Protect Your Money: Banking Fraud & Cybersecurity Guide for Kenya 2026

Protect Your Money: Banking Fraud & Cybersecurity Guide for Kenya 2026

Cybercrime targeting Kenya's financial sector has increased by 30% year-over-year, with financial institutions losing approximately KSh 2 billion to cyberattacks. This guide helps you protect your money and know what to do if you become a victim.

The Growing Threat

Kenya Cybercrime Statistics

As digital banking grows, so do the criminals targeting it. With 83% of Kenyans now using formal financial services, the attack surface has expanded dramatically.

Most Common Scams in Kenya

1. SIM Swap Fraud 🚨 HIGH RISK

How it works:

1. Criminals gather your personal information
2. They visit a Safaricom shop with fake ID
3. They request a SIM replacement for your number
4. Your SIM stops working; theirs activates
5. They access M-Pesa, bank accounts, and OTPs

Warning signs:

• Your phone suddenly loses network
• You receive "SIM registration" messages you didn't request
• Unable to make calls or send SMS

Protection:

• Register for SIM lock with Safaricom (100100#)
• Enable M-Pesa PIN lock
• Never share ID details online
• Set up email alerts for banking

2. Phishing & Fake Messages

Common formats:

```

"Dear Customer, your M-PESA account has been

suspended. Click here to verify: [fake-link.com]"

"CONGRATULATIONS! You've won KSh 500,000 in the

Safaricom Loyalty Draw. Send KSh 1,000 to claim."

"Your KCB account will be closed in 24hrs.

Call 0712-XXX-XXX to prevent closure."

```

Red flags:

• Urgency and threats
• Requests for PIN or password
• Links to unknown websites
• Grammar and spelling errors
• Generic greetings ("Dear Customer")

Protection:

• Never click links in SMS
• Safaricom/banks NEVER ask for your PIN
• Call official numbers only (from bank card or website)
• When in doubt, visit the branch

3. Fake Loan Apps

How it works:

• Apps promise instant loans
• Request excessive permissions (contacts, photos)
• Either steal data or demand payment for fake "processing fees"
• Some install malware on your phone

Protection:

• Only use CBK-licensed lenders
• Check our scam loan apps blacklist
• Verify license at centralbank.go.ke
• Never pay upfront fees for loans

4. Social Engineering Calls

Common scripts:

• "I'm calling from Safaricom about a promotion..."
• "Your M-Pesa has suspicious activity, please verify..."
• "This is KCB fraud department, we need to confirm..."

The Ask: They want your:

• M-Pesa PIN
• Bank OTP
• ID number
• Account passwords

Protection:

• Hang up on unsolicited calls asking for details
• Banks never call asking for PIN or OTP
• Call back on official numbers to verify

5. Agent Fraud

How it works:

• Fake M-Pesa agents set up in busy areas
• They manipulate the transaction on their phone
• You think you received money; you actually sent it

Protection:

• Always confirm SMS receipt before leaving
• Use official Safaricom/bank agents
• Never let anyone else handle your transaction
• Check your M-Pesa balance after every transaction

Protect Your M-Pesa

Essential Security Steps

1. Set a Strong PIN

- Avoid birthdays, 1234, 0000

- Change periodically

- Never share with anyone

1. Enable SIM Lock

- Dial 100100# to register

- Links SIM to your ID

- Prevents unauthorized SIM swaps

1. Set Up M-Pesa Lock

- Go to M-Pesa menu → My Account → Manage M-PESA Access

- Requires fingerprint or additional verification

1. Review Permissions

- Check which apps access M-Pesa

- Remove suspicious connections

1. Monitor Transactions

- Check mini-statement regularly (*334#)

- Set up transaction alerts

- Report suspicious activity immediately

Protect Your Bank Account

Online Banking Security

1. Strong Passwords

- Minimum 12 characters

- Mix of letters, numbers, symbols

- Unique for each account

- Use a password manager

1. Two-Factor Authentication (2FA)

- Enable for all accounts

- Prefer app-based (Google Authenticator) over SMS

- Never share OTP codes

1. Secure Devices

- Keep phone/computer updated

- Install only from official app stores

- Use antivirus software

- Avoid public WiFi for banking

1. Regular Monitoring

- Check statements weekly

- Set up balance alerts

- Report discrepancies immediately

What to Do If You're a Victim

Immediate Steps (First 30 Minutes)

1. M-Pesa Fraud:

- Call Safaricom: 234 (from Safaricom) or 0722 000 234

- Request account suspension

- Visit nearest Safaricom shop with ID

1. Bank Fraud:

- Call your bank's fraud hotline immediately

- Request account freeze

- Document everything

1. File Police Report:

- Visit nearest police station

- Get OB number (reference number)

- Needed for bank investigations

Reporting Channels

Recovery Process

1. Report within 24 hours - Critical for any chance of recovery
2. Provide documentation - Statements, screenshots, OB number
3. Follow up persistently - Check status weekly
4. Escalate if needed - Banking Ombudsman, CBK

For Businesses

Additional Risks

• Business email compromise (BEC)
• Invoice fraud
• Employee fraud
• Ransomware attacks

Protection Measures

• Implement payment approval workflows
• Verify payment changes via phone (known numbers)
• Train employees on security
• Regular security audits
• Cyber insurance

Red Flags Summary

🚩 Never Trust:

• Unsolicited calls about your account
• SMS links (even if they look official)
• Requests for PIN, password, or OTP
• "Too good to be true" offers
• Pressure to act immediately
• Unknown loan apps

✅ Always Do:

• Verify independently (call official numbers)
• Check URLs carefully
• Use official apps only
• Enable all available security features
• Report suspicious activity

Useful Resources

• Safaricom Security: safaricom.co.ke/security
• CBK Complaints: centralbank.go.ke
• DCI Cybercrime: Report via eCitizen
• Licensed Lenders: CBK Directory

Conclusion

With KSh 2 billion lost annually to financial cybercrime in Kenya, protecting yourself is essential. The most important defenses are awareness and skepticism—if something feels wrong, it probably is. Never share your PIN, never click suspicious links, and always verify through official channels.

Check scam loan apps →

Verify licensed lenders →

---

Last updated: January 2026. Report new scam methods to help protect the community.