We interact with brands using their social media handles, and in most cases, the correspondence, which is usually in the form of questions or clarifications, is made on Facebook, Twitter, and Instagram because it is easier and faster to get a response from the brands using those platforms.
However, the availability of brand information online has made a lot of customers targets of impersonation fraud, mostly on Twitter. This has frequently been the case for Safaricom, Kenya’s most-valuable brand and its M-PESA mobile money product. The cases have gotten so bad that it is now a norm to see a spam bot aping an official Safaricom account trying to respond to a user’s query. And the end game is the same: try as much as possible to scam the user.
But you may want to know, what really is social media impersonation fraud? Well, this is a form of identity theft scam, and it operates in a manner you might have already observed if you have a keen eye. A person, or people, creates a fake account of a popular brand, in this case, Safaricom or Zuku, name them. Using the fake accounts, the fraudsters then leverage their social engineering prowess to target unsuspecting users and try to extract information or money from them.
It is worth noting that these kinds of scams have become commonplace on Twitter, and might work very well for people who are not aware of a brand’s official handles. Safaricom, for example, has two handles: Safaricom PLC and Safaricom Care. Both are verified, but not all users on Twitter know that.
Say, a user has sent money to the wrong account. He or she will try a reversal by engaging Safaricom online. However, the scam bots are quick at identifying such queries, and they insert themselves in the conversation to help, but that is not the case.
We have seen reports of M-PESA customers reporting that they were scammed by an official social media account after sharing key M-PESA details with them. This, as we have come to learn, happens after the affected user shares their number/ID/DoB/email with the scammer. The user is then advised to dial some access codes, which then end up emptying their M-PESA wallets to the fraudster. The exercise happens so fast that by the time you realize the scam, the fraudster has already withdrawn the money and switched off their phone. If their kill is more than generous, they even deactivate the social media account they used for the scam.
In other cases, scammers target customers who have paid for a given service but have not received it. For example, Zuku customers are some of the culprits. A fake Zuku account might send you a DM requesting personal details such as a phone number, so it can help you address your fibre connection issue. Do not fall for this scam, and be vigilant at all times.
We mention Safaricom and M-PESA in this case because they represent a big brand. M-PESA also holds a lot of money for its customers, making them an easy target for this kind of fraud. And as said, it has become so frequent a scam that we do not know what Safaricom is doing about it to protect customers from being preyed on by these ruthless thieves.
Nonetheless, users should also be careful about online correspondence as far as Safaricom and M-PESA are concerned. Only engage these brands if you know their handles and have ensured that they are verified on all social media platforms. Also, you can check their follower/following count: Safaricom has millions of followers across its social media platforms, so if an account with tens of followers reaches out, kindly do not engage them.
You also need to check their usernames for spelling errors: most of these accounts use random numbers, or double letters to dupe users into thinking they are authentic. Safaricom, for instance, is spelled just like that and does not have any double or triple letters anyway. The accounts do not have numbers in their usernames as well.
If you suspect an account is a fake, kindly report it, and it will be suspended. Safaricom probably does that on its end, but these accounts keep coming up every single day, and it might get overwhelming trying to flag them.
We really hope Safaricom and M-PESA will conduct more public campaigns to educate their customers about this kind of impersonation scam because there are people losing money just because they are not savvy enough to spot a scam from a mile away.
What do you think Safaricom should do to eliminate or at least alleviate online scams that target their M-PESA customers?