Telcos

This is How Cons Are Now Stealing From Safaricom Subscribers

2
Safaricom sim swap

It’s not the first time that we’ve heard Safaricom subscribers complain that their numbers have been hijacked. The most common method of this trickery has always been social engineering, where an unsuspecting subscriber is tricked into revealing personal details that leads to a SIM swap and the rest is history.

It seems that a new variant of social engineering has been revealed, thanks to actor and filmmaker, Mugambi Nthiga. As per a narrative posted on Twitter, Mugambi tells of a story (we’re not sure if this happened to him) of how Safaricom customers are being duped by the famous “kamiti” cons.

So, the new trick involves a con artist calling you from a random number and as usual, they tell you they are from Safaricom. This time, they tell you that your phone number has been registered to two different people and they want to find out if you are the real owner. “If you say yes, you’re the real owner, they tell you to wait on a one-time code they’ll send straight to you,” narrates Mugambi.

True to it, you will receive an SMS from Safaricom with an activation code that you are supposed to use. This is pretty much convincing and you will end up actually giving the other person on the line the code, especially if you don’t notice that the code is for activating Safaricom’s Selfcare portal.

“So the caller either holds until you receive the code or asks you to hang up, then calls you back. Then they ask for the code. Revealing the code gives them online read-only access to pretty much all the data attached to your number, including Mpesa balance…,” continues the thread.

With this ammunition in the form of data, the con artist then asks you to switch off your phone as they restore the number back to you. But instead of you “getting back a phone number” you already own, the cons perform a SIM swap through Safaricom and the games begin.

Since they now have full control of your SIM, they can clear out your M-PESA balance, possibly take up mobile loans and even borrow money from your contacts on your behalf.

We did try out this method ourselves and found out that it was pretty easy for anyone to sign up a random phone number on Safaricom Selfcare portal, which gives access to M-PESA statements, Bonga points balance and option to redeem, a database of activities that you have made on your number including calls, SMSs, times when you accessed the internet and many other transactions –  you can even sign up to premium SMS services.

As much as subscribers need to be extra careful and looking out for such cons, Safaricom on their part need to do more to protect customer data.

Explained: Why Does Electricity Go Off When it Starts Raining?

You may also like

2 Comments

  1. That’s very true, it happened to me too.

    1. Hi did you get

Leave a reply

Your email address will not be published. Required fields are marked *