Sim card swap: How Farah Bashir lost Sh2.6m to fraudsters in hours
Morning Listers, In the news today: Farah Bashir is yet to come to terms with how his bank accounts were wiped clean by fraudsters, barely two days after he had landed in Johannesburg for a two-week assignment in February. He painfully recounted how he watched helplessly as Sh2.6 million was withdrawn by hackers in several transactions from his four different Absa Bank accounts between February 7 and February 9. Read more: https://nation.africa/kenya/news/sim-card-swap-how-farah-bashir-lost-sh2-6m-... SIM Card fraud has been in the bees lately. The sums lost are pretty high. I bet there are many sad tales from individuals who've lost collasal amounts due to sim swap fraud. How come we're not able to contain this crimes? I wonder who's the weakest link here that needs to pull up their socks? It's really a big threat to our digital economy if we can't address this growing menace. Happy to hear your thoughts on this. Regards, Victor
Thank you for this article, Victor. This is quite frightening because prepaid customers on Safaricom cannot call 100 and get served by an agent (that was my experience which made me migrate back to postpaid). If the gentleman in this article acted as quickly as he possibly could and reached out to Safaricom on Twitter yet did not get the help he needed then something is terribly wrong with that online reporting system. I've noticed that when customer service agents respond on social media they respond based on their own perceptions and not what the client tells them. This isn't always the case and I'm not referring to Safaricom alone. As a random example I reported not having received my electricity bill to Kanya Power on Twitter. Instead of sending me my estimate, one of the agents asked for the nearest marker to my place so they could send technical support. Another problem is when you call to report fraud with your bank then they start asking you questions which feel irrelevant at the time. I once thought my card had been hacked so when I called to report it they asked me some silly questions. I don't remember what they were but I do remember being pissed and having to contain myself under the pressure. There needs to be a tightening of customer service particularly with respect to online fraud reporting. I don't know what other pieces need to be fixed. This is where my personal beef is. Deborah On Mon, May 30, 2022, 10:14 Victor Kapiyo via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Morning Listers,
In the news today:
Farah Bashir is yet to come to terms with how his bank accounts were wiped clean by fraudsters, barely two days after he had landed in Johannesburg for a two-week assignment in February.
He painfully recounted how he watched helplessly as Sh2.6 million was withdrawn by hackers in several transactions from his four different Absa Bank accounts between February 7 and February 9.
Read more: https://nation.africa/kenya/news/sim-card-swap-how-farah-bashir-lost-sh2-6m-...
SIM Card fraud has been in the bees lately. The sums lost are pretty high. I bet there are many sad tales from individuals who've lost collasal amounts due to sim swap fraud.
How come we're not able to contain this crimes? I wonder who's the weakest link here that needs to pull up their socks? It's really a big threat to our digital economy if we can't address this growing menace.
Happy to hear your thoughts on this.
Regards,
Victor
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/deborah.wanjugu%40gmai...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
Dear Listers, These cases are emerging at an alarming rate. Indeed, the Kenya Bankers Association says consumer education will play a central role in addressing emerging security challenges. The association cites cases of phishing emails, and malware attacks, to have scaled up in tandem with the enhanced uptake of internet and mobile transaction platforms. “A study paper on human-centered cybersecurity: Kenyan Fintech sector,” prepared by KICTANet, in collaboration with Trust4Cyber Flagship Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH, says emerging threats in Kenya are organized crime, exporting cybercriminals to the East African region. https://bit.ly/3vBc5SA *Kind Regards,* *David Indeje *_____________________________________ +254 (0) 711 385 945 | +254 (0) 734 024 856 <https://www.linkedin.com/in/david-indeje/>
Thank you Victor for the article. I have seen the discussion in one of the WhatsApp groups I am in. To avoid SIM Swaps and MPESA-related frauds you can dial *100*100# to blacklist your line from being replaced at MPESA Agents but only Safaricom Shops. At Safaricom Shops you must go in person and present your original ID for replacement/SIM Swap. Cyrus Kithuva 0713840154 On Mon, 30 May 2022 at 11:00, David Indeje via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Dear Listers,
These cases are emerging at an alarming rate. Indeed, the Kenya Bankers Association says consumer education will play a central role in addressing emerging security challenges. The association cites cases of phishing emails, and malware attacks, to have scaled up in tandem with the enhanced uptake of internet and mobile transaction platforms.
“A study paper on human-centered cybersecurity: Kenyan Fintech sector,” prepared by KICTANet, in collaboration with Trust4Cyber Flagship Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH, says emerging threats in Kenya are organized crime, exporting cybercriminals to the East African region. https://bit.ly/3vBc5SA
*Kind Regards,*
*David Indeje *_____________________________________ +254 (0) 711 385 945 | +254 (0) 734 024 856 <https://www.linkedin.com/in/david-indeje/> _______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/cyruskithuva2012%40gma...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
Good afternoon, The Kenya Bankers Association and the Telcos are conveniently avoiding the evidence that most of these frauds involve insiders Without dealing with the insider threats in the banks and telcos the frauds will continue At the moment they have just identified the sim swap vulnerabilities (actually some of the international banks have made 2FA mandatory and are using Authentication apps that are not based on your sim) Regards, Consultant ICT4D <https://advisera.com/27001academy/#a_aid=621f58ced9bb1&a_bid=f79f3b0b> Quality Management Systems <https://advisera.com/27001academy/#a_aid=621f58ced9bb1&a_bid=f79f3b0b> Information Security Management Systems From: KICTANet <kictanet-bounces+awatila=gmail.com@lists.kictanet.or.ke> On Behalf Of David Indeje via KICTANet Sent: Monday, May 30, 2022 10:59 AM To: Alex Watila <awatila@gmail.com> Cc: David Indeje <davidindeje@gmail.com> Subject: Re: [kictanet] Sim card swap: How Farah Bashir lost Sh2.6m to fraudsters in hours Dear Listers, These cases are emerging at an alarming rate. Indeed, the Kenya Bankers Association says consumer education will play a central role in addressing emerging security challenges. The association cites cases of phishing emails, and malware attacks, to have scaled up in tandem with the enhanced uptake of internet and mobile transaction platforms. “A study paper on human-centered cybersecurity: Kenyan Fintech sector,” prepared by KICTANet, in collaboration with Trust4Cyber Flagship Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH, says emerging threats in Kenya are organized crime, exporting cybercriminals to the East African region. https://bit.ly/3vBc5SA Kind Regards, David Indeje _____________________________________ <https://cytonn.sheerhr.com/signature/icon/ico-phone.png> +254 (0) 711 385 945 | +254 (0) 734 024 856 <https://ci3.googleusercontent.com/mail-sig/AIorK4yBYq8CO3z4CMJjF8wcqHAMa3I57BvTkJ89uqP8lK9i8j6o7YiJQnjTC4eelqPvOYUff1aNqzI> <https://www.linkedin.com/in/david-indeje/>
You hit the nail on the head. Most good accounts have relationship Managers. I doubt they would just sit there and watch a fat account being decimated. Regards On Mon, 30 May 2022, 5:05 pm Alex Watila via KICTANet, < kictanet@lists.kictanet.or.ke> wrote:
Good afternoon,
The Kenya Bankers Association and the Telcos are conveniently avoiding the evidence that most of these frauds involve insiders
Without dealing with the insider threats in the banks and telcos the frauds will continue
At the moment they have just identified the sim swap vulnerabilities (actually some of the international banks have made 2FA mandatory and are using Authentication apps that are not based on your sim)
Regards,
Consultant
ICT4D
*Quality Management Systems <https://advisera.com/27001academy/#a_aid=621f58ced9bb1&a_bid=f79f3b0b> *
*Information Security Management Systems <https://advisera.com/27001academy/#a_aid=621f58ced9bb1&a_bid=f79f3b0b>*
*From:* KICTANet <kictanet-bounces+awatila=gmail.com@lists.kictanet.or.ke> *On Behalf Of *David Indeje via KICTANet *Sent:* Monday, May 30, 2022 10:59 AM *To:* Alex Watila <awatila@gmail.com> *Cc:* David Indeje <davidindeje@gmail.com> *Subject:* Re: [kictanet] Sim card swap: How Farah Bashir lost Sh2.6m to fraudsters in hours
Dear Listers,
These cases are emerging at an alarming rate. Indeed, the Kenya Bankers Association says consumer education will play a central role in addressing emerging security challenges. The association cites cases of phishing emails, and malware attacks, to have scaled up in tandem with the enhanced uptake of internet and mobile transaction platforms.
“A study paper on human-centered cybersecurity: Kenyan Fintech sector,” prepared by KICTANet, in collaboration with Trust4Cyber Flagship Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH, says emerging threats in Kenya are organized crime, exporting cybercriminals to the East African region. https://bit.ly/3vBc5SA
*Kind Regards,*
*David Indeje *_____________________________________
+254 (0) 711 385 945 | +254 (0) 734 024 856
<https://www.linkedin.com/in/david-indeje/> _______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
I see this link doing rounds on WhatsApp. How valid is it? https://techweez.com/2022/05/30/stop-sim-replacement-at-mpesa-agent/ On Mon, 30 May 2022 at 13:32, Barrack Otieno via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
You hit the nail on the head. Most good accounts have relationship Managers. I doubt they would just sit there and watch a fat account being decimated.
Regards
On Mon, 30 May 2022, 5:05 pm Alex Watila via KICTANet, < kictanet@lists.kictanet.or.ke> wrote:
Good afternoon,
The Kenya Bankers Association and the Telcos are conveniently avoiding the evidence that most of these frauds involve insiders
Without dealing with the insider threats in the banks and telcos the frauds will continue
At the moment they have just identified the sim swap vulnerabilities (actually some of the international banks have made 2FA mandatory and are using Authentication apps that are not based on your sim)
Regards,
Consultant
ICT4D
*Quality Management Systems <https://advisera.com/27001academy/#a_aid=621f58ced9bb1&a_bid=f79f3b0b> *
*Information Security Management Systems <https://advisera.com/27001academy/#a_aid=621f58ced9bb1&a_bid=f79f3b0b>*
*From:* KICTANet <kictanet-bounces+awatila=gmail.com@lists.kictanet.or.ke> *On Behalf Of *David Indeje via KICTANet *Sent:* Monday, May 30, 2022 10:59 AM *To:* Alex Watila <awatila@gmail.com> *Cc:* David Indeje <davidindeje@gmail.com> *Subject:* Re: [kictanet] Sim card swap: How Farah Bashir lost Sh2.6m to fraudsters in hours
Dear Listers,
These cases are emerging at an alarming rate. Indeed, the Kenya Bankers Association says consumer education will play a central role in addressing emerging security challenges. The association cites cases of phishing emails, and malware attacks, to have scaled up in tandem with the enhanced uptake of internet and mobile transaction platforms.
“A study paper on human-centered cybersecurity: Kenyan Fintech sector,” prepared by KICTANet, in collaboration with Trust4Cyber Flagship Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH, says emerging threats in Kenya are organized crime, exporting cybercriminals to the East African region. https://bit.ly/3vBc5SA
*Kind Regards,*
*David Indeje *_____________________________________
+254 (0) 711 385 945 | +254 (0) 734 024 856
<https://www.linkedin.com/in/david-indeje/> _______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/bkisia%40gmail.com
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
The *100*100# is a recent feature for Safaricom prepaid users introduced a few weeks ago. Apparently, postpaid users have the feature activated by default. Anyone with an idea of what happens on Airtel and Telkom? Victor On Mon, 30 May 2022, 20:58 Bradley Kisia via KICTANet, < kictanet@lists.kictanet.or.ke> wrote:
I see this link doing rounds on WhatsApp. How valid is it? https://techweez.com/2022/05/30/stop-sim-replacement-at-mpesa-agent/
On Mon, 30 May 2022 at 13:32, Barrack Otieno via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
You hit the nail on the head. Most good accounts have relationship Managers. I doubt they would just sit there and watch a fat account being decimated.
Regards
On Mon, 30 May 2022, 5:05 pm Alex Watila via KICTANet, < kictanet@lists.kictanet.or.ke> wrote:
Good afternoon,
The Kenya Bankers Association and the Telcos are conveniently avoiding the evidence that most of these frauds involve insiders
Without dealing with the insider threats in the banks and telcos the frauds will continue
At the moment they have just identified the sim swap vulnerabilities (actually some of the international banks have made 2FA mandatory and are using Authentication apps that are not based on your sim)
Regards,
Consultant
ICT4D
*Quality Management Systems <https://advisera.com/27001academy/#a_aid=621f58ced9bb1&a_bid=f79f3b0b> *
*Information Security Management Systems <https://advisera.com/27001academy/#a_aid=621f58ced9bb1&a_bid=f79f3b0b>*
*From:* KICTANet <kictanet-bounces+awatila= gmail.com@lists.kictanet.or.ke> *On Behalf Of *David Indeje via KICTANet *Sent:* Monday, May 30, 2022 10:59 AM *To:* Alex Watila <awatila@gmail.com> *Cc:* David Indeje <davidindeje@gmail.com> *Subject:* Re: [kictanet] Sim card swap: How Farah Bashir lost Sh2.6m to fraudsters in hours
Dear Listers,
These cases are emerging at an alarming rate. Indeed, the Kenya Bankers Association says consumer education will play a central role in addressing emerging security challenges. The association cites cases of phishing emails, and malware attacks, to have scaled up in tandem with the enhanced uptake of internet and mobile transaction platforms.
“A study paper on human-centered cybersecurity: Kenyan Fintech sector,” prepared by KICTANet, in collaboration with Trust4Cyber Flagship Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH, says emerging threats in Kenya are organized crime, exporting cybercriminals to the East African region. https://bit.ly/3vBc5SA
*Kind Regards,*
*David Indeje *_____________________________________
+254 (0) 711 385 945 | +254 (0) 734 024 856
<https://www.linkedin.com/in/david-indeje/> _______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/bkisia%40gmail.com
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/vkapiyo%40gmail.com
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
The messaging from Safaricom is a bit confusing. On the FAQ below it asks:- *When should I whitelist my line?*- When you receive the below notification of an attempted SIM swap on your line that you did not initiate. ‘Dear customer, we have received your SIM SWAP request. If you are not aware of this, kindly dial *100*100# immediately to stop the swap. Thank you.’ See the link below:- https://www.safaricom.co.ke/faqs/faq/857 But then I have a question:- Can we whitelist NOW without waiting for someone to try Sim Swapping OR we can only do it when someone IS trying to Sim Swap our phones? Regards *Ali Hussein* Fintech | Digital Transformation Tel: +254 713 601113 Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim <http://ke.linkedin.com/in/alihkassim> Any information of a personal nature expressed in this email are purely mine and do not necessarily reflect the official positions of the organizations that I work with. On Mon, May 30, 2022 at 9:19 PM Victor Kapiyo via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
The *100*100# is a recent feature for Safaricom prepaid users introduced a few weeks ago. Apparently, postpaid users have the feature activated by default.
Anyone with an idea of what happens on Airtel and Telkom?
Victor
On Mon, 30 May 2022, 20:58 Bradley Kisia via KICTANet, < kictanet@lists.kictanet.or.ke> wrote:
I see this link doing rounds on WhatsApp. How valid is it? https://techweez.com/2022/05/30/stop-sim-replacement-at-mpesa-agent/
On Mon, 30 May 2022 at 13:32, Barrack Otieno via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
You hit the nail on the head. Most good accounts have relationship Managers. I doubt they would just sit there and watch a fat account being decimated.
Regards
On Mon, 30 May 2022, 5:05 pm Alex Watila via KICTANet, < kictanet@lists.kictanet.or.ke> wrote:
Good afternoon,
The Kenya Bankers Association and the Telcos are conveniently avoiding the evidence that most of these frauds involve insiders
Without dealing with the insider threats in the banks and telcos the frauds will continue
At the moment they have just identified the sim swap vulnerabilities (actually some of the international banks have made 2FA mandatory and are using Authentication apps that are not based on your sim)
Regards,
Consultant
ICT4D
*Quality Management Systems <https://advisera.com/27001academy/#a_aid=621f58ced9bb1&a_bid=f79f3b0b> *
*Information Security Management Systems <https://advisera.com/27001academy/#a_aid=621f58ced9bb1&a_bid=f79f3b0b>*
*From:* KICTANet <kictanet-bounces+awatila= gmail.com@lists.kictanet.or.ke> *On Behalf Of *David Indeje via KICTANet *Sent:* Monday, May 30, 2022 10:59 AM *To:* Alex Watila <awatila@gmail.com> *Cc:* David Indeje <davidindeje@gmail.com> *Subject:* Re: [kictanet] Sim card swap: How Farah Bashir lost Sh2.6m to fraudsters in hours
Dear Listers,
These cases are emerging at an alarming rate. Indeed, the Kenya Bankers Association says consumer education will play a central role in addressing emerging security challenges. The association cites cases of phishing emails, and malware attacks, to have scaled up in tandem with the enhanced uptake of internet and mobile transaction platforms.
“A study paper on human-centered cybersecurity: Kenyan Fintech sector,” prepared by KICTANet, in collaboration with Trust4Cyber Flagship Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH, says emerging threats in Kenya are organized crime, exporting cybercriminals to the East African region. https://bit.ly/3vBc5SA
*Kind Regards,*
*David Indeje *_____________________________________
+254 (0) 711 385 945 | +254 (0) 734 024 856
<https://www.linkedin.com/in/david-indeje/> _______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/bkisia%40gmail.com
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/vkapiyo%40gmail.com
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
Before we all panic, it is important to dissect the problem here from all sides. My cousin, a teacher lost Ksh. 57,000 from his bank account. When he called me for help, I asked him many questions. It occurred to me that he had inadvertently given out his data to some unknown people disguising themselves as sales reps marketing a new offer from a competing telecommunications operator. In my view, we need to do the following: take the digital literacy program very seriously, sensitize citizens around data protection laws and leverage artificial intelligence (voice recognition for security purposes) for any withdrawal, especially among the very vulnerable in society. Institutions like Kenya Power and Lighting Company (virtually every week I receive a fake call from "KPLC") should devise more secure ways of dealing with customers in the digital era. Since most of the fraud is largely an inside job, much of the backend work should be automated. Ndemo On Mon, May 30, 2022 at 10:42 AM Deborah Wanjugu via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Thank you for this article, Victor.
This is quite frightening because prepaid customers on Safaricom cannot call 100 and get served by an agent (that was my experience which made me migrate back to postpaid).
If the gentleman in this article acted as quickly as he possibly could and reached out to Safaricom on Twitter yet did not get the help he needed then something is terribly wrong with that online reporting system.
I've noticed that when customer service agents respond on social media they respond based on their own perceptions and not what the client tells them. This isn't always the case and I'm not referring to Safaricom alone. As a random example I reported not having received my electricity bill to Kanya Power on Twitter. Instead of sending me my estimate, one of the agents asked for the nearest marker to my place so they could send technical support.
Another problem is when you call to report fraud with your bank then they start asking you questions which feel irrelevant at the time. I once thought my card had been hacked so when I called to report it they asked me some silly questions. I don't remember what they were but I do remember being pissed and having to contain myself under the pressure.
There needs to be a tightening of customer service particularly with respect to online fraud reporting.
I don't know what other pieces need to be fixed. This is where my personal beef is.
Deborah
On Mon, May 30, 2022, 10:14 Victor Kapiyo via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Morning Listers,
In the news today:
Farah Bashir is yet to come to terms with how his bank accounts were wiped clean by fraudsters, barely two days after he had landed in Johannesburg for a two-week assignment in February.
He painfully recounted how he watched helplessly as Sh2.6 million was withdrawn by hackers in several transactions from his four different Absa Bank accounts between February 7 and February 9.
Read more: https://nation.africa/kenya/news/sim-card-swap-how-farah-bashir-lost-sh2-6m-...
SIM Card fraud has been in the bees lately. The sums lost are pretty high. I bet there are many sad tales from individuals who've lost collasal amounts due to sim swap fraud.
How come we're not able to contain this crimes? I wonder who's the weakest link here that needs to pull up their socks? It's really a big threat to our digital economy if we can't address this growing menace.
Happy to hear your thoughts on this.
Regards,
Victor
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/deborah.wanjugu%40gmai...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/bndemo%40bitangendemo....
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
Goodmorning Daktari, I am in agreement. Most of these attacks are purely Social Engineering moves and indeed they are on the rise and very persistent. We need to step up Consumer awareness and digital literacy, the fraudsters are evolving daily and becoming too sophisticated. Consumers should be encouraged to tighten their security. Two Factor Authentication is a good start. There is need for an evaluation on whether it is adequate, but Consumer Awareness which is believe is in CA's purview and Digital Literacy are key. Regards On Mon, May 30, 2022 at 11:20 AM Bitange Ndemo via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Before we all panic, it is important to dissect the problem here from all sides. My cousin, a teacher lost Ksh. 57,000 from his bank account. When he called me for help, I asked him many questions. It occurred to me that he had inadvertently given out his data to some unknown people disguising themselves as sales reps marketing a new offer from a competing telecommunications operator. In my view, we need to do the following: take the digital literacy program very seriously, sensitize citizens around data protection laws and leverage artificial intelligence (voice recognition for security purposes) for any withdrawal, especially among the very vulnerable in society. Institutions like Kenya Power and Lighting Company (virtually every week I receive a fake call from "KPLC") should devise more secure ways of dealing with customers in the digital era. Since most of the fraud is largely an inside job, much of the backend work should be automated.
Ndemo
On Mon, May 30, 2022 at 10:42 AM Deborah Wanjugu via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Thank you for this article, Victor.
This is quite frightening because prepaid customers on Safaricom cannot call 100 and get served by an agent (that was my experience which made me migrate back to postpaid).
If the gentleman in this article acted as quickly as he possibly could and reached out to Safaricom on Twitter yet did not get the help he needed then something is terribly wrong with that online reporting system.
I've noticed that when customer service agents respond on social media they respond based on their own perceptions and not what the client tells them. This isn't always the case and I'm not referring to Safaricom alone. As a random example I reported not having received my electricity bill to Kanya Power on Twitter. Instead of sending me my estimate, one of the agents asked for the nearest marker to my place so they could send technical support.
Another problem is when you call to report fraud with your bank then they start asking you questions which feel irrelevant at the time. I once thought my card had been hacked so when I called to report it they asked me some silly questions. I don't remember what they were but I do remember being pissed and having to contain myself under the pressure.
There needs to be a tightening of customer service particularly with respect to online fraud reporting.
I don't know what other pieces need to be fixed. This is where my personal beef is.
Deborah
On Mon, May 30, 2022, 10:14 Victor Kapiyo via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Morning Listers,
In the news today:
Farah Bashir is yet to come to terms with how his bank accounts were wiped clean by fraudsters, barely two days after he had landed in Johannesburg for a two-week assignment in February.
He painfully recounted how he watched helplessly as Sh2.6 million was withdrawn by hackers in several transactions from his four different Absa Bank accounts between February 7 and February 9.
Read more: https://nation.africa/kenya/news/sim-card-swap-how-farah-bashir-lost-sh2-6m-...
SIM Card fraud has been in the bees lately. The sums lost are pretty high. I bet there are many sad tales from individuals who've lost collasal amounts due to sim swap fraud.
How come we're not able to contain this crimes? I wonder who's the weakest link here that needs to pull up their socks? It's really a big threat to our digital economy if we can't address this growing menace.
Happy to hear your thoughts on this.
Regards,
Victor
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/deborah.wanjugu%40gmai...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/bndemo%40bitangendemo....
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
-- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
I have reported several of the spam callers to Safaricom; I don’t know if they just block the numbers, or if they actually report to DCI and allow investigation and prosecution. If no-one gets prosecuted then this is a no-risk business model. If people get prosecuted then at least there is some risk/cost that must be considered compared to the potential revenue the scammers get… From: KICTANet [mailto:kictanet-bounces+adam.lane=huawei.com@lists.kictanet.or.ke] On Behalf Of Barrack Otieno via KICTANet Sent: Monday, May 30, 2022 11:30 AM To: Adam Lane <adam.lane@huawei.com> Cc: Barrack Otieno <otieno.barrack@gmail.com> Subject: Re: [kictanet] Sim card swap: How Farah Bashir lost Sh2.6m to fraudsters in hours Goodmorning Daktari, I am in agreement. Most of these attacks are purely Social Engineering moves and indeed they are on the rise and very persistent. We need to step up Consumer awareness and digital literacy, the fraudsters are evolving daily and becoming too sophisticated. Consumers should be encouraged to tighten their security. Two Factor Authentication is a good start. There is need for an evaluation on whether it is adequate, but Consumer Awareness which is believe is in CA's purview and Digital Literacy are key. Regards On Mon, May 30, 2022 at 11:20 AM Bitange Ndemo via KICTANet <kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke>> wrote: Before we all panic, it is important to dissect the problem here from all sides. My cousin, a teacher lost Ksh. 57,000 from his bank account. When he called me for help, I asked him many questions. It occurred to me that he had inadvertently given out his data to some unknown people disguising themselves as sales reps marketing a new offer from a competing telecommunications operator. In my view, we need to do the following: take the digital literacy program very seriously, sensitize citizens around data protection laws and leverage artificial intelligence (voice recognition for security purposes) for any withdrawal, especially among the very vulnerable in society. Institutions like Kenya Power and Lighting Company (virtually every week I receive a fake call from "KPLC") should devise more secure ways of dealing with customers in the digital era. Since most of the fraud is largely an inside job, much of the backend work should be automated. Ndemo On Mon, May 30, 2022 at 10:42 AM Deborah Wanjugu via KICTANet <kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke>> wrote: Thank you for this article, Victor. This is quite frightening because prepaid customers on Safaricom cannot call 100 and get served by an agent (that was my experience which made me migrate back to postpaid). If the gentleman in this article acted as quickly as he possibly could and reached out to Safaricom on Twitter yet did not get the help he needed then something is terribly wrong with that online reporting system. I've noticed that when customer service agents respond on social media they respond based on their own perceptions and not what the client tells them. This isn't always the case and I'm not referring to Safaricom alone. As a random example I reported not having received my electricity bill to Kanya Power on Twitter. Instead of sending me my estimate, one of the agents asked for the nearest marker to my place so they could send technical support. Another problem is when you call to report fraud with your bank then they start asking you questions which feel irrelevant at the time. I once thought my card had been hacked so when I called to report it they asked me some silly questions. I don't remember what they were but I do remember being pissed and having to contain myself under the pressure. There needs to be a tightening of customer service particularly with respect to online fraud reporting. I don't know what other pieces need to be fixed. This is where my personal beef is. Deborah On Mon, May 30, 2022, 10:14 Victor Kapiyo via KICTANet <kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke>> wrote: Morning Listers, In the news today: Farah Bashir is yet to come to terms with how his bank accounts were wiped clean by fraudsters, barely two days after he had landed in Johannesburg for a two-week assignment in February. He painfully recounted how he watched helplessly as Sh2.6 million was withdrawn by hackers in several transactions from his four different Absa Bank accounts between February 7 and February 9. Read more: https://nation.africa/kenya/news/sim-card-swap-how-farah-bashir-lost-sh2-6m-... SIM Card fraud has been in the bees lately. The sums lost are pretty high. I bet there are many sad tales from individuals who've lost collasal amounts due to sim swap fraud. How come we're not able to contain this crimes? I wonder who's the weakest link here that needs to pull up their socks? It's really a big threat to our digital economy if we can't address this growing menace. Happy to hear your thoughts on this. Regards, Victor _______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke<mailto:KICTANet@lists.kictanet.or.ke> https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/deborah.wanjugu%40gmai... KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform. _______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke<mailto:KICTANet@lists.kictanet.or.ke> https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/bndemo%40bitangendemo.... KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform. _______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke<mailto:KICTANet@lists.kictanet.or.ke> https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail... KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform. -- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
Listers, While education will be important, we can't run away from.the elephant in the room; Safaricom's liability. It strikes me that most of these stories involve Safaricom. It is also true, that most people are mot sophisticated enough to even understand how these fintech products work. They therefore are entering into contacts of utmost good faith withthe provider trusting that the provider will uphold their fiduciary duty. To me this is a case of negligence on many levels and while contributory negligence can be found on the subscriber for inadvertently providing their details or being gullible, the responsibility to ensure the integrity of the product is the privders'. It is a pattern it seems that these heists are carried out immediately after a SIM swap. What genius does it take to design the product that no immediate financial transactions take place on the line after a SIM swap? Or require personal visit to a shop to reactivate? It is also not clear how these crooks are able to tell who has money or has recently had money. It is also not clear how and where they cash these embezzled funds that the provider has not been able to identify. To me the provider should be held culpable and should refund all those who have lost money through these scams. Regards, JG On Mon, 30 May 2022, 11:59 Adam Lane via KICTANet, < kictanet@lists.kictanet.or.ke> wrote:
I have reported several of the spam callers to Safaricom; I don’t know if they just block the numbers, or if they actually report to DCI and allow investigation and prosecution.
If no-one gets prosecuted then this is a no-risk business model. If people get prosecuted then at least there is some risk/cost that must be considered compared to the potential revenue the scammers get…
*From:* KICTANet [mailto:kictanet-bounces+adam.lane= huawei.com@lists.kictanet.or.ke] *On Behalf Of *Barrack Otieno via KICTANet *Sent:* Monday, May 30, 2022 11:30 AM *To:* Adam Lane <adam.lane@huawei.com> *Cc:* Barrack Otieno <otieno.barrack@gmail.com> *Subject:* Re: [kictanet] Sim card swap: How Farah Bashir lost Sh2.6m to fraudsters in hours
Goodmorning Daktari,
I am in agreement. Most of these attacks are purely Social Engineering moves and indeed they are on the rise and very persistent. We need to step up Consumer awareness and digital literacy, the fraudsters are evolving daily and becoming too sophisticated. Consumers should be encouraged to tighten their security. Two Factor Authentication is a good start. There is need for an evaluation on whether it is adequate, but Consumer Awareness which is believe is in CA's purview and Digital Literacy are key.
Regards
On Mon, May 30, 2022 at 11:20 AM Bitange Ndemo via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Before we all panic, it is important to dissect the problem here from all sides. My cousin, a teacher lost Ksh. 57,000 from his bank account. When he called me for help, I asked him many questions. It occurred to me that he had inadvertently given out his data to some unknown people disguising themselves as sales reps marketing a new offer from a competing telecommunications operator. In my view, we need to do the following: take the digital literacy program very seriously, sensitize citizens around data protection laws and leverage artificial intelligence (voice recognition for security purposes) for any withdrawal, especially among the very vulnerable in society. Institutions like Kenya Power and Lighting Company (virtually every week I receive a fake call from "KPLC") should devise more secure ways of dealing with customers in the digital era. Since most of the fraud is largely an inside job, much of the backend work should be automated.
Ndemo
On Mon, May 30, 2022 at 10:42 AM Deborah Wanjugu via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Thank you for this article, Victor.
This is quite frightening because prepaid customers on Safaricom cannot call 100 and get served by an agent (that was my experience which made me migrate back to postpaid).
If the gentleman in this article acted as quickly as he possibly could and reached out to Safaricom on Twitter yet did not get the help he needed then something is terribly wrong with that online reporting system.
I've noticed that when customer service agents respond on social media they respond based on their own perceptions and not what the client tells them. This isn't always the case and I'm not referring to Safaricom alone. As a random example I reported not having received my electricity bill to Kanya Power on Twitter. Instead of sending me my estimate, one of the agents asked for the nearest marker to my place so they could send technical support.
Another problem is when you call to report fraud with your bank then they start asking you questions which feel irrelevant at the time. I once thought my card had been hacked so when I called to report it they asked me some silly questions. I don't remember what they were but I do remember being pissed and having to contain myself under the pressure.
There needs to be a tightening of customer service particularly with respect to online fraud reporting.
I don't know what other pieces need to be fixed. This is where my personal beef is.
Deborah
On Mon, May 30, 2022, 10:14 Victor Kapiyo via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Morning Listers,
In the news today:
Farah Bashir is yet to come to terms with how his bank accounts were wiped clean by fraudsters, barely two days after he had landed in Johannesburg for a two-week assignment in February.
He painfully recounted how he watched helplessly as Sh2.6 million was withdrawn by hackers in several transactions from his four different Absa Bank accounts between February 7 and February 9.
Read more: https://nation.africa/kenya/news/sim-card-swap-how-farah-bashir-lost-sh2-6m-...
SIM Card fraud has been in the bees lately. The sums lost are pretty high. I bet there are many sad tales from individuals who've lost collasal amounts due to sim swap fraud.
How come we're not able to contain this crimes? I wonder who's the weakest link here that needs to pull up their socks? It's really a big threat to our digital economy if we can't address this growing menace.
Happy to hear your thoughts on this.
Regards,
Victor
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/deborah.wanjugu%40gmai...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/bndemo%40bitangendemo....
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
--
Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jgmbugua%40gmail.com
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
I agree with you, James. Something can be done to stop money transfers within a certain period of time after a SIM swap (if the swap is not happening in person to verify that the owner of the SIM is the one swapping it). It feels like there is no will to deal with this fraud - it's been happening for too long with no visible concrete steps beyond telling people to avoid falling for social engineering attempts. Consumer education is key, but what other safeguards are being put in place? Regards, Felista On Mon, 30 May 2022, 12:38 pm James Mbugua via KICTANet, < kictanet@lists.kictanet.or.ke> wrote:
Listers,
While education will be important, we can't run away from.the elephant in the room; Safaricom's liability.
It strikes me that most of these stories involve Safaricom.
It is also true, that most people are mot sophisticated enough to even understand how these fintech products work.
They therefore are entering into contacts of utmost good faith withthe provider trusting that the provider will uphold their fiduciary duty.
To me this is a case of negligence on many levels and while contributory negligence can be found on the subscriber for inadvertently providing their details or being gullible, the responsibility to ensure the integrity of the product is the privders'.
It is a pattern it seems that these heists are carried out immediately after a SIM swap. What genius does it take to design the product that no immediate financial transactions take place on the line after a SIM swap? Or require personal visit to a shop to reactivate?
It is also not clear how these crooks are able to tell who has money or has recently had money.
It is also not clear how and where they cash these embezzled funds that the provider has not been able to identify.
To me the provider should be held culpable and should refund all those who have lost money through these scams.
Regards,
JG
On Mon, 30 May 2022, 11:59 Adam Lane via KICTANet, < kictanet@lists.kictanet.or.ke> wrote:
I have reported several of the spam callers to Safaricom; I don’t know if they just block the numbers, or if they actually report to DCI and allow investigation and prosecution.
If no-one gets prosecuted then this is a no-risk business model. If people get prosecuted then at least there is some risk/cost that must be considered compared to the potential revenue the scammers get…
*From:* KICTANet [mailto:kictanet-bounces+adam.lane= huawei.com@lists.kictanet.or.ke] *On Behalf Of *Barrack Otieno via KICTANet *Sent:* Monday, May 30, 2022 11:30 AM *To:* Adam Lane <adam.lane@huawei.com> *Cc:* Barrack Otieno <otieno.barrack@gmail.com> *Subject:* Re: [kictanet] Sim card swap: How Farah Bashir lost Sh2.6m to fraudsters in hours
Goodmorning Daktari,
I am in agreement. Most of these attacks are purely Social Engineering moves and indeed they are on the rise and very persistent. We need to step up Consumer awareness and digital literacy, the fraudsters are evolving daily and becoming too sophisticated. Consumers should be encouraged to tighten their security. Two Factor Authentication is a good start. There is need for an evaluation on whether it is adequate, but Consumer Awareness which is believe is in CA's purview and Digital Literacy are key.
Regards
On Mon, May 30, 2022 at 11:20 AM Bitange Ndemo via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Before we all panic, it is important to dissect the problem here from all sides. My cousin, a teacher lost Ksh. 57,000 from his bank account. When he called me for help, I asked him many questions. It occurred to me that he had inadvertently given out his data to some unknown people disguising themselves as sales reps marketing a new offer from a competing telecommunications operator. In my view, we need to do the following: take the digital literacy program very seriously, sensitize citizens around data protection laws and leverage artificial intelligence (voice recognition for security purposes) for any withdrawal, especially among the very vulnerable in society. Institutions like Kenya Power and Lighting Company (virtually every week I receive a fake call from "KPLC") should devise more secure ways of dealing with customers in the digital era. Since most of the fraud is largely an inside job, much of the backend work should be automated.
Ndemo
On Mon, May 30, 2022 at 10:42 AM Deborah Wanjugu via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Thank you for this article, Victor.
This is quite frightening because prepaid customers on Safaricom cannot call 100 and get served by an agent (that was my experience which made me migrate back to postpaid).
If the gentleman in this article acted as quickly as he possibly could and reached out to Safaricom on Twitter yet did not get the help he needed then something is terribly wrong with that online reporting system.
I've noticed that when customer service agents respond on social media they respond based on their own perceptions and not what the client tells them. This isn't always the case and I'm not referring to Safaricom alone. As a random example I reported not having received my electricity bill to Kanya Power on Twitter. Instead of sending me my estimate, one of the agents asked for the nearest marker to my place so they could send technical support.
Another problem is when you call to report fraud with your bank then they start asking you questions which feel irrelevant at the time. I once thought my card had been hacked so when I called to report it they asked me some silly questions. I don't remember what they were but I do remember being pissed and having to contain myself under the pressure.
There needs to be a tightening of customer service particularly with respect to online fraud reporting.
I don't know what other pieces need to be fixed. This is where my personal beef is.
Deborah
On Mon, May 30, 2022, 10:14 Victor Kapiyo via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Morning Listers,
In the news today:
Farah Bashir is yet to come to terms with how his bank accounts were wiped clean by fraudsters, barely two days after he had landed in Johannesburg for a two-week assignment in February.
He painfully recounted how he watched helplessly as Sh2.6 million was withdrawn by hackers in several transactions from his four different Absa Bank accounts between February 7 and February 9.
Read more: https://nation.africa/kenya/news/sim-card-swap-how-farah-bashir-lost-sh2-6m-...
SIM Card fraud has been in the bees lately. The sums lost are pretty high. I bet there are many sad tales from individuals who've lost collasal amounts due to sim swap fraud.
How come we're not able to contain this crimes? I wonder who's the weakest link here that needs to pull up their socks? It's really a big threat to our digital economy if we can't address this growing menace.
Happy to hear your thoughts on this.
Regards,
Victor
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/deborah.wanjugu%40gmai...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/bndemo%40bitangendemo....
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
--
Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jgmbugua%40gmail.com
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/fwwangari03%40gmail.co...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
Interesting. There's a concept of security by default. If sim swaps are happening and bring used to defraud people, can't operations disable remote sim swaps and put in place a proper 2FA model that is secure? Also, these reports show that perhaps little or no action is taken after these reports are made. I would be interested to hear whether the telcos, CA and DCI can regularly publish statistics on these crimes. I think everyone on this platform has heard of someone whose lost money from mpesa/phone/bank fraud. But to what extent are these being addressed? I am aware of a Cybersecurity strategy being developed? Are these issues that it should address in a muktistakeholder approach? Victor On Mon, 30 May 2022, 12:38 James Mbugua via KICTANet, < kictanet@lists.kictanet.or.ke> wrote:
Listers,
While education will be important, we can't run away from.the elephant in the room; Safaricom's liability.
It strikes me that most of these stories involve Safaricom.
It is also true, that most people are mot sophisticated enough to even understand how these fintech products work.
They therefore are entering into contacts of utmost good faith withthe provider trusting that the provider will uphold their fiduciary duty.
To me this is a case of negligence on many levels and while contributory negligence can be found on the subscriber for inadvertently providing their details or being gullible, the responsibility to ensure the integrity of the product is the privders'.
It is a pattern it seems that these heists are carried out immediately after a SIM swap. What genius does it take to design the product that no immediate financial transactions take place on the line after a SIM swap? Or require personal visit to a shop to reactivate?
It is also not clear how these crooks are able to tell who has money or has recently had money.
It is also not clear how and where they cash these embezzled funds that the provider has not been able to identify.
To me the provider should be held culpable and should refund all those who have lost money through these scams.
Regards,
JG
On Mon, 30 May 2022, 11:59 Adam Lane via KICTANet, < kictanet@lists.kictanet.or.ke> wrote:
I have reported several of the spam callers to Safaricom; I don’t know if they just block the numbers, or if they actually report to DCI and allow investigation and prosecution.
If no-one gets prosecuted then this is a no-risk business model. If people get prosecuted then at least there is some risk/cost that must be considered compared to the potential revenue the scammers get…
*From:* KICTANet [mailto:kictanet-bounces+adam.lane= huawei.com@lists.kictanet.or.ke] *On Behalf Of *Barrack Otieno via KICTANet *Sent:* Monday, May 30, 2022 11:30 AM *To:* Adam Lane <adam.lane@huawei.com> *Cc:* Barrack Otieno <otieno.barrack@gmail.com> *Subject:* Re: [kictanet] Sim card swap: How Farah Bashir lost Sh2.6m to fraudsters in hours
Goodmorning Daktari,
I am in agreement. Most of these attacks are purely Social Engineering moves and indeed they are on the rise and very persistent. We need to step up Consumer awareness and digital literacy, the fraudsters are evolving daily and becoming too sophisticated. Consumers should be encouraged to tighten their security. Two Factor Authentication is a good start. There is need for an evaluation on whether it is adequate, but Consumer Awareness which is believe is in CA's purview and Digital Literacy are key.
Regards
On Mon, May 30, 2022 at 11:20 AM Bitange Ndemo via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Before we all panic, it is important to dissect the problem here from all sides. My cousin, a teacher lost Ksh. 57,000 from his bank account. When he called me for help, I asked him many questions. It occurred to me that he had inadvertently given out his data to some unknown people disguising themselves as sales reps marketing a new offer from a competing telecommunications operator. In my view, we need to do the following: take the digital literacy program very seriously, sensitize citizens around data protection laws and leverage artificial intelligence (voice recognition for security purposes) for any withdrawal, especially among the very vulnerable in society. Institutions like Kenya Power and Lighting Company (virtually every week I receive a fake call from "KPLC") should devise more secure ways of dealing with customers in the digital era. Since most of the fraud is largely an inside job, much of the backend work should be automated.
Ndemo
On Mon, May 30, 2022 at 10:42 AM Deborah Wanjugu via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Thank you for this article, Victor.
This is quite frightening because prepaid customers on Safaricom cannot call 100 and get served by an agent (that was my experience which made me migrate back to postpaid).
If the gentleman in this article acted as quickly as he possibly could and reached out to Safaricom on Twitter yet did not get the help he needed then something is terribly wrong with that online reporting system.
I've noticed that when customer service agents respond on social media they respond based on their own perceptions and not what the client tells them. This isn't always the case and I'm not referring to Safaricom alone. As a random example I reported not having received my electricity bill to Kanya Power on Twitter. Instead of sending me my estimate, one of the agents asked for the nearest marker to my place so they could send technical support.
Another problem is when you call to report fraud with your bank then they start asking you questions which feel irrelevant at the time. I once thought my card had been hacked so when I called to report it they asked me some silly questions. I don't remember what they were but I do remember being pissed and having to contain myself under the pressure.
There needs to be a tightening of customer service particularly with respect to online fraud reporting.
I don't know what other pieces need to be fixed. This is where my personal beef is.
Deborah
On Mon, May 30, 2022, 10:14 Victor Kapiyo via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Morning Listers,
In the news today:
Farah Bashir is yet to come to terms with how his bank accounts were wiped clean by fraudsters, barely two days after he had landed in Johannesburg for a two-week assignment in February.
He painfully recounted how he watched helplessly as Sh2.6 million was withdrawn by hackers in several transactions from his four different Absa Bank accounts between February 7 and February 9.
Read more: https://nation.africa/kenya/news/sim-card-swap-how-farah-bashir-lost-sh2-6m-...
SIM Card fraud has been in the bees lately. The sums lost are pretty high. I bet there are many sad tales from individuals who've lost collasal amounts due to sim swap fraud.
How come we're not able to contain this crimes? I wonder who's the weakest link here that needs to pull up their socks? It's really a big threat to our digital economy if we can't address this growing menace.
Happy to hear your thoughts on this.
Regards,
Victor
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/deborah.wanjugu%40gmai...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/bndemo%40bitangendemo....
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
--
Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jgmbugua%40gmail.com
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/vkapiyo%40gmail.com
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
I know a close relative who has had to get a new number because of spam calls. It seems as though Safaricom wamewezwa with this. The sim swap thing is for real, but I also think if we can manage and educate on the spam calling, then we will be better able to focus on the real sim swap issue. I think, right now, it is difficult to tell the trees from the forest.. On Mon, 30 May 2022 at 05:00, Adam Lane via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
I have reported several of the spam callers to Safaricom; I don’t know if they just block the numbers, or if they actually report to DCI and allow investigation and prosecution.
If no-one gets prosecuted then this is a no-risk business model. If people get prosecuted then at least there is some risk/cost that must be considered compared to the potential revenue the scammers get…
*From:* KICTANet [mailto:kictanet-bounces+adam.lane= huawei.com@lists.kictanet.or.ke] *On Behalf Of *Barrack Otieno via KICTANet *Sent:* Monday, May 30, 2022 11:30 AM *To:* Adam Lane <adam.lane@huawei.com> *Cc:* Barrack Otieno <otieno.barrack@gmail.com> *Subject:* Re: [kictanet] Sim card swap: How Farah Bashir lost Sh2.6m to fraudsters in hours
Goodmorning Daktari,
I am in agreement. Most of these attacks are purely Social Engineering moves and indeed they are on the rise and very persistent. We need to step up Consumer awareness and digital literacy, the fraudsters are evolving daily and becoming too sophisticated. Consumers should be encouraged to tighten their security. Two Factor Authentication is a good start. There is need for an evaluation on whether it is adequate, but Consumer Awareness which is believe is in CA's purview and Digital Literacy are key.
Regards
On Mon, May 30, 2022 at 11:20 AM Bitange Ndemo via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Before we all panic, it is important to dissect the problem here from all sides. My cousin, a teacher lost Ksh. 57,000 from his bank account. When he called me for help, I asked him many questions. It occurred to me that he had inadvertently given out his data to some unknown people disguising themselves as sales reps marketing a new offer from a competing telecommunications operator. In my view, we need to do the following: take the digital literacy program very seriously, sensitize citizens around data protection laws and leverage artificial intelligence (voice recognition for security purposes) for any withdrawal, especially among the very vulnerable in society. Institutions like Kenya Power and Lighting Company (virtually every week I receive a fake call from "KPLC") should devise more secure ways of dealing with customers in the digital era. Since most of the fraud is largely an inside job, much of the backend work should be automated.
Ndemo
On Mon, May 30, 2022 at 10:42 AM Deborah Wanjugu via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Thank you for this article, Victor.
This is quite frightening because prepaid customers on Safaricom cannot call 100 and get served by an agent (that was my experience which made me migrate back to postpaid).
If the gentleman in this article acted as quickly as he possibly could and reached out to Safaricom on Twitter yet did not get the help he needed then something is terribly wrong with that online reporting system.
I've noticed that when customer service agents respond on social media they respond based on their own perceptions and not what the client tells them. This isn't always the case and I'm not referring to Safaricom alone. As a random example I reported not having received my electricity bill to Kanya Power on Twitter. Instead of sending me my estimate, one of the agents asked for the nearest marker to my place so they could send technical support.
Another problem is when you call to report fraud with your bank then they start asking you questions which feel irrelevant at the time. I once thought my card had been hacked so when I called to report it they asked me some silly questions. I don't remember what they were but I do remember being pissed and having to contain myself under the pressure.
There needs to be a tightening of customer service particularly with respect to online fraud reporting.
I don't know what other pieces need to be fixed. This is where my personal beef is.
Deborah
On Mon, May 30, 2022, 10:14 Victor Kapiyo via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Morning Listers,
In the news today:
Farah Bashir is yet to come to terms with how his bank accounts were wiped clean by fraudsters, barely two days after he had landed in Johannesburg for a two-week assignment in February.
He painfully recounted how he watched helplessly as Sh2.6 million was withdrawn by hackers in several transactions from his four different Absa Bank accounts between February 7 and February 9.
Read more: https://nation.africa/kenya/news/sim-card-swap-how-farah-bashir-lost-sh2-6m-...
SIM Card fraud has been in the bees lately. The sums lost are pretty high. I bet there are many sad tales from individuals who've lost collasal amounts due to sim swap fraud.
How come we're not able to contain this crimes? I wonder who's the weakest link here that needs to pull up their socks? It's really a big threat to our digital economy if we can't address this growing menace.
Happy to hear your thoughts on this.
Regards,
Victor
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/deborah.wanjugu%40gmai...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/bndemo%40bitangendemo....
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
--
Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/bkisia%40gmail.com
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
Good point Dr. Ndemo. My philosophy has been the less human intervention, the better and I agree with you when it comes to automation. Consumer awareness is also key. Regards, Willis Muriu Rockville Consulting Limited ICT Consultant On Mon, May 30, 2022 at 11:12 AM Bitange Ndemo via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Before we all panic, it is important to dissect the problem here from all sides. My cousin, a teacher lost Ksh. 57,000 from his bank account. When he called me for help, I asked him many questions. It occurred to me that he had inadvertently given out his data to some unknown people disguising themselves as sales reps marketing a new offer from a competing telecommunications operator. In my view, we need to do the following: take the digital literacy program very seriously, sensitize citizens around data protection laws and leverage artificial intelligence (voice recognition for security purposes) for any withdrawal, especially among the very vulnerable in society. Institutions like Kenya Power and Lighting Company (virtually every week I receive a fake call from "KPLC") should devise more secure ways of dealing with customers in the digital era. Since most of the fraud is largely an inside job, much of the backend work should be automated.
Ndemo
On Mon, May 30, 2022 at 10:42 AM Deborah Wanjugu via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Thank you for this article, Victor.
This is quite frightening because prepaid customers on Safaricom cannot call 100 and get served by an agent (that was my experience which made me migrate back to postpaid).
If the gentleman in this article acted as quickly as he possibly could and reached out to Safaricom on Twitter yet did not get the help he needed then something is terribly wrong with that online reporting system.
I've noticed that when customer service agents respond on social media they respond based on their own perceptions and not what the client tells them. This isn't always the case and I'm not referring to Safaricom alone. As a random example I reported not having received my electricity bill to Kanya Power on Twitter. Instead of sending me my estimate, one of the agents asked for the nearest marker to my place so they could send technical support.
Another problem is when you call to report fraud with your bank then they start asking you questions which feel irrelevant at the time. I once thought my card had been hacked so when I called to report it they asked me some silly questions. I don't remember what they were but I do remember being pissed and having to contain myself under the pressure.
There needs to be a tightening of customer service particularly with respect to online fraud reporting.
I don't know what other pieces need to be fixed. This is where my personal beef is.
Deborah
On Mon, May 30, 2022, 10:14 Victor Kapiyo via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Morning Listers,
In the news today:
Farah Bashir is yet to come to terms with how his bank accounts were wiped clean by fraudsters, barely two days after he had landed in Johannesburg for a two-week assignment in February.
He painfully recounted how he watched helplessly as Sh2.6 million was withdrawn by hackers in several transactions from his four different Absa Bank accounts between February 7 and February 9.
Read more: https://nation.africa/kenya/news/sim-card-swap-how-farah-bashir-lost-sh2-6m-...
SIM Card fraud has been in the bees lately. The sums lost are pretty high. I bet there are many sad tales from individuals who've lost collasal amounts due to sim swap fraud.
How come we're not able to contain this crimes? I wonder who's the weakest link here that needs to pull up their socks? It's really a big threat to our digital economy if we can't address this growing menace.
Happy to hear your thoughts on this.
Regards,
Victor
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/deborah.wanjugu%40gmai...
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/bndemo%40bitangendemo....
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list KICTANet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/wmuriu%40gmail.com
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
participants (13)
-
Adam Lane -
Ali Hussein -
awatila@gmail.com -
Barrack Otieno -
Bitange Ndemo -
Bradley Kisia -
Cyrus Kithuva -
David Indeje -
Deborah Wanjugu -
felista wangari -
James Mbugua -
Victor Kapiyo -
Willis Muriu