Understanding the Threat: Common Types of Phishing Scams in Kenya
The Human Element of Cybersecurity
Phishing remains one of the most successful methods for compromising corporate networks, as it targets the employee rather than the system’s firewall. Scammers in Kenya often localize their tactics to increase credibility.
Common Localized Phishing Types
- **CEO Fraud/Business Email Compromise (BEC):** An email appears to come from a senior executive (e.g., the “CEO” or “CFO”) demanding an urgent wire transfer to a new supplier or a sensitive data dump. These are often poorly targeted but can result in massive financial loss.
- **Mobile Money Scams:** Scammers use SMS or WhatsApp to send messages impersonating telecom companies (MTN, Airtel) or banks, asking the user to click a link or provide their PIN/OTP to ‘verify’ an account or ‘reverse’ an erroneous transaction.
- **URA/Government Impersonation:** Emails or texts claiming to be from the Kenya Revenue Authority or another government body, demanding immediate payment or claiming tax non-compliance, often with a malicious link.
The best defense against phishing is **staff training**. Employees must be taught to verify suspicious requests via a secondary channel (a phone call) and never to click unsolicited links.