Third parties licensed by the National Communication Authority to provide Value Added Services (VAS) have been known to perpetuate unsolicited subscriptions among mobile phone users in Ghana.

But how they go about it has been a mystery to many.

A Luv News investigation has found that some have largely been carrying out their operations through local and regional adult websites.

10 months after the exposé on unsolicited subscriptions, Luv News decided to revisit 28 participants in the first survey whether they’ve inadvertently re-subscribed to some of these services.

Unfortunately, 12 of them had been experiencing recurrent unsolicited subscriptions.

After several questions, it came out that the victims had them through some popular local and regional adult websites. These are Empressleak, Totoleak and Ugandanporn.

Empressleak is back for bad

In August 2020, the website which was implicated in sextortion was shut down by the Ghana Police service following the owner’s arrest.

However, the website resurfaced in just a matter of 3 months!

Services like Playinc and UGZ, which charge GHs 0.5 and 0.25 respectively every day were the subscriptions they’d ‘contracted’ from Empressleak.

Totoleak and Ugandanporn are also sites frequented by the victims. Four victims who confessed to visiting these websites had acquired Fanmoby Daily or Bid n Win, both of which charge GHs 0.21 daily and UGZ.

Trickling credit 2: Adult sites are portals for unsolicited subscriptions
UGZ is associated with all the adult sides.
Trickling credit 2: Adult sites are portals for unsolicited subscriptions
Fanmoby and Bid n Win which have originate from the same shortcode are associated with totoleak.
Trickling credit 2: Adult sites are portals for unsolicited subscriptions
Playinc is associated with Ugandanporn.

Our confirmation

Luv News decided to ascertain their statements. We, therefore, visited these adult sites and clicked on the videos.

We found that a subscription message followed as soon as we clicked on a video.

Trickling credit 2: Adult sites are portals for unsolicited subscriptions
As soon as a video is clicked, a message of unsolicited subscription pops up. Pic. Kwasi Debrah.

We again found that some prompts can take 2 hours before appearing on the phone.

That means after unsubscribing from, for instance, UGZ, as soon as a user clicks on another video, the subscription message will appear but will not immediately show. It can take about two hours for a subscription to show.

Therefore, victims do not notice they’ve been put on these subscriptions, as early checks will reveal nothing.

What is UGZ

In my investigations, I chanced upon a message a mobile phone user sent to Vodafone Ghana on this service which is yet to receive a response.

“I open the SMS only to see that I have a subscription to UGZ … What koraa is UGZ?” the user quizzed.

I’ve been trying to get answers from Vodafone Ghana about what UGZ, Playinc and Fanmoby subscriptions are all about, and on three occasions, they failed to explain.

Trickling credit 2: Adult sites are portals for unsolicited subscriptions
Last message from Vodafone Ghana  after my enquiry.

Interestingly, I happen to find complaints about this subscription on parkistancomplaints.com.

Trickling credit 2: Adult sites are portals for unsolicited subscriptions
UGZ is notorious for unsolicited subscription even in Pakistan.

Vulnerable telcos?

Luv News decided to present the situation to a cybersecurity expert at the Kwame Nkrumah University of Science and Technology, Dr. Emmanuel Ahene.

After going through these websites, he instantly labelled them phishing sites, a website set up to steal your identity, or at least part of it.

Dr. Ahene identifies vulnerabilities in the telco’s systems which can be exploited. First, he says that some telcos may lack intelligent security controls.

“If the telecom provider doesn’t have security controls that are more intelligent or if the telecom provider has security controls that have vulnerabilities, then it’s possible for the VAS providers that are malicious to exploit these vulnerabilities to get people subscribed without their consent,” he said.

Secondly, he notes VAS provider aggregators, who put all VAS providers together and deal with the telcos can also exploit vulnerabilities in the telcos system for revenue.

“It’s possible these aggregators if they’re malicious, can exploit the vulnerabilities.

Last, Dr. Ahene says if the telcos have a much more secure system, malicious VAS providers can collude with certain websites and embed malicious links to get people to subscribe.

“There’s where you find certain VAS providers using all means of getting subscribers, using all means to embed links in certain platforms to get people to subscribe,” he said.

Trickling credit 2: Adult sites are portals for unsolicited subscriptions
Dr. Ahene suspects VAS providers embed links in certain platforms to get people to subscribe.

User protection

Fortunately for users, the telcos have recently been doing well with providing a short code to unsubscribe in case of unsolicited subscriptions. Victims should dial *463# for Vodafone, *175# for MTN and Aitel Tigo, *100#.

However, the subscription process for Vodafone can be cumbersome as it involves more than four steps to unsubscribe as compared to MTN and Airtel Tigo.

Again, he recommends using website content checkers such as virus total and google site checker to know if the website has malicious threats.

Value Added Service providers are searching for every crevice to make revenue; it has become essential for mobile users to observe extra caution when surfing the internet to be free of unsolicited subscriptions.