and Priscilla Mateko Amanor. 2014. Phishing, SMiShing & Vishing: an assessment of threats against mobile devices. Journal of Emerging Trends in Computing and Information Sciences 5, 4 (2014), 11 pages.","journal-title":"Journal of Emerging Trends in Computing and Information Sciences"}],"container-title":["Proceedings of the ACM on Human-Computer Interaction"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3449115","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3449115","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:17:46Z","timestamp":1750191466000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3449115"}},"subtitle":["Understanding Mobile-based Frauds Through Victims' Experiences"],"short-title":[],"issued":{"date-parts":[[2021,4,13]]},"references-count":72,"journal-issue":{"issue":"CSCW1","published-print":{"date-parts":[[2021,4,13]]}},"alternative-id":["10.1145\/3449115"],"URL":"https:\/\/doi.org\/10.1145\/3449115","relation":{},"ISSN":["2573-0142"],"issn-type":[{"value":"2573-0142","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,4,13]]},"assertion":[{"value":"2021-04-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}