Paul Kihara, a Nairobi resident was one evening driving home from work.

He received a call from a strange number informing him that his son had been injured while playing rugby, and that he needed to send Sh6,500 for an ambulance to rush him to the hospital.

Without hesitating, he quickly sent the money only to call his son later and find out that he was okay and was at a local mall with his friends. He had been conned.

Bruce Odhiambo, a Roysambu resident, on the other hand, received a call from someone claiming to be a Safaricom Customer care staff.

He was informed that his line had been double registered. To sort this, he was asked to provide some personal information.

Luckily, he never gave his details, and instead,  hang up on the the caller and quickly reached out to Safaricom customer care on the official number. He was told nothing of the sort had happened to his line.

It is then that he realised he narrowly escaped being swindled.

The two are just a a tiny fraction of people who have been conned or were fast enough to detect the con game before they fell prey.

These are some of the tricks used by fraudsters to defraud unsuspecting customers, according to Safaricom’s Head of Fraud, Patrick Kinoti. They target Mpesa and bank accounts.

They trick customers into giving their details which they then use to transact. Alternatively, they lure the customer into making the transaction, including keying in codes that enable completion of the transaction..

“Unsuspecting customers would key in the code they are given, sometimes from a second line they have told you to buy. By the time they realise, they have transferred money or the fraudsters are able to transact from the other end,” Kinoti explains.

According to Safaricom, there are at least 20,000 inbound requests going into its touchpoint a month.

At least 10 per cent of these customers fall victims to scammers mainly loss of money.

“Some customers have ended losing some substantial amount of money on the Mpesa channel or banks,” notes Kinoti.

This common trick is known as ‘identity theft’ which is one of the many forms of cybercrime.

Identity theft occurs when a fraudster impersonates you for their own gain using stolen information.

According to global cybersecurity firm–Kaspersky, Kenya is among African countries facing a possible increase in cybercrime this year, amid economic uncertainty occasioned by the Covid-19 pandemic.

Fraudsters contacting customers also use on-time campaigns such as promotions by companies, job vacancies, and government undertakings such as recruitments for disciplined forces.

“It depends on the situation happening around but the most common is when someone calls a customer pretending they are calling from Safaricom. They can also use other big organisations,” Kinoti notes.

Ideally what normally happens is they harvest information that is available in channels such as true caller, they check someone’s name, when they call, they call the individual by name as a way of creating trust,  says Kinoti.

“That is the first entry for fraudsters, to create trust. From there, they start asking for further information. This information is used to swap your line. They tend to make you do transactions,” he explains.


To curb this trend, Safaricom has put in place several measures among them a strong social engineering channel that tracks suspicious calls to customers.

It has tools that enable its team to check people calling other customers, pick the patterns, extract them and check the profile of the callers. Here, the fraudsters get blocked.

For swim swap, Mpesa has tamed the trend where for one to register, they need to have their identity cards and personal identification number (PIN). The company then checks the location where the number is being registered. If the line is on, the swap is declined.

“With these types of controls, we minimize fraud cases,” says Kinoti, who notes that in a month, the company gets around 150 cases of swap.

It also has a back-end tool that checks mobile banking transactions, where working with the respective bank, it is able to stop fraudulent activities.

Working closely with the DCI, the company has seen fraudsters arrested with about 250 cases currently in court, including individuals caught stealing from agents.

To deal with cybercrime as a whole, Safaricom has put in place a team that works around the clock, monitoring its perimeter for potential attacks.


To help customers avert fraudsters, the company which pioneered commercial mobile money transfer globally, through Mpesa, has been running a series of awareness campaigns on mainstream and social media.

This is to ensure its more than 22.6 million active customers locally and over 167,000 Mpesa Agent outlets countrywide are safe.

Mpesa is the largest payments platform on the African continent, with about 40 million users, processing over a billion transactions every month.

It is operational in Kenya, Tanzania, Lesotho, Democratic Republic of Congo, Ghana, Mozambique and Egypt with continued expansion.

“What we are trying to do is give the customers tools and information to protect themselves. We are telling them how fraud happens and every time they are targeted, how they need to respond and report to help us take action,” says Kinoti.

He urges customers not to be in a hurry to give their personal details.

“Stop. Think..before you act. This way, you can avoid up to 98 per cent of fraud cases,” he cautions.

By The Star Kenya