Alright. People have been subjected to a new con game where fraudsters use Safaricom’s 072200000 line to reach out to customers, and lie about their intentions for a sole purpose: steal from them by emptying their M-PESA wallets. This sad conversation has been going on for a while and was actually reported widely in early 2019, gained momentum over the months, reached its peak later that year after a couple of Twitter users, most of whom confess that they are savvy enough to smell a fraudster from a mile away fell prey to these criminals.
Before we can examine the details of the scam, let’s address a few basics.
Yes, people are being called by Safaricom’s official number (0722000000)
Often, we have a series of customer care queries, and for those that cannot be solved via its 100 call centre or social media engagements, the carrier sees it fit to reach out to affected customers via the named number. It is a standard line because, well, Safaricom is Kenya’s biggest mobile operator, and the majority of people have interacted with it before, or have been told that that is their official line.
This situation has since created a channel for thieves who have understood that their target will believe them if they engage them in their crafty con game. Surely, who wouldn’t believe a call originating from the number? – bearing in mind that our Safaricom lines are tied to many services that may need further clarification from the carrier in the name of a phone conversation?
Affected parties have good money in their M-PESA
It should be noted people who have fell victim to this form of fraud are not many, but the suspicious thing is that they have a substantial amount of money in their M-PESA wallets. That is the kind of information that only folks at Safaricom have access to – and if we extrapolate from this premise, then it is a sound assumption that these cons have a relationship with the carrier, and that is as dangerous as it sounds. To this end, we have come to understand that some of these cases are targeted by design, and some people have even mentioned that they got a call from 0722000000 quizzing about their M-PESA details. Most of them had thousands of shillings loaded up in their accounts!
But how come Safaricom does not have enough checks on people who have access to the 0722000000 extensions?
In the past, people could get called by their loved ones, friends, or family that worked at Safaricom with the named number. It is one of those things Safaricom staff used to do, perhaps to genuinely reach out to their people (I am not sure if it is illegal to make personal calls using the extension) or to flex to them that they have a unique number. This activity has however not been common, maybe because Safaricom restricted access to approved employees or some other security reason. This has also been confirmed via a Twitter user who says that very few people can use the extension for external calls.
But still, people are being defrauded. But how?
Caller ID spoofing
This is an old technology that changes a caller’s ID to a number of their choice. While there are apps that can do this, the entire process of pulling it off, in this case, to display the 0722000000 number is not something many people can do. Thus, it is likely that whoever is performing these criminal calls has good IT knowledge, or has been apprised of the carrier’s security breaches to take advantage of. The details of the exercise have been discussed extensively and excellently by a Twitter user called Pauline.
Today I want to educate Kenyans on the new Safaricom ccon game on the Kenyan market. They say knowledge is important only when shared. A thread. pic.twitter.com/jZanzMK1Jb
— Pauline. (@kot_hacker) January 7, 2020
Anyway, she summarizes the thread by saying that while the hack is possible, most of it is done by insiders who understand Safaricom’s system and can play around with it.
Oh, this con game is a little different too
You see, M-PESA has been targeted by criminals because it is wildly popular and has a large sample size for cons to toy around with. It is synonymous with Windows being vulnerable to malware and viruses because millions of people use it, unlike Linux distros that are secure because the number of people using them is significantly fewer. The same thing can be said for Equitel that has gained a fair share of fraudsters.
Ordinarily, thieves randomly pick a number and spam it with social engineering SMSes or calls.
However, this new scam, as mentioned, does not rely on probabilities. They appear to know who they are calling and engage you in a manner that will make you trust them by asking personal questions and giving you ID details that they somehow have at their disposal.
Who has been affected?
There are several people that have fronted their stories on Twitter. It is a long conversation with damning details, so here are two threads that you can start with:
Conmen are now calling using Safaricom's official number. The game done changed
— DOR (@Danfar_) January 6, 2020
To answer a bunch of y’all, here’s what happened….
— Mukira. (@jnmukira) December 16, 2019
Possibly, additional people that may have been affected do not have social media accounts to detail their cases.
Safaricom, as always, will tell you to report the matter to the nearest Police Station, but we know how all that goes in the long run.
Other people cannot disclose being coned because they are embarrassed or fear being shamed by their listeners.
At the same time, the carrier has always insisted that customers should never reveal their M-PESA pins to anybody, not even people claiming to be Safaricom staff. This is right by all means, but it does not eliminate the fact that some people are not aware that PINs should be kept secret, and are subject to being shamed when they are scammed.
Investigations and remedies
In response to these claims, Safaricom says it will investigate all cases.
‘No stone will remain unturned,’ Safaricom said to one of its customers.
In the past, the operator fired workers who were involved in several cases of fraud and theft, including an employee that emptied an M-PESA account of a deceased customer.
Besides the probe, which we are confident will be thorough and will see some people charged or sent home, the carrier needs to do a better job by ensuring that the use of 072000000 is strictly for customer care services and nothing else. It also has a lousy rapport, so there is a lot of work that needs to be done to restore the faith that you and I had in it.
There are some cases where the number is saved in a target’s phone (where you save another phone address, but instead of a name, you use 0722000000). It can be identified by those who are keen, but it can easily be used to defraud you, especially if the thieves are people close to you. Just check your phone book if you are suspicious.
Lastly, keep your PINs a SECRET.
