What to do when a thief hacks your phone and takes a mobile loan

Hooded cybercrime hacker using mobile phone with icon diagram features hacking into cyberspace. [Courtesy]

When Edgar Otieno was contacted by mobile service provider Safaricom informing him that he could not access Fuliza since he had an outstanding debt, he was stupefied.

Otieno was in a hard-up and things were not looking up financially at the time. He needed a quick save.

He decided to take a small Fuliza loan to sort his bills, but couldn’t access his Fuliza limit. Shockingly, Otieno had never taken a Fuliza loan a day in his life.

“I was called and told I have a Fuliza limit. I tried checking my Mpesa but it was inaccessible. I couldn’t complete the transaction,” he narrated.

He immediately knew something was wrong and contacted his service provider to find out. Otieno would later find that he had lost a sum total of Sh2,000 from his account.

“I was asked to visit Safaricom, which I did and they did a swim swap. I eventually regained control of my phone and money and changed my pin," he continued. 

Had he not checked his phone when he did, Otieno would have suffered bigger damage and fallen victim to a well-orchestrated mobile money theft, like thousands of other Kenyans.

This is the reality of many mobile phone users, who fall victim to theft, hacking and sim-swap fraud, where the culprit uses social engineering tools to mine critical personally identifiable information from a victim.

What to do when your phone is hacked

The Standard interviewed Odour Chumba, a System Security Analyst at the Kenya Power and Lighting Company (KPLC) who advised on what to do in case one is hacked.

“When you find yourself hacked and money taken from your devices, the first thing you need to do is disable your internet, because most accounts are hacked online,” Chumba said.

Chumba noted that at least 80 per cent of hackers are able to access devices online.

The security expert also advised that one needs to separate the sim card from the handset, [the sim card will connect the hacker to your mobile banking system.]

He also advised that phone users report the incident to the nearest police station immediately.

“I would advise anyone who has been hacked to perform the following with caution so as not to interfere with raw data…Report to the nearest police station and ensure the following details are put in order; any new or recent installation on your device, any sites visited, any calls received, and detail your subscriber number,” Chumba said.

Carlcare Services, a global brand providing service for communications equipment, IT, and consumer electronics also advises that when one notices unusual and suspicious activity on their devices, they should consider changing their phone passwords, and enabling the 2-factor authentication on devices.

Users are also advised to reset their phones if they sense that they are compromised.

How to avoid being hacked

Security expert Chumba says most people fall victims to hacking more than once, but there are ways to avoid it.

He strongly advised against the use of public Wi-Fi as it contributes to many cases of hacking.

“Most people use public Wi-Fi to access critical systems within their banking applications. You leave a lot of details including your mobile don’t know who is in the back end,” Chumba noted.

Other ways include; 

1. Avoid applications that require permission before installing.

2. Make use of an apps lock- These are applications that are able to lock critical systems in your phone. “What it does is give you a second and third level of control. These are available online and come with various mobile phone manufacturers.”

3. Check reviews of applications before installing.

4. Ensure your device is running an up-to-date software/android version- This comes with well-known vulnerabilities that have been identified.

5. Before you download an app, ensure you have looked at the number of downloads. Anything with less than 50,000 downloads cannot be trusted. [‘Not to say it is bad, but it could be dangerous, Chumba explained”]

The security expert also advised that one only downloads genuine applications.

The Standard reached out to mobile service provider Safaricom, with millions of users for a comment, but declined saying, “this is a criminal issue and not really in our alley, so our advise to customers is to report to the police first.”

However, in their data policy, Safaricom recommends that in order to avoid sim-swap fraud, “ensure your SIM card has an active SIM lock, use strong passwords and keep personal information off social media.”