KCB Group stopped a Sh2 billion attempted fraud on its banking system last year, underscoring the increase in brazen online attacks during the Covid-19 pandemic.
The bank Thursday made public the attempted fraud without giving details on whether the attack was from foreign hackers or local techies.
Kenya’s highly digitised economy, linked with mobile money through telcos and banks, has made the country a target for cybercrime and online fraudsters, with lenders losing hundreds of millions of shillings annually.
“In 2020, the Group successfully prevented a theft of Sh2 billion, in attempted fraud, thanks to our robust cybersecurity systems,” said KCB without giving details of arrest or legal action over the heist.
Read Also: How your personal data is being scraped from social media
The bank made the revelation through its sustainability report, which says it prevented 3,624 other cyberattacks and managed to stop 663 attempted fraud cases.
Increased use of mobile and Internet banking have exposed bank customers to cybercrime, especially fraud and phishing attacks
Mobile money transactions in Kenya jumped 52 percent to Sh3.26 trillion in the six months to June, Central Bank of Kenya data show.
Cases where links are widely circulated promising free airtime, money and other products have been used in phishing attacks to collect personal data and use it to siphon cash.
Phishing happens where criminals send out legitimate-looking e-mails from trustworthy websites requesting personal and financial details from unsuspecting people.
Read Also: How Young Kenyan Hackers are Making Money Illegally by Targeting Banks
They direct you to counterfeit web pages that look identical to the companies’ sites in order to fool you into submitting personal or financial data and passwords.
The scammer will then steal your identity and can access your account and transfer money to their accounts or make online purchases.
KCB says the decision by the Office of the Attorney-General requiring companies to update their beneficial ownership e-register has helped them track payments in real time and flag suspicious transactions.
“In line with this development the Group moved to strengthen its internal Know Your Customer (KYC) procedures. Combined with our robust cybersecurity systems, we were able to flag and prevent suspicious or fraudulent transactions faster,” KCB Group said.
Read Also: Cheap Android phones ‘hit hard by infected apps’ in Western Africa
Banks are also facing cyberattacks targeting weak points in servers, especially as lenders operate remotely from home or transition systems.
The Communications Authority of Kenya said there were 35.1 million cybersecurity incidents detected July to September 2020, an increase of 152.9 per cent as compared to the previous similar period.
The authority said the increase in cyber threats can be attributed to the move to working remotely and increased uptake of e-commerce in response to the Covid-19 pandemic.
Most banks do not reveal the level of fraud and cyberattacks unless the cases land in court.
NIC and CBA, which merged to form NCBA a year ago, came under attack.
Antony Mwangi Ngige, 23, and Ann Wambui Nyoike, 21 — two second-year students at Jomo Kenyatta University of Agriculture and Technology (JKUAT) — were recently charged with stealing Sh25 million from the bank through hacking.
They are also said to have attempted to steal an additional Sh190.7 million from the NCBA Bank.
Eight Kenyans arrested in Rwanda for hacking Equity Bank were handed eight-year jail terms and fined Sh5.6 million.
The eight were part of a 12-man organised crime gang arrested in 2019 by the Rwandan Investigation Bureau (RIB) that included three Rwandese nationals and a Ugandan.
They were arrested while in the process of hacking into Equity Bank accounts and funnelling the proceeds to be drawn out funds through Eazzy banking and ATMs.
The World Bank also warned that fraudsters impersonating its private lending arm International Finance Corporation (IFC) had set up an online fraudulent scheme to dupe small businesses in Kenya into giving private data.
IFC said the fraudsters set up fake websites, emails, loan application forms and URLs impersonating the private lender in Kenya and calling on businesses to apply for loans.