Online fraud cases are on the rise in Kenya, taking many forms such as identity theft, SIM swaps, hacking, and data leaks. This can be attributed to the growth in internet penetration and advancements in technology. Social media users on platforms such as Facebook, Twitter, and Tiktok frequently hear about such cases quite a lot.

Kenya, being a leader in mobile technology, is also one of the most targeted countries in terms of mobile fraud, which also captures other areas such as mobile money/banking scams. This makes a lot of sense because the country is known for its strides in mobile money (M-PESA, Airtel Money, and many other bank-related wallets) that have made the entire industry very attractive to fraudsters.

Admittedly, thousands of people have lost money to these cons, either through no fault of their own, or by basic social engineering.

It has also been noted that some Kenyans do not take care of their online security, and inadvertently give intruders personal information, which they then use to complete their fraudulent tasks such as illegal SIM replacements and wiping mobile money wallets clean.

However, how can users protect themselves from these cases? There are six points that Safaricom customers, in this case, need to be aware of.

  1. Safaricom customers who use social media platforms for customer care purposes must be aware of the telco’s social media handles. These handles are verified on both Twitter and Facebook. It also means that you only need to engage verified handles, and any other account that does not have a blue checkmark is obviously trying to scam you. We say this because we have seen a ton of bots/fake social media handles that masquerade as being official Safaricom handles; they even go as far as sending direct messages to social media users asking for personal details such as their phone numbers for additional assistance. Beware, because they clearly have ulterior motives. You can also report them so social media platforms can deactivate them – although they have a tendency of coming up every other day. Luckily, and in recent months, Safaricom bots on Twitter have substantially disappeared, which is a good thing because they often target customers on a daily basis.
  2. Safaricom will only call you on 0722000000. Any other number is not owned by Safaricom customer care agents and is likely attempting to scam you. Just take extra care and verify which number is calling you.
  3. In a case where a fraudster has attempted to reach out to you via a text or call, make sure you do not dial any numbers or combination of numbers and special characters as this could see you lose money in your M-PESA wallet.
  4. After doing that, make sure you report the fraudulent number by forwarding it to 333. Safaricom will investigate its authenticity and ban it from its network.
  5. Make sure that you can only replace your SIM card at a Safaricom Care Shop, and not at M-PESA agents. The shops have an added layer of security that you cannot find at an M-PESA outlet. This, however, can be a challenge in case a Shop is far away from your home, and you likely need to replace a lost SIM card in a timely manner – but the added friction is actually the entire point because it makes it impossible for a wrong party to do a replacement without your knowledge. To set this feature up, dial *100#100#.
  6. Last year, the Communications Authority of Kenya compelled telcos to ensure that their customers’ information was properly documented. To this end, carriers encouraged their customers to do so, and this exercise was completed towards the end of 2022. At the same time, carriers such as Safaricom allowed customers to check which numbers had been registered with their IDs, and those that did not match their records could be reported. You can still do this to date by dialing *106#. From the menu, you can see numbers registered using your credentials, and those that do not match can be reported. Once investigated, Safaricom will then deactivate them. Why is this important? Well, because SIM card registration exercises were so lax before, and any diligent fraudster could use fake/stolen documents to register a SIM card for crime purposes. If that happens, then the police can trace the number to you, even if you have nothing to do with a reported crime.

According to Mutua Mutuku, an advocate and data compliance specialist, Kenyans need to be aware of how to protect themselves using several measures.

“Making strong passwords: create unique passwords rather than the cliché birthdays, your mother’s middle name, your best friend’s name, where you went to high school, and so on. These passwords should be a mix of lower and upper case letters, numbers, and symbols. In the connected world we are in, one should avoid oversharing by being cautious when publicizing your location, place of residence or job, birthday, or other sensitive information on social media. Hackers or fraudsters can use this information for social engineering purposes and gain access to your personal accounts,” says Mutua Mutuku.

Kenyans also need to remember that they can breach their own right to privacy through:

  1. Sharing of personal information online like your contact details, identification, etc.
  2. Use of devices that access online networks, such as phones, TVs, wearable devices, and computers.
  3. Registering your personal details in meetings or when getting into buildings or estates.
  4.  Loyalty cards at various places, such as supermarkets, airlines, hotels, and other hospitality areas.
  5. Information shared with the state such as passports, identity cards, birth certificates, and academic information.
  6. Being captured by closed-circuit television (CCTV).

Overall, Safaricom customers should be aware of the official social media handles and only engage with verified accounts. Scammers often create fake social media handles and ask for personal information. Also, customers should report fraudulent numbers by forwarding them to 333. SIM card replacement should only be done at a Safaricom Care Shop for added security. The CA further asked telcos were required to properly document customer information and that customers can check which numbers are registered with their ID by dialing *106#. Finally, report numbers that do not match your records to avoid being linked to a crime you didn’t commit.