Nairobi is not referred to as the concrete jungle for no reason. It takes a lot of wit, resilience and patience to make an honest living in the city.
There are countless ways in which scammers obtain your private information – and just when you think you've figured it all out, they come up with new ways to attack you.
Con artists have re-engineered their money scam tactics, leaving countless victims in their wake. Sadly, this has even led to death from shock in some instances.
Recently, a senior police officer in Nairobi fell victim to a SIM Swap scheme that ended up costing him Ksh600,000.
Here’s a bulleted list of how the police boss - someone arguably well-equipped to protect themselves against this kind of theft - lost his savings.
So, how exactly does a Sim Swap work? What other methods can be used to trick unsuspecting Kenyans to lose money? This is what we look at in detail, starting with the aforementioned SIM Swap.
SIM Swap Fraud – Red Flags
Safaricom describes SIM swap fraud as a scenario in which the con artists replace and take over a customer’s line. It is categorized as a form of identity theft.
Once fraudsters have your personal details including your PIN, ID number and date of birth, they are able to register an existing number in a SIM card in order to intercept notifications, one-time passwords, online banking profile and transactions as well as changing the account security settings.
“To avoid this disastrous activity, it is key to ensure your SIM card has an active SIM lock, use strong passwords and keep personal information off social media,” reads an excerpt from a statement by Safaricom.
Let’s break it down to the basics
A SIM, or Subscriber Identity Module, is a small chip that goes inside your phone (that you can swap out to another phone if needed).
It is important to note that SIM cards are unique and can store data.
Now, a SIM swap scam, also known as simjacking or SIM splitting, is a type of fraud in which a person attempts to take over a victim's account by taking advantage of the two-step verification that most platforms now require.
When the second step for authentication is a text message or a phone call, the scammer obtains the SIM's phone number and attempts to fraudulently log into an online account (such as your bank).
The scammers have to get enough information about a person beforehand. This could be via malicious software, or a phishing expedition - where a target(s) is contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
The scammer will then use this information to call your phone service provider and try to convince them that they are you.
They can then easily request for a SIM swap and thus gain access to everything available on your line.
How To Tell If You’re a Victim of SIM-Swapping
For one, your device will immediately lose connection, preventing you from making cellular calls, sending text messages, or using data.
Also, when a scammer tries to enter any of your accounts using a two-step verification process. Certain platforms like Gmail will immediately notify you if it thinks someone (who wasn’t supposed to) tries to access your account.
What To Do
If you notice that your SIM is having problems, contact your mobile service provider right away.
You can also go a step further and change the two-factor authentication method on all of your platforms.
How to Stay Safe
One can simply start by avoiding oversharing. Don't give unnecessary information to people, both online and in real life.
Create multiple email accounts and use your most private email account (the one that almost no one knows about) to log into your most important accounts, such as your bank account.
Always be careful of the emails you get. Remember that one method scammers like to use is phishing. Call or visit the company directly to make sure it’s them.
This is one of the most frequent scamming methods experienced by Safaricom users.
Usually, one gets a copy of an M-PESA message which would look authentic, however, the message content is usually modified.
For example ‘new M-PESA balance’ would be read as *LOCKED*. Avoid calling back the number of the sender or attempting to reverse the erroneously sent money, even upon their request.
Note that a genuine M-PESA message is sent from MPESA and not a customer’s line.
Do not refund the money as directed, instead request the sender to forward the message to 456 or call Safaricom for assistance.
Upon receiving a fake message, forward via SMS to 333 for free to ensure the numbers are blocked and other customers may not be defrauded in the future.
This has to be one of the most common scams in Kenya at the moment.
A recent exposé by Citizen TV showed just how this is done, with most of the culprits already behind bars where they operate a ‘mini call centre’ of their own.
There are thousands of testimonies of Kenyans who have sent money upon receiving distress messages apparently from family, friends or acquaintances. These are usually crafted to bring out a case of urgency.
For example, the message may inform you that your kid is in some kind of emergency and has been rushed to hospital. They then send this message to tens of thousands of random numbers in order to boost their chances of success, or increase their odds.
Out of 1,000 targets, chances of getting a parent with a kid in school are quite high, and that’s how they almost guarantee success.
Scammers manipulate your emotions. They are counting on you to act quickly in order to assist your family or friends. They are also counting on you to pay without questioning whether the situation is truly an emergency or if it even involves someone you know.
What To Do
If someone calls or sends a message claiming to be a family member or a friend desperate for money, fight the urge to send money immediately and hang up, or take a pause in case of a text.
Then call or text the family member or friend who is in trouble, or their school if that’s where the message or text allegedly came from. Check if they’re really in trouble.
On May 15 2021, a good number of Kenyans around the country who had invested in what they thought was a hot e-commerce app dubbed Amazon Web Worker Africa, woke up to find the app deleted from Google Play and the website unavailable.
They were all soon blocked across all platforms by those who had invited them to sign up. This was when it dawned on them that this was nothing but just another lucrative online scam.
The fundamental principles of these ponzi-like schemes are usually the same – an aggressive focus on referrals and user invites in exchange for rewards, sleek and professional websites and mobile applications, ambiguous and frighteningly simple tasks completed by users – eg. being paid to watch ads.
Many of the platforms make genuine payments to users at first, encouraging victims to invest more money and invite as many people as possible.
It's always the same story in the end: the platforms vanish into thin air.
This particular type of scam recently made global headlines, with the documentary ‘Tinder Swindler’ trending for several days.
Scammers use carefully crafted and appealing profiles to entice their victims, with whom they become acquainted and gain their trust.
Eventually, they may ask for personal financial information such as bank account details or conjure up sad stories to persuade you to send money.
As is the case with all scams, they always target your emotions. Therefore, as a rule of thumb, never make any financial decisions based on emotions. Always, take a minute to reflect and consult, before taking action.
Online scams, and fraud in general, has been on the rise in Nairobi, with con artists taking advantage of several loopholes.
For example, according to the GSMA State of the Industry Report on Mobile Money 2021, 8 million Kenyans use other people’s mobile money accounts to send and receive cash.
This has led to numerous cases of SIM card swap scams, sim boxing, fraud and identity theft among other types of mobile money-related scams.
To curb this, the Communication of Authority of Kenya has launched some initiatives such as the re-registration of SIM cards in a bid to have a clean and accurate registry.
In general, here is how you can protect yourself from online scams;