The Directorate of Criminal Investigations (DCI) yesterday arrested a suspected mastermind of a fraud circle, which robs unsuspecting Kenyans of their bank deposits through ATM machines.
Robert Mwaura Mwita reportedly runs a theft ring that includes bank ATM guards, who withdraw money from the machines using codes generated by Mwita.
“Upon withdrawing the money conned from unsuspecting members of the public, the said guards have been taking their agreed upon portion and sending the rest to Mwaura,” the DCI said while sharing the video evidence.
In the video, a security guard belonging to Radar Security Services is seen punching a code that he is reading from his mobile phone and shortly after, the Family Bank ATM machine discharges Ksh5000 and a receipt.
In the background, his accomplice inquires whether the transaction has been successful and advises him to pull out the receipt.
The DCI identified the two guards in the video as Stanley Nyakundi and Godfrey Masinde Simiyu.
According to the DCI,the two had sent over Ksh2.2 million to Mwaura in the month of September alone.
Mr. Robert Mwaura Mwita- a suspect linked to various cases of MPESA FRAUD in which members of the public have been defrauded MILLIONS of shillings was arrested yesterday by @DCI_Kenya Detectives after an assiduous operation. The suspect has been working in cahoot with…. pic.twitter.com/ygAyUG49XA
— DCI KENYA (@DCI_Kenya) October 20, 2019
Even though withdrawing money by Mpesa from ATMs seem quite secure, there is one attack that fraudsters are using to exploit them: account takeovers
So, how would an account takeover happen? If a hacker manages to gain access to your online bank account, cardless ATMs can make it fairly easy for them to steal thousands from you. Using your login credentials and your PIN, the criminal can register a mobile phone that they own to your account, and then use that phone to make withdrawals wherever they’re located. Not only can this get around the cardless ATM’s security, it can bypass any security features you may have on your phone as well. To make matters worse, for some reason, withdrawal limits on some cardless ATMs seem to be a lot higher than normal.
How can you avoid the fraud ? The good thing about cardless ATM fraud is that it doesn’t use any forms of attack that are especially new or complex. Hopefully you already know that you should keep your bank account username, password and PIN secret, and that you should be suspicious of any urgent-sounding email or text messages you receive that ask you to follow a link.
If you do receive a message like this, call or email the institution that supposedly sent it using contact information you find on an official website or, in the case of a financial institution, on the back of your bank card. Additionally, even if your mobile phone is secure, take any extra steps you can to secure your online banking accounts, such as adding two-factor authentication to them. You may also want to turn on email alerts for your bank accounts so you receive an email with every ATM transaction. That said, if a clever hacker is already in your account, they may be able to change your registered contact email so you don’t receive any alert messages