Mobile phones in Kenya are like bank accounts – some people keep all their savings on their phone – and fraudsters are trying to hack into them to steal the money.
Sammy Wanaina received a text message on Sunday asking him to provide the secret personal code so that his Sim card could be swapped.
He was confused, he had not asked for a new card – and just moments earlier he had terminated a call that he now realised must have been from a fraudster who had posed as a customer services adviser from the phone company.
“It was a brief call and I did not give any of my details,” Mr Wanaina told the BBC.
He immediately contacted Safaricom, his mobile provider, to report that he suspected that there was an ongoing attempted fraud on his number.
Despite not giving out his details – and reporting the fraud to Safaricom – he completely lost access to his number and only getting back control after three days.
He tweeted that the whole experience had scared him.
Mr Wanaina says Safaricom contacted him after his complaint and issued him with a new Sim card as a precaution – without giving further details about how he lost access to his number.
The company tweeted him to say it was “committed to safeguarding customer information and… that we will follow up this matter to its conclusion”.
‘I lost $18,000’
His story prompted others to share their experiences – many of whom had lost money in the scam.
Politician Stanley Wanjiku revealed that he had been trapped by the fraudsters, losing $18.000 (£14,000).
He told the Daily Nation newspaper that his trouble started after he received a notification that he could not access his mobile wallet and had to call a certain number to reset it – which he did.
He later learned that his Pin number has been replaced and a new one regenerated, so he could not get access to his money. The paper did not say which service he had his account.
“I do not know how my mobile money Pin was regenerated and issued to strangers. I am at a loss how they identified themselves,” Mr Wanjiku said, adding that a bank account not linked to his mobile phone was also hacked.
People tend to have several Sim cards from different companies – as they have different coverage and deals. This means Sim cards do get damaged, so it’s not unusual for customers to want to replace them.
Kenya has the highest number of users of mobile money in the world, a major reason why the recent Sim card fraud has caused such public alarm.
Almost half of its 47 million population use the dominant M-Pesa platform to pay for services and conduct businesses.
Through partnerships, phone companies have also managed to integrate mobile money services with banks, allowing customers to seamlessly move money back and forth.
William Makatiani, from the cyber-security consulting firm Serianu, told the Daily Nation that the scam to hack into mobile phones is becoming more common.
“Sim swapping has become a big problem, especially in Nigeria since 2016. It started picking up in Kenya in the last half of last year,” he was quoted as saying.
How to protect yourself
It is not clear how exactly the scam is working, but this week the Communication Authority of Kenya, the body that regulates the mobile phone industry, told users to be on their guard:
Never give out personal information
Don’t give out your Pin number
Delete requests for financial information or passwords
Be suspicious of unsolicited messages.
Safaricom also urged customers to safeguard their passwords, dates of birth and national identity numbers.
It also said that subscribers should be aware of its official customer care number so as not to be duped by those trying to get access to their account.