Kenya: The mobile phone, which has become one of the most trusted gadgets today, could lead you to financial ruin. Technology savvy criminals have devised means of accessing vital information to gain unfettered access to your bank accounts and mobile money platforms.
The crime is being perpetrated by criminals with the aid of some insiders. These are employees in mobile phone service providers, who have gone rogue and are exploiting the rich data left around by clueless customers.
Although security experts are warning Kenyans not to give away their national Identity card numbers and dates of birth, if you been to an establishment where you were asked to deposit your national Identity card and provide mobile telephone number, there are chances of this vital information landing in the hands of criminals who could clean your bank accounts. Investigations by Sunday Standard show that some establishments have even been scanning national IDs of visitors before they are allowed into some offices, a development being exploited by the scammers.
There are reports that some applications developed by some lending institutions to provide loans via mobile phones has become a rich source of information for the criminals. Some lenders, sources said, have been demanding very personal information such as the geographical location the applicant lived. Although the magnitude of this crime has not yet been established, there are indications that thousands of Kenyans have lost millions through the scam perpetrated by the faceless criminals lurking behind computers.
Yesterday, following a national outcry from numerous Kenyans who had lost money to the fraudsters, the Directorate of Criminal Investigations, George Kinoti announced that they had netted key suspects in connection with the Sim Swap syndicate.
In the official Facebook page, the DCI announced, “Yesterday, detectives arrested Mr. Maurice Musoti an employee of Safaricom and Rian Obaga Nyagaka, a fourth-year student studying Bachelor of Science Engineering at Jomo Kenyatta University of Agriculture & Technology (JKUAT).” The DCI reported that they had recovered “One Laptop make Apple, 160 Unused Safaricom SIM cards, 44 Used Safaricom SIM cards, five Till Agent numbers, 3 Mpesa, Safaricom Books, internet Booster Router and two mobile phones; a blackberry and Samsung J7.”
Although this case is still under investigations and the detectives are still trying to establish whether the suspects are guilty, a report released by Safaricom shows that there has been cases of some insiders being involved in fraudulent activities.
According to the Safaricom Sustainability Report, 2017, the number of staff dismissed for fraudulent behaviour increased to 52, and the types of frauds were theft; asset misappropriation (cash collections and devices); policy breaches (unauthorized access to data systems); and fraudulent SIM swap/M-PESA.
Suspicious calls One helpless victim recently complained how he had lost a lot of money by some con men who had hacked into his mobile phone line and left even footprints of their crimes for they were using registered lines but when he contacted the service provider, he was told to report to the police.
Am sad about how you act to your costumer. Today I was conned a lot of money by some con-men after they hacked my line. Their lines are registered yet you claim you can’t help me recover even a bit of my cash. So I shouldn’t trust you? You have all the means to help your customers and feel secure. I need your help!” wrote the subscriber on the service providers facebook account. The service provider’s response was, “Good morning (name withheld). Sorry for the experience, Please report the issue to the police to assist.”
Last Friday, Safaricom advised subscribers, to report any suspicious calls or transactions to the company and the police for action. Safaricom Director of Risk Management Nicholas Mulila said: “We wish to advise customers to report any suspected interference with their SIM Cards or theft of personal details to us by calling 100 or 200, or via a text message to 333 for assistance. Customers should also report these cases to law enforcing agencies with urgency.”
Noting that Safaricom was concerned by the reports on social engineering and theft of customer information leading to fraudulent SIM swaps, the company told subscribers to safeguard information such as SIM and M-PESA PINs, dates of birth and national identity numbers.
At the same time, Communications Authority of Kenya, through National Kenya Computer Incident Response Team Coordination Centre also said it had received reports of theft of personal identifiable information (PII), through social engineering, leading to sim swap. According to the Authority, the fraudster usually makes a call pretending to be an employee of a mobile network operator and asks the unsuspecting subscriber to share their PIII, such as their national ID, mobile money pin, or simcard pin. After obtaining the PIII, the criminals then illegally replace the sim card, gaining access to all SIM services including mobile money transfer, mobile and internet banking Voice calls, SMS, and any other services that can be transacted through phone.
A cyber security expert, Bright Gameli explained that once the criminals accessed this information, they then raided the mobile money wallet or bank accounts which they empty. “There have been cases of some fraudsters applying for loans using the lines without the knowledge or permission of the real owners. Some have even paid for services such TV, water and electricity through the swapped cards,” he added. “Ideally, if you lose a phone, you report to the service provider where you replace the line and block the old one. This is the same method the criminals are using, hacking systems to get a new card without necessarily producing an ID,” added Gameli.