The Kenya Revenue Authority (KRA) has issued a scam alert after hackers hijacked its official X account, @KRACare, and rebranded it as “StandsX.”
The breach, confirmed by the authority on November 1, has prompted warnings to the public to avoid sharing personal information or making payments to fake accounts posing as KRA.
The Authority stated that the hackers’ move has already inspired impostors to create counterfeit KRA pages, which they use to “collect taxes” from unsuspecting Kenyans.
In a post shared on its verified corporate X account, KRA said, “Our real account, KRACare, took an unplanned vacation with the hackers. Stay alert, don’t share your info with impostors. Report and block any suspicious accounts.”
KRA Imposters on the Rise
The incident has exposed a troubling trend: cybercriminals are exploiting the temporary outage of verified accounts to launch parallel scams.
Also Read: Equity Bank Customers Hit by System Downtime Affecting Mobile Banking App
Several imitation accounts have surfaced online, mimicking KRA’s official tone and logo while demanding tax payments, refunds, or penalties through mobile money and bank links.
KRA has cautioned that no such transactions should be made outside its official platforms and that all authorized communication will continue through verified channels, including Facebook (@KRACare) and WhatsApp via 0711 099 999.
“Members of the public are strongly warned not to engage, share personal information, or send money to any messages or posts from this account, as they are fraudulent,” the authority said in a statement.
Investigations Underway
KRA has launched investigations in collaboration with X’s global security team to recover the compromised handle.
Also Read: New Twist as Family of a Man Who Fell from KRA Offices in Kisumu Reveals Last Moments
The authority said its cyber response unit is also working closely with the Communications Authority of Kenya (CAK) and the National Computer and Cybercrimes Coordination Committee (NC4) to track the perpetrators.
The hackers often use phishing schemes or third-party access points to take over verified accounts, later exploiting them to solicit money or spread misinformation.
Public Urged to Stay Vigilant
KRA is urging Kenyans to remain cautious and verify all information before responding to tax-related messages online.
The Authority has stated that all digital tax services, including iTax, TIMS, and M-Service, remain secure and unaffected by the social media breach.
“We are working to restore our official presence on X as quickly as possible. In the meantime, please use our verified alternative channels for any assistance,” KRA said.
This highlights Kenya’s increasing vulnerability to cyber threats, despite the government’s efforts to fully digitalize public services.
Follow our WhatsApp Channel and X Account for real-time news updates.
