Detectives from the Department of Criminal Investigations on Friday arrested a Safaricom employee and JKUAT student over SIM card fraud.
Maurice Musoti and Rian Obaga Nyagaka - a fourth year JKUAT student of BSc Electronic Engineering are believed to be part of the group of fraudsters who have ripped off Kenyans millions of shillings in prank calls.
DCI, in a tweet on Saturday, said they recovered an Apple laptop; 2,160 unused Safaricom SIM cards, 44 used Safaricom SIM cards, and five Agent Till numbers.
The two were also found with three Mpesa record books, a router, two mobile phones - a blackberry and Samsung J7.
On Friday, Safaricom warned subscribers against fraudsters who steal cash from their Mpesa accounts through SIM swap.
Dozens of subscribers have complained of being conned in fraudulent swaps, a situation the telco said can be avoided by keeping Personal Identifiable Information (PIN) secret.
"We would like to remind our customers to safeguard information such as SIM and M-Pesa PINs, dates of birth and national ID numbers,” Nicholas Mulila, director for risk management, said in a statement.
A SIM swap requires one to present their ID, SIM PIN, last top-up amount, and the numbers called or received last.
Mulila said Safaricom has zero tolerance to unethical behaviour involving the use of its products or services saying it will cooperate in the investigations to ensure justice is attained.
“Where staff members are involved we will take action against those who fail to adhere to our corporate governance and ethics policies, as we have done in the past and reported in our annual Sustainability Report,” Mulila said.
He assured customers that the company has put in place significant measures and processes to safeguard their information.
“We shall also continue to hold our members of staff to the highest ethical standards in the performance of their duties,” he said.
The Communication Authority of Kenya has also warned mobile phone users against disclosing sensitive personal identification information (PIN) to third parties.
On Thursday, the authority issued an advisory to the public warning them against disclosing their Personally Identifiable Information to unknown callers.
PII refers to any information that can be used to trace an individual's identity such as mobile money PIN, national ID number, bank account PIN, password and date of birth.
In the case of sim card swap fraud, a fraudster usually makes a call pretending to be an employee of a mobile service provider.
The fraudster then asks the unsuspecting mobile subscriber to share his or her PII.
After obtaining the information, the fraudster then goes ahead to swap the SIM card and gains total control of all the sim services.
These includes mobile money transfer, internet banking, SMS, voice calls, data services and any other services that can be accessed through the sim card.
CAK Director General Francis Wangusi asked Kenyans to reject all forms of unsolicited help from anonymous callers.
"Legitimate companies and organizations do not contact you to provide help. If you did not specifically request assistance from the sender, consider any offer to 'help' a scam," Wangusi said.
He further advised subscribers to always keep their passwords safe and report any cases of fraud to the police immediately.
Wangusi said subscribers can also contact the National Kenya Computer Incidence Response Team Coordination Centre (KE-CIRT/CC).
National KE-CIRT/CC is Kenya's cyber-crime management trusted point of contact.
It can be reached via the email address
or via 0703-042-700 and 0730-172-700.
Read: