Identity theft in Kenya has been on the rise as technology is constantly evolving around the globe. There are many forms of identity theft used by fraudsters to steal money from citizens. The most common type being SIM swap.

SIM swap is a fraud that occurs when fraudsters replace and take control of a victim’s phone number. Since it is a data sensitive process that requires verification by the service provider, fraudsters can obtain the victim’s information from a variety of techniques such as phishing, vishing, spoofing, dumpster diving, social engineering, and any other cyber related attacks.

In Kenya, the most used techniques are vishing. Vishing occurs when fraudsters typically call the victim masquerading as their service provider offering fraudulent upgrades or other information related services. They then instruct the victim to confirm a few personal details for the upgrade or service to take effect. Once this is done, they apply denial of service attack to access the victim’s account and transfer the money to their receiving accounts.

Alternatively, they can instruct victims to switch off their phone after accessing their Personal data such as PIN (personal identification number) and passwords. They then use data to call the service provider and request their number to be swapped to a blank SIM. Upon verification, the victim’s SIM card is deactivated with no signal. During this time, the fraudsters are in control of the phone number and can operate the victim’s bank accounts, mobile money and other credit facilities.

Another emerging trend used for identity theft in Africa and Kenya is spoofing. Fraudsters use the official service providers active number with a slight difference of the prefix. For example (+254 instead of 07). They easily prey unsuspecting victims since the number appears genuine and when instructed to give out mobile money details for upgrades, the victims cooperate and end up being swindled. During this time, the fraudsters give step by step instructions compromising the victims into transferring money to their agent or phone numbers unsuspectingly.

To prevent SIM Swap identity theft, it is important to observe the following:

  • Limit the personal information you share online such as full names, address, or phone number on public sites;
  • Do not reply to unknown texts, emails, or calls that ask for personal information as this could be phishing attempts;
  • Strengthening use of strong password or pin management;
  • Use of multifactor authentication for access control;
  • Use of updated anti-virus software’s for your devices;
  • Avoid use of unsecured domains which are controlled by unknown intruders;
  • Avoid use of unsecured public Wi-Fi which are a toll-free venue for fraudsters to gain access to personal data on mobile devices; and
  • Avoid using your mobile phone numbers as a recovery option for accounts and passwords, rather use another email ID.

SIM Swap is one of the reasons why one should not use their phone number as a verifier for identity since it can easily be breached. It is therefore recommended that you add other layers of protection to keep your accounts and identity safe.

At Riskhouse International, our team of Cyber Security & Digital Forensic experts can provide you with a framework that covers information security management, risk awareness, users and processes training on cybersecurity fraud, vulnerability assessment and penetration testing, system audit, business continuity plan, disaster recovery plan and digital forensic investigation on system frauds. We will be able to understand your system design architecture, risk universe, vulnerability exposure and implement corrective action.