The budding organised crime of online fraud and sim-swapping has exposed weak security measures by financial institutions and telcos that are consistently being breached by hackers who in turn drain depositors money to the last coin.
Equity, NCBA and Absa banks are among the worst hit institutions going by the latest reported cases.
Scams reported to police involving identity theft or the loss of personal banking information have cost Kenyans over millions of shillings this year and this figure is likely to be just the tip of the iceberg.
Scammers can empty victims’ bank accounts, take out tens of thousands in bank loans under victims’ names, and purchase expensive things under ‘no-repayments for 12 months’ schemes.
Lost personal information also leaves victims more susceptible to future scams.
They use the victim’s personal information who seem more convincing in cold calls.
The latest scenario Farah Bashir is still coming to terms with how thieves emptied out his bank accounts with Sh2.6 million from his four Absa Bank accounts in a series of operations that left him helpless.
He described how, in just two days after he arrived in Johannesburg for a two-week assignment in between February 7 and February 9.
On February 5, Bashir, 58, a medical lab expert, arrived in Johannesburg, he later on received calls from his family and friends shortly after, informing him that some people were hunting for him.
Everything was fine until he received an alarming SMS from Safaricom at 5.43 p.m. on February 7, the text notified him that the company had received a Sim Card exchange request and that he should disregard the communication if he had not initiated it.
Bashir had received nearly ten such messages an hour later, thus he contacted Safaricom Customer Care via Twitter, but was told to disregard the post because the requests were not initiated by him.
On Twitter, he contacted Safaricom Customer Care, who requested his personal information, including his ID and phone numbers.
The system refused him when he launched the Absa app and used his fingerprint to unlock it as normal.
He was unable to gain access to the account. He used his laptop to log on to his account via the internet at 11:51 p.m. He was startled by what he saw.
His Kenyan currency account which held Sh335,000, had already been depleted by a withdrawal of Sh150,000.
As he watched helplessly on his laptop, another Sh150,000 was withdrawn before he could gather his wits. It was given Sh35,000 to work with.
That did not improve matters, as another Sh34,000 was taken out of his account, completely emptying it. But that was only the start of his problems.
His dollar account, which had US$17,451 in it, was robbed by the thieves (about Sh2 million). On February 8, it was a few minutes after midnight.
The hackers first took US$936, then US$4,680, US$3,650, US$4,680, US$936, US$1,872, US$561, US$121, US$9.36, and lastly US$4.68, leaving US$0.12 in the account.
They transferred the entire sum to a Pesa Link account and took it out. The thieves then went after his Sterling Pound account, withdrawing UK£225 before clearing his Sh231,000 credit card amount.
“From the above sequence of events, we have established that there was no compromise to the security/password integrity in your account on the part of the bank.
Kindly note the credentials are only known to the customer. In addition, where a password is compromised, you are under a duty to inform us immediately so that we may take appropriate action to secure your account.
Based on this, the bank is not liable for the net loss of Sh1,515,715.00 from your account,” the bank said.
Despite denying any wrongdoing, the bank stated that the matter had been referred to the Banking Fraud Investigations Department for further inquiry.
The Sim switch took place at 11:31pm on February 7 at a Safaricom agent shop in Kasarani, and at least 15 different mobile numbers were used to transfer the money to other bank accounts, according to private investigators.
A week ago Anthony Mugo, 57, discovered that someone unknown to him had transacted more than Sh2.7 million using a Sim card associated with his identity card over the previous six months.
Mugo stepped into the Kilimani Branch of Equity Bank on April 25 looking for a loan, only to be told he couldn’t acquire one because he had been adversely categorised by a credit reference bureau (CRB) as a defaulter. He had not applied for a loan and was unaware of this.
Dismayed, he contacted a CRB agent over WhatsApp at 10:27am the next day during a conversation that lasted until 11:10am, only for Mugo to learn that he had defaulted on a Sh6,742 loan granted via Fuliza (a credit facility offered by M-pesa to clients with insufficient funds to complete a transaction).
“You are listed because of a loan default with NCBA Bank… For you to be delisted, you have to make a complete payment plus a Sh2,200 clearance fee. That is 6743+2,200,” the response stated.
The CRB agent saw something was wrong and informed Mugo that the loan had been wiped off due to a mistake.
“All you have to do now is pay a Sh2,200 clearance fee,” the agent said. Mugo decided not to pay the fee.
A few hours later, he was at the Junction Mall branch of NCBA Bank on Ngong Road. He, however, did not manage to have his name cleared. “I was told to contact Safaricom.
In December, Safaricom cleared all the other numbers that had been linked to my ID and after checking using the USSD code *106#, it was clear that only my current line remained in the system,” Mugo said.
There's no story that cannot be told. We cover the stories that others don't want to be told, we bring you all the news you need. If you have tips, exposes or any story you need to be told bluntly and all queries write to us [email protected] also find us on Telegram