National KE-CIRT/CC Cybersecurity Best Practice Guide Of The Week




In This Issue:

*        Dealing with digital credit providers 












Financial sector regulators in Kenya have recently reported an emergence of unlicensed and unregulated financial services, applications and products which have led to emergent and increased fraudulent financial services in the market. They include, but are not limited to, online pyramid schemes, credit and savings schemes as well as fraudulent mobile loan applications downloadable from mobile app stores, including Google Play and Apple Store. The fraudsters have been found to be operating without physical addresses limiting the traceability of involved parties in a case where transactions fall through.

The deceitful offerings of the fraudulent financial services include requirement of payment in the form of a registration fee while promising an unreasonably high return on investment.


How to identify fraudulent financial services, products and applications;

*              These kinds of services require payment as a registration fee.

*              They require one to have some money in their accounts to qualify for a loan.

*              The returns are too good to be true with little or no risks attached to them.

*              They rely on investment strategies that are not understood.

*              They require one to recruit more clients such as to earn more points or to be eligible for higher loans.

*              They do not have a registered physical address, telephone numbers or websites.

*              They copy and look like genuine applications of known and licensed financial institutions.

*              They do not have customer care helplines or support mechanisms.

*              They are not registered, licensed or regulated by any regulatory body in Kenya.


How to mitigate fraudulent financial services, products and applications;

*            Be wary of any unexpected or suspicious looking pop-ups that appear during your online banking session.

*            Ensure you deal only with genuine and licensed institutions.  If you use an application to access your online banking, only use the official application provided by your bank. If in doubt, contact your bank to check.

*            Your bank will never email you or send you a text message that asks you to disclose your PIN or full password . Never give your bank account pin code to anybody.

*            Check your bank statements regularly and contact your bank immediately if you spot any transactions that you didn’t authorise.

*            Make sure your bank has your up-to-date contact details.

*            Be wary of clicking on links contained in a text message or email. Don’t respond to unsolicited messages or voicemails on your phone.

*            One should report any such occurrences to the respective financial sector regulators.


Have the above security tips in mind when operating your computer systems. Report any cybercrime incident/activity to /