Six Tips to Protect yourself against Online Scams in Kenya

crop ethnic trader using smartphone against laptop at home
Photo by Liza Summer on

The chances of getting scammed are getting higher in recent times. More and more Kenyans are reporting online scams and cyber-attacks every day. An online scam is a dishonest scheme orchestrated via the internet to fleece innocent, unsuspecting victims of their money or valuable information.

Kenya National Bureau of Statistics reported that there was a five-fold increase in online scams between 2019 and 2020. This article will provide tips to avoid falling for the different types of online scams that are prevalent in Kenya today.

Tip 1. Verify Online Investment offers from the Capital Markets Authority (CMA)

While online you will come across various investment offers. To ensure you are investing in an authentic and legitimate online platform, you should verify from the Capital Market Authority (CMA) in Kenya.

The CMA is the government agency saddled with the responsibility of licensing and regulating the activities of any financial service provider in Kenya. Any investment platform licensed by the CMA is considered safe. To verify, visit the CMA website and view the list of licensees.

Many investment scams that border on forex and cryptocurrency are perpetuated in Kenya. For the avoidance of doubt the Capital Market Authority of Kenya has licensed only 6 non-dealing forex brokers to operate in Kenya. Cryptocurrency investments are also not regulated by the Kenyan government so you should tread carefully.

This is because many Kenyans lost money to crypto currency scams  like the case of Bit stream circle, a crypto firm that had more than 10,000 followers who paid a registration fee of KSh2, 340 each. One day their crypto app was disabled by the scammers and never came up again causing investors to lose KSh 1.18 billion in 97 days.

When you deal with investment firms not licensed by the CMA, they can dupe you and runaway especially when they operate from oversea jurisdictions. Chances of retrieving your money are slim.

Tip 2:  Never Click On Unknown Links

 This is a common phishing method employed by scammers. It includes sending messages containing links or attachments to a large number of people and hoping they click on them. This link or attachment usually contains malware that attacks your PC and extracts the information they need from you.

If you are asked to click on any link, hover your cursor over it first to reveal to destination URL you’re being redirected to. If this URL doesn’t match the anchor text, then don’t click.

An online scammer could also create a fake landing welcome page of a legitimate organization you patronize, and send you a link saying you’ve won a free gift. Once you click on the link it redirects you to the fake welcome page and asks you to enter your login details after which it displays an error message. At this point, your login details have been stolen.

Tip 3. Use Two-Factor Authentication (2FA)

2FA is a two-step verification process that requires you to provide two distinct forms of authentication before logging in. 2FA usually combines something you know and something you have.

Unlike the Single Factor Authentication which requires users to provide only one factor usually a password, 2FA provides an additional layer of security making it harder for cybercriminals to gain access to your account. Let us discuss how 2FA plays out below:

Firstly, we have verification codes sent to your phone number or email. Here, on inputting your password while attempting to login, a one-time password (OTP) is sent to the phone number or email you registered the account with. This is to confirm that the true owner is the one accessing the account.

An example is the OTP during online transactions where your bank sends a one-time password to your number to authenticate you. 

Secondly, you can install an authenticator app like Google authenticator, Microsoft Authenticator, or Authy, on your device. On the app, you specify the websites you want to use 2FA on.

Whenever you want to login, the authenticator app generates a secret code which you then use as the second form of authentication on the app you are trying to access.

The advantage of authentication apps, is that they eliminate the chance of a scammer accessing the verification code sent to your phone number after carrying out a SIM swap. For example a Kenyan man was reported to have lost a huge sum of money to hackers via SIM swap.

He got a message from Safaricom saying a SIM swap had been initiated and before he could do anything, what followed was series of debit alerts totaling KSh2.6 million, almost emptying his accounts.

This is why authenticator apps are preferred to SMS verification in 2FA. If he had an authenticator app, the SIM swap would be useless since the verification code for cash withdrawal will be generated in the app which is on his phone.

Tip 4. Avoid lodging complaints on social media comment sections

 I know many Kenyans feel it’s easy to lodge complaints about the issues they encounter while using an online app on the social media pages of their bankers or online malls. Please resist the urge as scammers now create profiles that seem exactly like a staff of these companies.

When you make a complaint through social media, they reply to you as a staff, gain your trust and ask you to provide sensitive information such as passwords or pins that will enable them to solve your problem or complaint, if you do that, they access your accounts and steal your funds. This type of online scam is called angler phishing.

It involves the cybercriminals positioning themselves on different pages on different social media platforms and directly messaging them to provide important information bothering mostly on their finance in return for helping them solve a problem or increase their investment returns. This type of scam is getting popular and it is important you know don’t fall victim to it.

Tip 5. Do not take financial advice from online dating sites

While we can find love anywhere even on the internet, you should not take financial advice from anyone, especially one you met on an online dating site. This is because scammers have thronged these dating sites posing as love-seekers with hidden agenda to rip innocent victims of their fortunes.

This type of cyber scam is called butchering the pig. The scammer takes time to build a romantic relationship with you. This is done to gain the absolute trust. This period is known as “grooming or fattening the pig”.

After that, he introduces you to some form of online investment scheme claiming you can make huge returns.

The scammer allows you to withdraw in the first instance, this builds trust and makes you invest huge funds later on. After you’ve invested huge funds, then the ‘slaughter’ occurs where the scammer cuts off all communication from you and disables the investment app.

Kaspersky reported that 29% of Kenyans who use dating sites experienced fraud attempts, and 72% of Kenyans said the scammer asked for money to pay transport to come and visit them.

To avoid falling for this scam, you should be careful when meeting people online. Have control over your digital asset and do your research on any investment opportunity you are introduced to.

Tip 6. Don’t share personal Information on social media

If you might think your personal information shared on social media is not of any importance to a cybercriminal, then you are wrong. The more cybercriminals know about you, the higher your likelihood of falling prey to their schemes.

How do they use your social media information against you? Let’s say you go to a furniture company to order new furniture and you post the picture on social media and geo-tag your location and name of the shop.

A scammer can easily contact the shop pretending to be you, and say that he may have given them a wrong delivery address for the furniture. He could then ask them to reconfirm the address they have in their books. Once they reconfirm, the scammer has gotten your true address.

Online scammers can also use information you shared on social media to guess your password. For example, if you share your kid’s name, pet’s name, wedding anniversary etc., they can use such and your password if you use such for password.

However, while it is important to enjoy the benefits of social media, you should maintain good internet hygiene by ensuring your sensitive information are not in the public domain or your account is set to private.

You Have to Be Careful

More than ever you have to be careful when dealing online as cyber criminals are daily devising means to scam people of their hard-earned fortune. The tips explained above if adhered to can guarantee you make the most out of the internet without falling prey to marauding cybercriminals.