Eveminet Communications Solutions Limited - Engaging, Innovative Learning
0

  • An empty cart

    You have no item in your shopping cart

Enter your keyword

Blog

Have You Been Phished:- Kenya’s Scam Evolution Chronicles

Have You Been Phished:- Kenya’s Scam Evolution Chronicles

 “Hello, This Is Safaricom”,

One fine Tuesday, Auntie received a text that read: “Congratulations! You’ve won Ksh 100,000 from Safaricom” Now, she has not used Bonga Points since 2009 and has not even smiled at a raffle in years, but guess what? Her thumb hovered over that suspicious link. Why? Because HOPE is a powerful thing.

Welcome to the Phishing Olympics, where scammers in Kenya are no longer amateurs in hoodies typing on dusty laptops in a cyber café. Oh no. They have evolved, upgraded, and now hold a PhD in Pretendology. And we, the people? Well, some of us are still clicking on “You Have a Message From Your Bank” at 3am.

What Even Is Phishing? And Why Is It in My Inbox?

Phishing, simply put, is when someone pretends to be someone you trust just to rob you. It is like your ex texting, “Hey, I miss you,” but it is actually a malware link. These scams show up as SMS, emails, phone calls, or even cute QR codes that say, “Scan Me!” (No, don’t scan it. It is not love; it is theft.)

Cybersecurity experts define phishing as “fraudulent communication that appears to come from a reputable source”… But let us call it what it really is: Lies in HD.

How Did We Get Here? The Phishing Evolution in Kenya

Kenyan scams used to be simple:

Hello, I am stranded at JKIA. Send fare.”

Fast forward to 2025, and we are dealing with:

Voices asking for your Bank Account PIN.

Talk about emotional damage!

Here is how phishing scams in Kenya have leveled up faster than your cousin on FIFA:

  • SMS Scams (Smishing): The OGs. Remember the classic, “You’ve won airtime!”? Yeah, no one gives away airtime in this economy.
  • Email Phishing: Your “bank” wants you to click a link and enter your details. They even have your name. Creepy. Spoiler alert: It is not your bank.
  • Quishing (QR Phishing): That QR code might promise a delivery receipt, but what it really delivers is malware and tears.
  • Vishing (Voice Phishing): An “Agent” with a suspicious accent tells you there is fraud on your line and needs your PIN urgently. Urgently decline.

Deep Fake Madness: Now they can clone your voice, face, and possibly your Gikuyu accent. Imagine hearing your own mum asking for her PUK number. You panic, you send it- boom. SIM-swap party!

Real Stories, Real Regret

In December 2024, thousands received a fake KRA tax refund message. Some even shared their ID numbers. Meanwhile, Jumia customers got duped with “you missed your parcel” messages demanding “small clearance fees.” And do not forget the classic:

Oops! Sent you 5K by mistake. Kindly refund?

Yeah, right. Refund ya nani?


The Scam Targets: Equal Opportunity Embarrassment

Phishing does not discriminate. Here is what to watch for, based on who you are:

Young Adults

You are the main course. Why? You live online. That link in your DM saying “Check this out 👀“? It is malware in Gucci. Stop clicking. Use 2FA. Treat job offers on Telegram the way you treat street chicken: with deep suspicion.

Parents & Grandparents

Rule #1: No legitimate agent will ever ask you for your PIN via phone. 

Rule #2: If you think KRA is refunding anyone willingly, see Rule #1. 

Please install antivirus apps and educate the whole family. Even Shosh.

 

Educators

Digital literacy is now as important as Kiswahili. Incorporate phishing awareness into your lessons. Teach kids the sacred Kenyan proverb: “Ukipata links za ajabu, usiguze.”

Businesses

Your interns are clicking links with abandon. Train them. Use spam filters, QR scanners, and actual human confirmation for payments. And please, stop using “admin@yourcompany.co.ke” as the main email with no 2FA. That is asking for it.

How to Outsmart a Scammer (Without Losing Your Hairline)

  • Do not trust ANY message that creates urgency. That is a scammer’s language for “don’t think, just click.”
  • Check the sender address carefully. “safaricom@mpesa-real.org” is not it.
  • Never ever share OTPs, PINs, or passwords.
  • When in doubt, call the actual person. Like, with your voice. Not a reply SMS.
  • Report shady messages.

Final Thoughts: You are Not Paranoid, You are Kenyan

Look, in a country where you need to triple-check the boda guy, the shopkeeper and your own dreams, staying suspicious is self-care. So next time someone messages you, “Confirm your PUK to avoid disconnection,” just smile, delete it, and say:

Want to level up your scam-spotting skills? Head to Eveminet Communication Solutions’ socials, on Tiktok, X, Facebook, Instagram and LinkedIn for resources. 

Because the only thing you should be clicking in 2025… is “Delete.

 

Written By:-
Jane Ndambuki
Education and Training Manager

















Related Posts