Skip to main content

M-PESA Fraud - Agents Beware!

Tricksters and dishonest people have always existed in our midst.  It is definitely naive to imagine that our new techno-savvy way of life is an exception to the age old social patterns. This afternoon, an M-PESA agent was a victim of a new line of M-PESA fraud.

Here goes the story; this is factual and occurred on February 1st 2010 in a peri-urban setting about 24 kilometres from the Nairobi City Centre
  1. About 2.00PM, a lady and a gentleman who looked to be in their mid twenties visited an M-PESA outlet, claiming to be Safaricom supervisors. The two wore valid looking M-PESA badges and even carried M-PESA promotional material for the outlet.  The two inspected the outlet’s log books then left. Note: It is normal for Safaricom to send supervisors to routinely inspect various parameters on operations of M-PESA outlets. The supervisors usually wear Safaricom badges and often take with them M-PESA promotional material to the outlets
  2. About 20 minutes after the purported supervisors left, an old looking man estimated to be at his late 50s or early 60s came to the same outlet requesting to withdraw Ksh.35,000. The man was allowed to withdraw the desired Ksh 35,000 and went ahead to initiate the withdrawal from his phone – as is the normal procedure.
  3. Shortly after, the outlet attendants received an SMS purporting to record and authenticate the old man’s withdrawal transaction. The SMS received by the attendant had a valid looking M-PESA transaction number and the old man’s purported names which were verified against an original national ID which he presented.
  4. The M-PESA attendant, convinced about the validity of the transaction (just like hundreds of others processed daily) gave the old man an initial Ksh. 30,000 and was reaching out for the remaining Ksh. 5,000. Before the exta amount could be retrieved, the old man calmly signed the outlet transaction and walked away saying he would come for the remainder later.
  5. The M-PESA attendant continued with the next customer, expecting their float to have increased by Ksh. 35,000 as a result of the withdrawal. The expected float was then not reflected in the valid M-PESA SMS after the next customer’s transaction – raising a red flag to the M-PESA attendant.
  6. The M-PESA attendant shortly after called 234 – Safaricom’s M-PESA service line for clarification and the service support person on the other end reported that the transaction withdrawing Ksh. 35,000 was not reflected in the M-PESA system
  7. Alarmed at the Safaricom claim, the M-PESA attendant frantically attempted to call out for the old man who had disappeared by then without a trace. 
  8. Late in the afternoon, the M-PESA agent went to the police station to report the incident. The police officers took initial details and promised to visit the outlet the following day for further investigations.
A number of discrepancies have since been highlighted on the fake M-PESA SMS which is copied and pasted below

P47DT685 confirmed on 01/2/2010 at 2.20PM Give Ksh 35,000 to DANIEL MAINA New M-PESA balance is Kh 42,049 Sender:MPESA +254771831462’ 

I shall leave the analysis of the text and the resulting fraud to the reader for now.

Note that according to the Safaricom M-PESA support person, the M-PESA agent only has to count their loss as no indemnity is payable to the agent for their predicament. When the known Safaricom / M-PESA representative for the affected region was contacted they disowned  ‘supervisory visit’ by the lady and gentleman 20 minutes before the 'withdrawal' was requested. I wonder how many more M-PESA agents have fallen pryy to this new M-PESA trickery.

Comments

  1. Dear gmeltdown,

    I would like to repost this article followed by a link to your blog for publication on mine (http://kipsang.wordpress.com).

    Hence this comment to ask your permission to do so.

    Kind regards,

    Kipsang.

    ReplyDelete
  2. This is how the tricks works : -
    The conmen visit your premise pretending to be from Safaricom or use any other excuse to handle the dispensing phone. Once they access the phone they save themselves in your phone book by the name mpsesa. Then they edit a normal mpesa message and send as a normal sms to the dispensing phone. what you see is actualy an sms message bearing the name mpesa but if you scroll the message further down you see the actual number of the sender. a very cheap trick but higly devastating.

    ReplyDelete
  3. @kipsang sorry for delayed response. You may go ahead and repost. It may have been prefferatble to simply link to this post but you may repost as you wish.

    @anon 9.24am, am informed that the fake Safaricom guys did not gain access to the dispensing handset but true to your hypothesis, there was a fake contact labelled M-PESA on the handset. Its still unclear how it got there eg a VCARD sent and saved inadvertently. What is puzzling now is the thought that a dispensing handset should be allowed to receive SMS texts from an origin other than the Safaricom system.

    Me thinks M-PESA agents are highly exposed to fraud and theft from employees and such tricksters. Several such incidents practically eat away the float deposited at safaricom and they either inject more capital of they are out of business

    ReplyDelete
  4. I thought that the SMS was encrypted and could ONLY be deciphered by the SIM application?

    Are you saying that the thieves got around this?

    ReplyDelete
  5. The most basic education to the Agent HAS to be to check the ID of the sender of the SMS.

    If it is sent by MPESA, it would normally contain an MPESA sender ID.

    If it is sent by a fraudster then it would contain the Fraudsters Mobile number.

    This is one of the most obvious fraud possibilities in launching such services and I am surprised that it wasn't foreseen and the agent trained accordingly.

    I realise that you may think that even with training the Agent may omit seeing the sender ID on a per transaction basis, but then that is the fear that needs to be drilled into the agent that you cannot afford to miss out on seeing who is the sender of the SMS

    ReplyDelete
  6. Correction: The M-PESA fraud tool place on 1st Feb 2010 and not 2009 as earlier indicated

    ReplyDelete
  7. I hope I'm wrong, but irrespective of whether sms confirmation message was genuine or not, why would an MPESA agent pay out ?
    Are the agents not suppose to key in the confirmation supplied by customer on the MPESA system and than the system would validate same and advise if Agent should honor it or not. Am I missing something here?

    ReplyDelete
  8. Beware of money theft inside safaricom department kenya. I send my money to my bother 2 weeks ago. Here in USA was 1700 hrs which means it was 02oo or 0300 AM in kenya. That money was collected in 11 minutes by someone in safaricom. I am convinced about it because at least all agents were closed at that time of the night. secondly, the recipient never got that money and the M-pesa are still investigating it. Well, whoever picked the money had an ID. Why is that too hard to trace?. Personally I will never trust M-pesa again and I am shocked that western money union partnered with them. Is someone has a solution please help.

    ReplyDelete
    Replies
    1. "Well, whoever picked the money had an ID. Why is that too hard to trace?."

      1. Lost ID's are pasted all over public places in Kenya for fraudsters to harvest and misuse.

      2. Most MPesa agents are so lazy that they never examine the ID. Some simply ask "ID number" and put whatever you say in their records.

      I have not had any negative experiences with MPesa to date (knock on wood!) but have always thought that it is a very leaky system and can easily be abused.

      Delete
  9. The site is getting load very slow on my browser. Except that, Thanks for sharing your experience and thoughts to us. I gone through your other articles too. But this is much better.

    ReplyDelete
  10. This is my fifth visit on this site, but still the same posts are here. Nothing is new, for what I am looking for. Its really embarrassing for site visitors. Do add something new buddy!!!!!

    ReplyDelete
  11. Hello Guys!!! I am very new to blogging, wana create my own blog but I don't know that from where I should start. I want a little bit help from the admin of this site if possible. Appreciation for help in advance. Thanks!!!

    ReplyDelete
  12. Hmmm, Here I found the perfect match of Theme and content, but the issue is that, the site is loading very slow on my browser. Does anybody also facing the same issue or I am the single one here???? By the way nice to be a part of discussion!!!

    ReplyDelete
  13. Thanks for sharing this is really interesting. Somehow I reached here while browsing. But when I gone through your Blog.. Its just awwwesomme. I have subscribed your site updates via E-mail. Keep on updating buddiiee. And I have also bookmarked it for future visit and I am definitely going to come here soon for more discussions.

    ReplyDelete
  14. Hi There ..Thanks A Lot For Your Article ..It's Very Helpful ..Nice Share

    Sedekah

    ReplyDelete
  15. This comment has been removed by the author.

    ReplyDelete
    Replies
    1. This comment has been removed by the author.

      Delete
  16. drrochelleskinexpert01.com
    drrochelleskinexpert01.com
    drrochelleskinexpert01.com
    drrochelleskinexpert01.com
    drrochelleskinexpert01.com

    ReplyDelete
  17. Jaguar303 Agen Bola Terpercaya, Judi Bola, Bandar Bola, Agen SBOBET, Agen Casino, Agen Betting, Agen Sabung Ayam Online, Agen Bola.

    agen bola terpercaya
    Agen sabung ayam

    ReplyDelete
  18. Agen Domino99, Domino99, Bandarq, Poker Online
    http://warungdaftar.com/sahabatqq/

    ReplyDelete
  19. Agen Domino99 dan Bandarq Online Terbaik di Asia
    http://warungdaftar.com/mejaqq/

    ReplyDelete
  20. Agent Domino QQ Agent Domino 99 dan Poker Online Aman dan Terpercaya
    http://kotakdaftar.xyz/2019/10/28/sahabatqq-agen-domino-qq-agen-domino-99-dan-poker-online-aman-dan-terpercaya/

    ReplyDelete

Post a Comment

Popular posts from this blog

Kenya's top 20 towns on Facebook

Social media giant, Facebook estimates that there are 4 to 4.5 million Kenyans who are its monthly active users. Facebook usage patterns in Kenya are arguably strong indicators of the country’s internet connectivity patterns. Over 60% of Kenyans (2.5 - 3 million) accessing facebook at least once a month are based in Nairobi.  This is very telling especially as Kenya's second internet exchange point in Mombasa struggles to make business sense due to having too few users.

I used the Facebook audience insights tool to rank Kenyan cities and towns according to their monthly active users on Facebook. Below are the top 20 cities and towns in Kenya as at 9th June 2015. Rank City / Town Facebook Monthly Active People % of Kenya Facebook Monthly Active People 1 Nairobi 2.5m - 3m 60.0% 2 Mombasa 300K - 350K 8.0% 3

The Top 10 agricuture Facebook groups in Kenya

There is serious agriculture going on in Facebook. At least among Kenyan farmers, there is those that have found Facebook as the place to research and gather knowledge for application in their agricultural related ventures. Others are finding prices of inputs and produce on Facebook groups. Can one be practicing agriculture on Facebook? I think research and access to relevant knowledge for application in one’s agricultural venture is part and parcel of the venture’s activities; hence there can be agricultural practice on Facebook. I think this is one aspect of information technology driven innovation that Agriculture is facing in emerging economies. As I once wrote earlier last year, these innovations may just matter.
Here is my list of the top 10 Facebook Groups covering agricultural interests that involve Kenyans by membership size.

Rank Facebook Group Name Size of membership (March 13th,  2015) 1 Farming Kenya 34,360 2 Digital Farmers Kenya 20,719 3 Poultry Farming 14,466