[kictanet] Sim card swap: How Farah Bashir lost Sh2.6m to fraudsters in hours

Victor Kapiyo vkapiyo at gmail.com
Mon May 30 13:07:05 EAT 2022


Interesting. There's a concept of security by default. If sim swaps are
happening and bring used to defraud people, can't operations disable remote
sim swaps and put in place a proper 2FA model that is secure?

Also, these reports show that perhaps little or no action is taken after
these reports are made. I would be interested to hear whether the telcos,
CA and DCI can regularly publish statistics on these crimes. I think
everyone on this platform has heard of someone whose lost money from
mpesa/phone/bank fraud. But to what extent are these being addressed?

I am aware of a Cybersecurity strategy being developed? Are these issues
that it should address in a muktistakeholder approach?

Victor

On Mon, 30 May 2022, 12:38 James Mbugua via KICTANet, <
kictanet at lists.kictanet.or.ke> wrote:

> Listers,
>
> While education will be important, we can't run away from.the elephant in
> the room; Safaricom's liability.
>
> It strikes me that most of these stories involve Safaricom.
>
> It is also true, that most people are mot sophisticated enough to even
> understand how these fintech products work.
>
> They therefore are entering into contacts of utmost good faith withthe
> provider trusting that the provider will uphold their fiduciary duty.
>
> To me this is a case of negligence on many levels and while contributory
> negligence can be found on the subscriber for inadvertently providing their
> details or being gullible, the responsibility to ensure the integrity of
> the product is the privders'.
>
> It is a pattern it seems that these heists are carried out immediately
> after a SIM swap. What genius does it take to design the product that no
> immediate financial transactions take place on the line after a SIM swap?
> Or require personal visit to a shop to reactivate?
>
> It is also not clear how these crooks are able to tell who has money or
> has recently had money.
>
> It is also not clear how and where they cash these embezzled funds that
> the provider has not been able to identify.
>
> To me the provider should be held culpable and should refund all those who
> have lost money through these scams.
>
> Regards,
>
> JG
>
> On Mon, 30 May 2022, 11:59 Adam Lane via KICTANet, <
> kictanet at lists.kictanet.or.ke> wrote:
>
>> I have reported several of the spam callers to Safaricom; I don’t know if
>> they just block the numbers, or if they actually report to DCI and allow
>> investigation and prosecution.
>>
>>
>>
>> If no-one gets prosecuted then this is a no-risk business model. If
>> people get prosecuted then at least there is some risk/cost that must be
>> considered compared to the potential revenue the scammers get…
>>
>>
>>
>> *From:* KICTANet [mailto:kictanet-bounces+adam.lane=
>> huawei.com at lists.kictanet.or.ke] *On Behalf Of *Barrack Otieno via
>> KICTANet
>> *Sent:* Monday, May 30, 2022 11:30 AM
>> *To:* Adam Lane <adam.lane at huawei.com>
>> *Cc:* Barrack Otieno <otieno.barrack at gmail.com>
>> *Subject:* Re: [kictanet] Sim card swap: How Farah Bashir lost Sh2.6m to
>> fraudsters in hours
>>
>>
>>
>> Goodmorning Daktari,
>>
>>
>>
>> I am in agreement. Most of these attacks are purely Social Engineering
>> moves and indeed they are on the rise and very persistent. We need to step
>> up Consumer awareness and digital literacy, the fraudsters are evolving
>> daily and becoming too sophisticated. Consumers should be encouraged to
>> tighten their security. Two Factor Authentication is a good start. There is
>> need for an evaluation on whether it is adequate, but Consumer Awareness
>> which is believe is in CA's purview and Digital Literacy are key.
>>
>>
>>
>> Regards
>>
>>
>>
>> On Mon, May 30, 2022 at 11:20 AM Bitange Ndemo via KICTANet <
>> kictanet at lists.kictanet.or.ke> wrote:
>>
>> Before we all panic, it is important to dissect the problem here from all
>> sides.  My cousin, a teacher lost Ksh. 57,000 from his bank account. When
>> he called me for help, I asked him many questions. It occurred to me that
>> he had inadvertently given out his data to some unknown people disguising
>> themselves as sales reps marketing a new offer from a competing
>> telecommunications operator. In my view, we need to do the following: take
>> the digital literacy program very seriously, sensitize citizens around data
>> protection laws and leverage artificial intelligence (voice recognition for
>> security purposes) for any withdrawal, especially among the very vulnerable
>> in society.  Institutions like Kenya Power and Lighting Company (virtually
>> every week I receive a fake call from "KPLC") should devise more secure
>> ways of dealing with customers in the digital era.  Since most of the fraud
>> is largely an inside job, much of the backend work should be automated.
>>
>>
>>
>> Ndemo
>>
>>
>>
>> On Mon, May 30, 2022 at 10:42 AM Deborah Wanjugu via KICTANet <
>> kictanet at lists.kictanet.or.ke> wrote:
>>
>> Thank you for this article, Victor.
>>
>>
>>
>> This is quite frightening because prepaid customers on Safaricom cannot
>> call 100 and get served by an agent (that was my experience which made me
>> migrate back to postpaid).
>>
>>
>>
>> If the gentleman in this article acted as quickly as he possibly could
>> and reached out to Safaricom on Twitter yet did not get the help he needed
>> then something is terribly wrong with that online reporting system.
>>
>>
>>
>> I've noticed that when customer service agents respond on social media
>> they respond based on their own perceptions and not what the client tells
>> them. This isn't always the case and I'm not referring to Safaricom alone.
>> As a random example I reported not having received my electricity bill to
>> Kanya Power on Twitter. Instead of sending me my estimate, one of the
>> agents asked for the nearest marker to my place so they could send
>> technical support.
>>
>>
>>
>> Another problem is when you call to report fraud with your bank then they
>> start asking you questions which feel irrelevant at the time. I once
>> thought my card had been hacked so when I called to report it they asked me
>> some silly questions. I don't remember what they were but I do remember
>> being pissed and having to contain myself under the pressure.
>>
>>
>>
>> There needs to be a tightening of customer service particularly with
>> respect to online fraud reporting.
>>
>>
>>
>> I don't know what other pieces need to be fixed. This is where my
>> personal beef is.
>>
>>
>>
>> Deborah
>>
>>
>>
>> On Mon, May 30, 2022, 10:14 Victor Kapiyo via KICTANet <
>> kictanet at lists.kictanet.or.ke> wrote:
>>
>> Morning Listers,
>>
>>
>>
>> In the news today:
>>
>>
>>
>> Farah Bashir is yet to come to terms with how his bank accounts were
>> wiped clean by fraudsters, barely two days after he had landed in
>> Johannesburg for a two-week assignment in February.
>>
>>
>>
>> He painfully recounted how he watched helplessly as Sh2.6 million was
>> withdrawn by hackers in several transactions from his four different Absa
>> Bank accounts between February 7 and February 9.
>>
>>
>>
>> Read more:
>> https://nation.africa/kenya/news/sim-card-swap-how-farah-bashir-lost-sh2-6m-to-fraudsters-in-hours-3831356
>>
>>
>>
>> SIM Card fraud has been in the bees lately. The sums lost are pretty
>> high. I bet there are many sad tales from individuals who've lost collasal
>> amounts due to sim swap fraud.
>>
>>
>>
>> How come we're not able to contain this crimes? I wonder who's the
>> weakest link here that needs to pull up their socks? It's really a big
>> threat to our digital economy if we can't address this growing menace.
>>
>>
>>
>> Happy to hear your thoughts on this.
>>
>>
>>
>> Regards,
>>
>>
>>
>> Victor
>>
>>
>>
>>
>>
>> _______________________________________________
>> KICTANet mailing list
>> KICTANet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/deborah.wanjugu%40gmail.com
>>
>>
>> KICTANet is a multi-stakeholder Think Tank for people and institutions
>> interested and involved in ICT policy and regulation. KICTANet is a
>> catalyst for reform in the Information and Communication Technology sector.
>> Its work is guided by four pillars of Policy Advocacy, Capacity Building,
>> Research, and Stakeholder Engagement.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>> KICTANet - The Power of Communities, is Kenya's premier ICT policy
>> engagement platform.
>>
>> _______________________________________________
>> KICTANet mailing list
>> KICTANet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/bndemo%40bitangendemo.me
>>
>>
>> KICTANet is a multi-stakeholder Think Tank for people and institutions
>> interested and involved in ICT policy and regulation. KICTANet is a
>> catalyst for reform in the Information and Communication Technology sector.
>> Its work is guided by four pillars of Policy Advocacy, Capacity Building,
>> Research, and Stakeholder Engagement.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>> KICTANet - The Power of Communities, is Kenya's premier ICT policy
>> engagement platform.
>>
>> _______________________________________________
>> KICTANet mailing list
>> KICTANet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail.com
>>
>>
>> KICTANet is a multi-stakeholder Think Tank for people and institutions
>> interested and involved in ICT policy and regulation. KICTANet is a
>> catalyst for reform in the Information and Communication Technology sector.
>> Its work is guided by four pillars of Policy Advocacy, Capacity Building,
>> Research, and Stakeholder Engagement.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>> KICTANet - The Power of Communities, is Kenya's premier ICT policy
>> engagement platform.
>>
>>
>>
>> --
>>
>> Barrack O. Otieno
>> +254721325277
>> +254733206359
>> Skype: barrack.otieno
>> PGP ID: 0x2611D86A
>>
>>
>>
>> _______________________________________________
>> KICTANet mailing list
>> KICTANet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/jgmbugua%40gmail.com
>>
>>
>> KICTANet is a multi-stakeholder Think Tank for people and institutions
>> interested and involved in ICT policy and regulation. KICTANet is a
>> catalyst for reform in the Information and Communication Technology sector.
>> Its work is guided by four pillars of Policy Advocacy, Capacity Building,
>> Research, and Stakeholder Engagement.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>> KICTANet - The Power of Communities, is Kenya's premier ICT policy
>> engagement platform.
>>
> _______________________________________________
> KICTANet mailing list
> KICTANet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/vkapiyo%40gmail.com
>
>
> KICTANet is a multi-stakeholder Think Tank for people and institutions
> interested and involved in ICT policy and regulation. KICTANet is a
> catalyst for reform in the Information and Communication Technology sector.
> Its work is guided by four pillars of Policy Advocacy, Capacity Building,
> Research, and Stakeholder Engagement.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
> KICTANet - The Power of Communities, is Kenya's premier ICT policy
> engagement platform.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20220530/49c374ac/attachment.htm>


More information about the KICTANet mailing list