A 58-year-old man has voiced his displeasure with the loss of Ksh.2.6 million to a Sim-swap fraud ring.
Farah Bashir, who is a medical laboratory scientist, is said to have lost the money between February 7 and February 9.
Bashir explained his ordeal, saying that he arrived in Johannesburg on February 5 and began receiving calls from family members enquiring where he was.
He said that the hackers gained access to his phone contacts and began calling and texting those close to him.
On February 7 at 5:43 p.m., he received an alert from Safaricom notifying him that they had received a Sim Card swap request, which he could ignore if he did not initiate it.
He became even more upset when he was unable to access M-Pesa services when attempting to purchase airtime to call home.
He contacted Safaricom Customer Care on Twitter, where his contact information and ID number were taken, but the remote support was inadequate.
Bashir then decided to check his bank balance, then he ran into trouble when his fingerprint lock was rejected while attempting to access the Absa Bank app.
Now anxious and uneasy, he tried to log in using his laptop, which was successful, but he could not believe his eyes.
Bashir says a withdrawal of Ksh.150,000 had already been completed from his Kenyan currency account.
While still trying to come to apprehension, another Ksh.150,000 vanished. The account was left with Ksh.35,000.
He reached out to Absa raising the matter and he changed his password. His account was however dried up as the remaining amount was withdrawn shortly after.
His dollar currency account that had $17,451 (Ksh2 million) then followed, where all his money was withdrawn in 10 quotas.
His Sterling pound account, that had Ksh 231,000 in it, was then emptied by the hackers.
Bashir says that he was forced to survive on Yoghurt and snacks from the hotel’s breakfast until his family was able to send him some money.
He then wrote Absa Banks a letter requesting an explanation as to how the fraudsters were able to gain access to his account despite changing his password.
“I would like to know how the fraud was conducted, what internal systems the bank has to detect illegal withdrawal of funds from my accounts and why did the fraudsters access my account on February 8 at 11pm SA time after I had changed my password,” Bashir was quoted as saying by the Nation.
Absa responded that the funds were transferred to two other banks and an M-pesa money wallet via mobile banking. Bashir was informed that his Sim Card had been switched.
“We managed to secure only Ksh.500,000 and credited the amount to your account on March 7. The rest of the funds unfortunately were already utilized,” the bank said in a statement.
“From the above sequence of events, we have established that security/password integrity in your account on the part of the bank. Kindly note the credentials are only known to the customer. In addition, where a password is compromised, you are under a duty to inform us immediately so that we may take appropriate action to secure your account. Based on this, the bank is not liable for the net loss of Ksh. 1,515,715 from your account.”
The bank added that it has forwarded the matter to the Banking Fraud Investigations Department for further investigations.