A number of Kenyans on Facebook have fallen prey to an intricate con scheme that involves hacked user accounts. Compromised accounts are being used to send messages to Facebook friends requesting urgent financial help, more often with a promise to pay back as soon as possible with interest.
Most users have fallen for the scam because the message supposedly comes from a trusted friend. Maria, one such victim, sent Sh8,000 via MPesa to an unidentified number after a friend inboxed her.
"My friend asked if I could send the money to someone who was in trouble and needed the cash to pay bail. I just assumed that it was him coz the message was from his account," said Maria.
Maria did not call the friend to confirm because he is based in the UK but got suspicious when she got another message from the friend requesting the same amount to be sent to another number, so she replied she doesn't have any more cash.
A few hours later, the friend posted an update saying his account had been hacked and apologizing to the friends that had received hoax messages and fallen to the con. From the replies to his status update, it appeared that Kenyans in the UK had become victims of hacked Facebook accounts where messages are sent to their friends in Kenya, making it difficult to immediately verify by calling the sender of the message.
"After I realized I might have been conned, I tried calling the number that I had sent the money to but it didn't go through."
Maria then reported the issue to Safaricom's MPesa department who informed her that the money had been withdrawn within five minutes of being sent. MPesa advised her to take up the issue with the police as this is the standard procedure for fraud cases.
The lengthy process of following up is what has discouraged many more people from reporting incidences. You are required to get an abstract from the Police and file a complaint with the Criminal Investigation Department which usually handles fraud cases. The CID will take up the case and request data of the suspected MPesa number from Safaricom.
But it's not only Kenyans in the UK whose accounts are being hacked. Hackers are becoming more sophisticated in trying to compromise accounts and gain access to personal information. But there are instances when users invite impostors by not logging out of shared devices or in cyber cafes.
Facebook users who haven't logged in for a considerable time are also susceptible to hacking. It also helps to have a secure alphanumeric password and to change it regularly.
Facebook advises users that suspect their accounts have been hacked or compromised to use the report button or visit www.facebook.com/hacked
Here are more ways to keep your account safe according to Vince Matinde, a correspondent for ITweb
Be careful when allowing browsers to keep your login details
Browsers such as Chrome allow users to login once for all their other accounts. So log out Chrome if you happened to log in using Gmail.
Spam posts can contain viruses. Avoid clicking on links you are not sure about. It is very common to see Facebook users apologize for raunchy photos or messages posted on their behalf. Users need to be careful on the applications they allow to access their Facebook and Twitter accounts.
For Facebook users, confirm that you log in to the site using a HTTPS account e.g: https://www.facebook.com. A HTTPS url ensures that the account has some sought of security.
For Facebook, you can change your setting to ensure that you approve all tags made on your Facebook wall. Take time to review your activity log which is on your own profile page to make sure there is no funny business going on.
Finally have a strong anti virus software and update it constantly on your personal computer. There are numerous virus programmes that infect computers and look for private information that are used to hack accounts.