A few days ago some guys claiming to be from Telkom Kenya came to our area saying that they had a free promotional product, free sim cards.
They gave everyone a free sim card and offered to register it for free, they asked for national identity cards and alternative numbers preferably Safaricom and started `registering' everyone. Before they were left we realized that the sim cards could not work and asked why. They appeared surprised and thoughtful then they said that this might be due to poor network coverage. No one would question a guy in a suit and driving a Toyota Escudo so we let them go.

Hours later one guy who had a single slot phone put back his Safaricom sim card to his phone and tried to purchase air time via M-PESA. His account was blocked, he then reverted to calling customer care and his account was unlocked. As any one could have guessed nothing of his 58 shillings thousand (about USD $580) savings were there, all gone!

In a desperate attempt to recover his money he called customer care and he was told he had been robbed through a cyber attack. The only  thing Safaricom offered was their sincere apologies and that was it for the poor guy.

Why the mobile money might be headed for a fall

The guy lost his cash by giving only four pieces of detail, his date of birth, his mobile number, his ID number and his full name.

Am sure you will agree with me that the only sensitive detail there is your ID number, since your full name is available on social media for those who don't lie and even those who do there is True Caller, mobile number as well and even your date of birth is still available on social media.

Imagine what would happen if the guys accessed an M-PESA transaction record book ( the ones you sign after a transaction with an agent) or even the M-PESA agents decided to copy and sell the records, which no one would suspect.
Then your ID number would be accessed, the amount you deposited to know who if you profitable to attack, and then your name and DOB via social media, or true caller, or just pretend to be interested in you then chat you into giving them your name and age ( DOB).

It would simply be catastrophic, and everyone would opt out of the Mobile money services.

Imagine this, am just a blogger and I figured this out it won't be long before the attackers do it, one of them might be even reading this post right now!

Its clear that M-PESA has done nothing so far regarding the incident, the cyber bullies cover up their tracks pretty well and it might take a lot of time to get them. Meanwhile here are some tips you can use to stay safe before the issue is addressed

What to do to stay safe

1.  Give as little info about you as you can on social media ie keep your DOB and name private( use a single name for your username)
2. Ensure that you save no one by their full name if you use True Caller to keep your contacts safe.
3. Ensure you install apps only from Google Play store and that they are verified by play protect
4. Always ensure that you keep your phone powered and on, if your phone is on they can do nothing since you will detect any malicious activity.

Share this information to keep your family and friends safe from cyber bullies.

Please leave us a comment or any question below.