Mobile wallet fraud is a growing problem in Kenya. Learn the different M-Pesa tricks fraudsters use to deceive people and rob them of their hard-earned money, as well as how you can protect yourself.
According to the CBK, the value of mobile money transactions in Kenya has surpassed 56 percent of GDP. The apex bank adds that nearly 99 percent of all mobile money transactions happen on the M-Pesa platform.
M-Pesa's transformational impact on the Kenyan economy has been felt across the economy and through social classes, even closing the gender wealth divide and lifting increasing numbers of women out of poverty.
M-Pesa has become a source of fortune and a springboard for a better life for millions of Kenyans, but sadly with some, not in the legal, most upstanding way. Some would rather exploit M-Pesa's ubiquity to rob others of their hard-earned money.
Newspaper reports abound of M-Pesa tricks and scams that have seen people losing large sums of money to fraudsters. With M-Pesa fraudsters growing ever more sophisticated, anyone can be a victim.
We wrote this guide on mobile wallet fraud to warn you of the M-Pesa tricks to watch out for and protect your savings from fraudsters.
What is mobile wallet fraud?
Mobile wallet fraud is when fraudsters hijack your mobile wallet to steal the money you store there. In Kenya, fraudsters commonly target users of the ubiquitous M-Pesa mobile money wallet that has over 30 million users nationwide.
Another scenario is when fraudsters take over your M-Pesa mobile money wallet to fraudulently borrow money from loan apps that are linked to it. The most common occurrence happens with the Fuliza overdraft facility that M-Pesa users can use to access short-term loans.
The most brazen M-Pesa fraudsters wipe your mobile wallet clean and borrow a Fuliza loan against your account, leaving you broke and saddled with debt.
How do M-Pesa fraudsters operate?
Most M-Pesa fraudsters dupe people into revealing their PINs and other confidential information. They have grown so sophisticated that they don't need to steal your mobile handset to access funds in your M-Pesa mobile wallet.
A common M-Pesa trick is where fraudsters deceive and manipulate M-Pesa users into revealing confidential details about their accounts. The fraudsters would then use this information to swap the SIM cards of the unsuspecting account owners.
So many people have been robbed of their hard-earned money through SIM-swapping scams that Safaricom is now facing lawsuits for its inability to deal with the menace.
SIM swapping scams have been so successful for fraudsters that some small towns have become hubs for mobile money fraud. So how can you protect yourself from SIM swapping and other mobile wallet fraud?
The best way to protect yourself is to know the tricks M-Pesa fraudsters use:
Common M-Pesa tricks you need to be aware of
Every M-Pesa trick has one objective: to get you to reveal information that can be used to rob you. So most mobile money fraud would not succeed without you falling for the fraudsters' deception.
With that said, here are the most common M-Pesa tricks to which many have fallen and lost savings:
Safaricom officer testing a security upgrade
With this M-Pesa trick, the fraudster pretends to be a sec officer from Safaricom who is on an exercise to upgrade M-Pesa security. They will typically say they are testing a feature that helps you to avoid accidentally sending money to the wrong person.
The feature would be helpful as many people have lost money after sending to the wrong recipients. So that immediately puts your mind at ease. Once that happens, they will ask you for your:
- national identity card name and number,
- last time a person made an M-Pesa transaction and the amount,
- the last airtime top-up and amount, and
- PIN.
They may also ask you to make a small payment to a specific paybill number. With that, they will then ask you to switch off your phone for 5 minutes to allow the security update to take effect.
When you switch your phone back on, you will realise your phone no longer connects to the network. That's because the 'Safaricom security person' was actually an M-Pesa fraudster who you have just helped swap your SIM and has most certainly finished emptying your M-Pesa wallet.
They used the information you provided them to request a SIM swap for your mobile phone so they can take over your M-Pesa, likely painting you as the thief who stole their phone.
Double SIM registration
Another trick fraudsters use to get you to divulge confidential information that they then use to hijack your phone line and M-Pesa mobile wallet is the double SIM registration scam.
The fraudster will call you posing as a Safaricom customer care agent. They will claim your phone line was mistakenly registered to two different people and that they want to verify your information to be sure you are the original owner.
So they will ask for the same information they would need to successfully request a SIM swap, including your PIN and the last few transactions you did on your M-Pesa.
They will ask you to switch off your phone and switch it back on after some minutes, which is all they need to request the SIM swap and transfer money from your M-Pesa.
Fake SMS
This one involves no SIM swapping but some devious social engineering like the above two M-Pesa tricks. What happens is you receive an SMS that seems like a notification for an M-Pesa payment someone has just made to you.
You obviously don't recognise the sender or recall why anyone would send you the money. But before you can investigate, you get a call from the 'sender' who claims they sent it by mistake and asks you to return it.
They will play on your feelings by telling some sad story of how they intended to pay for a relative's critically needed medication or treatment bill. Concerned for their 'ailing relative', you quickly send the money back from your M-Pesa.
Only after you check your balance do you realise there was never any payment into your M-Pesa. The message you received was fake, and the whole thing was a well-orchestrated scam.
ATM withdrawal
With the fake SMS M-Pesa trick, the fraudster deceives you into refunding them for money they never sent you in the first place. With the ATM withdrawal scam, they manipulate you into authorising an ATM withdrawal from your M-Pesa account.
Many people don't know that, as well as the M-Pesa app and SIM Toolkit, you can use a USSD code to withdraw money from your M-Pesa mobile money wallet through a bank ATM. It is this general unfamiliarity with the USSD withdrawal method that M-Pesa fraudsters exploit.
So a 'Safaricom customer care agent' will call you claiming to be testing some new security feature that supposedly protects you from SIM swaps and other scams. They will ask you to enter *334# on your phone, enter your PIN, and then a specific number (which is actually an ATM number).
They will even implore you not to share your PIN with them as it's your secret, which puts your mind at ease. Only they don't need your PIN. After you complete that sequence of steps, you will receive an SMS notification on your phone with an authorisation code, which they will ask you to share with them.
Since they already have your number, the fraudster now has all they need to withdraw any amount from your M-Pesa from an ATM they will likely be close to. Before long, you will get a withdrawal notification on your phone, a withdrawal you were duped into authorising.
A family member in distress con.
The family member in distress is an old con that surprisingly still works. I remember my father almost became a victim of it years ago. This is how it went:
My father got an email on his work computer. They must have hacked into his employer's systems to get his email because he never used social media. He didn't even have a cell phone.
In the email he got, a 'good Samaritan' claimed to be reaching out on behalf of my brother, who was stranded in Lagos, which is very far from home and possibly the reason the con eventually failed.
My brother, who we last knew to be in Cape Town, had apparently travelled to Lagos for business, where he had been mugged and had lost all his particulars and money. He, therefore, needed money for his immediate welfare and a ticket back home. So went the story.
My father had a good sense to ask me to look at the email before he sent the money. He was concerned enough to want to send the money because my brother had not communicated with us for a few months.
Upon noticing this good Samaritan's desperation to get us to send the money, I asked him to send me a short video recording of my brother so I could know that he was indeed in Nigeria. He could not produce the video and eventually went quiet.
To be clear, my brother was never in Nigeria. But it could be any of your family members in 'distress', like your child in boarding school. Before sending the money, be sure to check with the relative first. If you can't contact your relative, ask this good Samaritan to show proof that your relative is in distress.
How to prevent mobile wallet fraud
It is worth pointing out that mobile wallet fraud is constantly evolving. When you think you have heard and seen it all and are now wise to every M-Pesa trick, another devastatingly devious one will be coming out of beta.
So you must always be vigilant and exercise the utmost care in protecting your passwords and confidential information. In most cases, mobile money fraud cannot succeed without your cooperation.
To protect yourself, never divulge details about your M-Pesa and bank accounts to anyone. Unless, of course, you are making a SIM swap request yourself. In that case, too, be careful where you seek such help.
M-Pesa fraudsters have been known to create fake Safaricom profiles on social media, where they intercept customer support requests between customers and verified Safaricom social media customer support staff.
Always use verified Safaricom social media handles. If you receive phone calls from people claiming to be from Safaricom, know that the company will never ask for your PIN or other confidential information. Also, when they call, they will only use 0722000000.
When you get a message and a call from someone claiming to have sent you money by mistake, never send them the money back before you check your balance and mini-statement to see if they sent you that money. Cut the call if they try to pressure you into sending them the money before verifying the claimed erroneous transfer.
Protect yourself from M-Pesa fraudsters by keeping your savings in a secondary digital wallet.
Unfortunately, as convenient as it is for payments, M-Pesa has become a magnet for fraudsters. The mobile money wallet's security features aren't robust enough for the increasingly sophisticated tricks and scams of criminals who target its unsuspecting users.
To protect yourself, it is wise to store your savings in a secondary digital wallet like IntaSend and only transfer to your M-Pesa enough money to complete specific transactions.
It costs very little to transfer money from your IntaSend digital wallet to your M-Pesa, and the transfer happens almost instantaneously. The rest of your savings stay in your Intasend account, which has bank-level security features and multiple features, including virtual Visa and Mastercard cards you can request in minutes.
With IntaSend, you can request payment through no-code payment links, receive payments from around the globe, and make bulk payments to suppliers if you run a business.
Sign up for an IntaSend account today and enjoy safer, smoother, and faster payments, whether you are the one paying or getting paid.
