No other country in Africa can boast of a bigger mobile revolution than has happened in Kenya. Statistics from the Communications Authority of Kenya (CA) show that mobile penetration has hit 95.1 per cent, with 44.1 million mobile subscriptions. This makes awareness on mobile security central and a key component in protecting users from theft either of information or funds.
By the end of March this year, the number of mobile money transfer transactions stood at 663.7 billion moving over Sh1.8 trillion. Mobile commerce transactions were recorded at 474.5 billion and were valued at Sh1.29 trillion between January and March.
Today, almost every adult Kenyan has a mobile phone. More importantly a big population of these have subscribed to mobile money. In fact, the majority of Kenyans only access financial services not through banks but mobile phones.
But as more people turn to mobile phone for financial services, fraudsters have also made inroads in this areas by social engineering, where they acquire a customer's personal details and steal from the victim. I will hasten to warn that social engineering is not unique or specific to mobile users, it is also prevalent in traditional banking – especially with the adoption of internet banking.
Last week the CA issued an advisory on the background of growing public concerns over theft of customers' details through social engineering, leading to increased sim swap fraud. In most cases, a fraudster usually makes a call pretending to be an employee of a mobile operator. They then ask the subscriber to share details such as mobile money PIN, national identity number, bank account PIN, password, date of birth. They then use these details to commit fraud.
Hackers are on the run everywhere and are becoming more sophisticated. They are operating from close range or remotely.
So how do you keep yourself safe? Just keeping your password secure is no longer a guarantee of digital safety. Given, creating strong passwords and using them carefully is a good place to start. But if these passwords are dictionary words or a common word they are prone to dictionary based attacks.
Also, do not use common patterns. In addition do not use words related to you or date of birth or your ID number. If you use some personal information such as name, date of birth and so on, you make it easy for someone to guess it. Do not use commonly used passwords or easy keyword combinations. Words such ‘password’, ‘QWERTY’, numerals ‘123456’ are widely used as passwords. Almost all easy character combinations possible on a computer keyboard can be tried using software programmes.
When using your phone online, try using different passwords for different sites. Don’t use the same password for all your accounts. Also to remain safe, do not respond to calls or emails asking for personal information. You should remember to delete any requests for financial information and always be suspicious of any unsolicited messages. If you do receive such a call, hang up immediately to avoid requests for your name, phone number and email address, which are the basics needed to get into your accounts.
When all’s said and done, the best strategy is to know that safety begins by being conscious of whatever you’re doing. Have you recently applied to a competition? Then don’t expect any windfall anytime soon.
PR and Communications manager, OPPO