The cyber scammers who hit Kenya’s headlines with their scheme to swap lines of unsuspecting mobile subscribers and withdraw money from their lines are still active in the crime, just that they changed tactics.
According to our undercover agents who have been following the scammers, the young men, some of who are in colleges now, have resorted to living in major towns for convenience as they have found new ways of stealing without being detected.
One method used by the scammers now is to buy or collect lost IDs which are in various M-Pesa agents, government offices and buildings countrywide. The ID cards are used to register a new line and attempts made to see if the user has a KCB or NIC bank account.
Even without the bank accounts, the KCB – MPESA feature on your Safaricom mobile line is an easy target as it’s clear how much loan limit a specific mobile phone subscriber has on his/her M-Pesa line.
The loan is borrowed and withdrawn immediately.
Most of the M-Pesa users will later find that they have been borrowing loans which they haven’t been aware of. Many users are now finding themselves being entered in Credit Reference Bureaus without having borrowed the amount in question.
The scam will now force Safaricom and the affected banks to put more measures to prevent theft through their platforms. Already, Safaricom’s Risk and Assurance department is looking at the new developments and might work with the police to make more arrests soon.
Previously, the Mulot SIM Swap scammers used insiders at the telecommunication companies to target users mobile money accounts after illegally swapping users’ main SIM cards.
With Kenyans transacting more than Ksh 2.5 Trillion through mobile phones in seven months, the platforms need to be scared as National Police Service now suspect that a network of international criminals is in Nairobi to exploit loopholes in this sector.
In 2018, KCB and Equity Bank were the most hit in cybercrime with the former reported to have lost close to Ksh 300 million in a short period. The attack on KCB forced the bank to block access to its mobile banking infrastructure as the criminals withdrew money using mobile apps after swapping SIMs of targets. Such withdrawals needed no ATM cards.
Our sources at CBK reveal that KCB has a show-cause letter over failure to protect its systems.