Gullible buyers fall prey to crooks on digital platforms

Florence Joy, 24, was drawn by the affordable prices of mobile phones on an Instagram page.

She had been saving for months to buy the Samsung A50 when she stumbled upon a page on Instagram selling the device at Sh27,000, she jumped at the offer.

“The page had a huge following and there were testimonials to the good service they had received so I never doubted,” Joy said about the Instagram page @gadgetcity.ke.

“We messaged for a while as I haggled over the price and the seller told me to secure the phone I had to pay 80 per cent up front and 20 per cent on delivery,” she said.

On October 22, excited at the prospect of owning a new mobile phone she sent Sh20,000 to a mobile number she had been given.

“He said his shop was in Lavington, Nairobi, and needed 30 minutes to deliver the phone,” she said.

But the wait turned into hours before it dawned on her that she had been conned.

“When I called his phone I couldn’t get through but when I used a different number he picked up and on realising it was me he hanged up,” she said.

Florence is among millions of Kenyans whose joy at the convenience of online shopping has turned to losses.

A month later after reporting the case to the police the culprit has not been apprehended.

The Saturday Standard has found three other complaints against the same vendor. In fact, the Instagram account has been disabled.

Last week, the Directorate of Criminal Investigations (DCI) issued a statement cautioning the public against online transactions.

“Following overwhelming reports of online fraud to our DCI offices across the country, we wish to caution the public against engaging in online transactions with companies, agencies or individuals they have no credible information about, to avoid putting at stake their hard-earned money,” reads the DCI statement.

Despite awareness campaigns about online and mobile scams, Kenyans continue to fall victim to cons.

DCI cites fraudulent schemes involving online cash trades (forex exchange), online car hire services, online job recruitment groups, online product vendors and fraudsters posing as service providers who inform customers of possible security breaches to their bank and MPesa accounts before using their details to steal money.

Online fraud schemes have become rampant and involve tech savvy and organised criminal enterprises, sometimes involving employees of banks and telecommunication companies.

The fraudsters pose as service providers of telecommunication companies.

A user will receive a call from a number purporting to be from the service provider, informing them that their number has been registered twice.

Read it out

Should you affirm that you are the owner of the number, the caller will inform you that a code will be sent to your phone. Once you put the code in your phone the cons can access your details and use this to swindle you of money.

A Twitter user, @itsMugambi said, the cons take advantage of the SMS that is sent from Safaricom’s official number to swindle targets.

“The same line that sends you Stori Ibambe updates and acknowledges your airtime reloads and stuff. It looks above board if you don’t notice the WebSelfcare part of the text,” @itsMugambi said in September.

Once the target has received the SMS, the caller will ask them to read it out to them and at that point they will have access to the phone data.

“The caller confirms that you’re indeed the owner of your line and asks you to turn off your phone briefly so they can restore the line back to you, and delete the duplicate,” he explained.

Once the phone is off, they (fraudsters) contact Safaricom and duplicate your SIM.

“When you turn your phone on, your SIM is locked and you can’t access your line until you report it. Meanwhile, the con is now frantically sending texts asking your contacts for money,” he said.

Mobile service providers have cautioned customers against disclosing their PIN.

“Since it is hard for scams to infiltrate the M-Pesa system, they opt for non-technical methods, or social engineering, as it is popularly known. This involves tricking unsuspecting people into breaking normal security procedures and finally manipulating them into among other things, revealing M-Pesa PIN or withdrawing from ATMs remotely,” Safaricom says in a post on its website educating its customers on how to deal with fraudsters.

To beat the cons, Safaricom is pushing for biometric system dubbed Jitambulishe that identifies a customer by their voice.

The campaign thus goes: Jitambulishe is “your voice is your password” and nobody can impersonate you.

The company is also asking customers to report fraudulent cases free of charge through SMS to 333 – include the telephone number which initiated the fraudulent request.

Besides mobile carriers, bank customers are also target of fraud where cons use unofficial numbers claiming to be sending messages on behalf of the bank.

A common message the fraudsters have sent to mobile subscribers is alerting them that their ‘account has been blocked or linked to another account’ or ‘Account has been suspended due to wrong KRA Pin’ thus creating panic and wprompting the account owner to volunteer sensitive information that will compromise the account.

The DCI admitted on Tuesday that pursuit of cyber criminals was a lengthy procedure calling for Cyber-Forensic Interventions.

“Mostly because perpetrators use different social media platforms/SIM cards to contact different people after which they block & delete their accounts upon successful transactions,” the DCI said.

“In this regard, we urge the public to immediately report to the nearest police stations any time they lose their ID cards, SIM cards/mobile phones and laptops, personal documents including academic testimonials and driving licenses, and to obtain abstract.”