ICT Cabinet Secretary Mr.Joe Mucheru (second right) during the opening ceremony of the 25th session of the East African Communications Organisation (EACO) Assemblies in Nairobi.He is with Cabinet Secretary for East African Community and Northern Corridor Develoment Mr.Peter Munya (right),Communications Authority of Kenya (CA) chairman Mr.Ngene Gituku (second left) and CA Director General Mr.Francis Wangusi (left).Mr.Mucheru called on the East African countries to enforce SIM card registration to curb their misuse.

The Communication Authority of Kenya has today issued a warning against   disclosure of sensitive personal identification information to third parties, amid reports of simcard swap fraud.

In a statement on Thursday, Francis Wangusi, CA’s Director General cautioned the public against divulging any information that can be used to distinguish or trace  their identity, such as mobile money PIN, national ID number, bank account PIN, password, date of birth, among others.

In the simcard swap fraud, the fraudsters usually makes a call pretending to be an employee of a mobile network operator.

When a mobile user picks the call, the fraudster then asks the unsuspecting mobile subscriber to share their Personally Identifiable Information (PII) such as their national ID number, mobile money PIN, or SIM card PIN, among others.

After obtaining the Personally Identifiable Information, the fraudster then goes ahead to swap the SIM card thereby gaining access to all the SIM services including mobile money transfer, mobile and internet banking, voice calls, SMS, data services and any other service that can be accessed through the SIM.

“Never divulge any of your PINs to anyone, not even the mobile money service provider or agent,” Mr Wangusi said in a statement. 

“Fraudsters want you to act first and think later. If the request conveys a sense of urgency, or uses high-pressure tactics be skeptical; never let their urgency influence your careful review,” he added.

The Authority, through the National Kenya Computer Incident Response Team Coordination Centre (National KE-CIRT/CC) and inline with its mandate of sensitizing and awareness creation on Cybersecurity related matters, advised  the public to beware and put in place the following preventive measures:

Be Cautious. Do not respond to calls or emails asking for Personally Identifiable Information (PII) such as mobile money PIN, national ID number, bank account PIN, password, date of birth, unless you are sure of whom the person you are corresponding with. Always verify the authenticity of the person through the official customer care contacts of the service provider.

Delete any request for financial information or passwords. If you get asked to respond to a request with personal information, it’s a scam.

Your PIN is Your Secret. Never divulge any of your PINs to anyone, not even the mobile money service provider or agent.

Slow down. Fraudsters want you to act first and think later. If the request conveys a sense of urgency, or uses high-pressure tactics be skeptical; never let their urgency influence your careful review.

Research the facts. Be suspicious of any unsolicited messages or requests. If the request looks like it is from a company you use, do your own research. Use a search engine to go to the real company’s site, or a phone directory to find their official contacts.

Reject requests for help or offers of help. Legitimate companies and organizations do not contact you to provide help. If you did not specifically request assistance from the sender, consider any offer to ’help’ a scam.

Report Fraud Cases. Immediately reports any such incidents to the Service Provider, the nearest Police Station, and to the National KE-CIRT/CC.