Fraudsters are colluding with rogue bank staff to swindle retirees of their lump-sum pension benefits as soon as it is deposited in their bank accounts, detectives have warned. 

Detectives are also investigating cases where other victims have been targeted as soon as their accounts receive large payments. 

In one such case, which is under investigation, a man received a call on January 3 from a person who purported to be calling from a local bank. 

The caller, who had details about the customer and his account, informed him about purported changes and asked for some details. The same day, he lost more than Sh1 million from his account. The call was made just days after he received a payment. 

Spoofing numbers 

The Banking Fraud Unit of the Directorate of Criminal Investigations (DCI) has said the new type of fraud involves spoofing banks’ customer care phone numbers or using numbers that are similar to bank numbers, normally with just one different digit. 

“This makes it easy to convince the retirees that they are dealing with legitimate customer care officers yet they are cons,” said an investigator. 

The fraudsters convey a false sense of urgency in the way they make calls, or they write spoofing emails that customers feel compelled to respond to. 

Preliminary investigations reveal that the fraudsters are being tipped off by bank staff who not only reveal the amount in the account but also the customer’s name and telephone contact. 

“With all these details, the customers are usually convinced that they are dealing with bank employees. The fraudsters then make a transfer of a small sum, usually between Sh100,000 and Sh150,000,” a senior detective said. 

Cash transfers 

The fraudsters then call the victim with a spoofed number and introduce themselves as bank customer care assistants, and sometimes tell them to confirm the bank’s official customer care number if they are in doubt. 

The trick involves telling a potential victim that the ‘bank’ has noticed suspicious activities in their account and they want to help them secure their cash before it is all withdrawn. 

After winning their trust, the fraudsters then instruct the targets to use their banks’ USSD code and transfer the cash in batches through a money transfer system to bank accounts read out by the criminals. 

“By the end of the ordeal, the victim realises that they have transferred all their money to accounts in other banks that they have no control of. When they reach out to customer care [at] the banks, they realise it was not customer care that had called them,” the DCI added. 

Banks and the DCI have advised customers to be careful when dealing with calls from people they don’t know, especially those who introduce themselves as bank employees. 

“We advise customers to be very careful, especially with callers who introduce themselves as bank officials. We have so far arrested some of the fraudsters involved in the new [fraud] and efforts to get more suspects are ongoing,” DCI boss Mohammed Amin said. 

The most common type of spoofing is done through emails that are hard to detect, detectives said. The telltale signs of a spoofing email include incorrect grammar, poor spelling, badly written sentences or phrases and an incorrect URL. 

Fraud awareness 

The caller ID spoofing, on the other hand, happens when phone scammers change their phone number and caller ID name to conceal their true identities. 

A senior bank manager, who did not want to be named, told People Daily that banks have over the past few years tightened fraud awareness as an industry initiative. 

He added that whenever a bank, for example, notices that a different device was used to log into a customer’s account, they will send a message reading: “We have noticed you have tried to log in to your account with another device. If this wasn’t you, please contact us or visit your nearest branch for further assistance.” 

Customers have also been warned not to give out their banking PIN or code on call, SMS or email to anyone. They are also told that banks will never contact them to ask for their PIN or mobile app activation code. 

Other awareness messages from some banks read: “Do not share your banking details with anyone via call, SMS, or email. Kaa Chonjo!” 

Dishonest employees 

Detectives have also said there are cases where customers leaving banks have been robbed of their cash. 

Banks have also lost millions of shillings through dishonest employees who override systems or collude with outsiders. 

Detectives, however, warn that the figures, especially about internal bank thefts, may not be reliable as banks normally keep some incidents secret to maintain customer confidence and maintain their reputation. 

Police have also advised customers leaving banks to be aware of their surroundings and conceal bank bags when they walk out.  

“[Customers] should also feel free to request police escort while going to the bank. It is free of charge,” a detective said.