The Directorate of Criminal Investigations (DCI) has warned Kenyans against the trend of Phishing attacks.
Phishing is a form of social engineering where fraudsters send messages via WhatsApp or G-mail with the intent of tricking users into giving up sensitive information.
Part of the information sought after by the scammers, according to DCI, include passwords, credit card numbers, or even bank details.
In the statement, DCI said that one of most common ways of phishing is where the attackers use emails or malicious websites to solicit personal information while posing as a trustworthy organization.
The scammer, DCI notes, sends a message under the guise of a recruiting employer looking for remote job seekers mostly in the form of WFH [ Work From Home].
After an interaction, the scammers reportedly ask victims to complete simple tasks and later forward a screenshot of the completed task.
At times, such tasks may come with a financial incentive.
“Once you respond, the scammer tells you it is a simple job and all you have is to complete a few tasks,” the statement read in part.
But completing the simple task and sending a screenshot, according to the directorate, is usually just the first phase of the con game.
How the Phishing Con Takes Place
After sending the screenshot, the scammers act as if there are some difficulties in transferring the amount and will ask you to download an app for easy transfer.
This app contains malware or hidden bugs and acts as an entry point to your mobile and personal information.
To avoid falling for such traps, DCI advised Kenyans to exercise precaution while replying to messages and emails from unknown numbers promising to offer jobs.
In addition, the investigative unit urged Kenyans to avoid downloading apps or clicking on links as suggested by such individuals.
“It is advised to block such numbers right away. Do not download any app or click a link that seems suspicious or that an unknown individual suggests,” the statement reads in part.
Also Read: DCI Unmasks Woman Behind AirBnB Fraud Targeting Kenyans
Besides preying on jobless Kenyans, phishing attacks could also come from miscreants posing as a mother or father.
This way, a victim tends to easily trust the fraudster behind the SMS or email and thus persuaded easily.
Other Forms of Online Attacks
In addition to WhatsApp, Phishing attacks have recently shifted to phone calls and video calls.
Also Read: New Trick Scammers are Using for M-PESA Message Cons
The attackers, using numbers with foreign codes, usually beep a target before hanging up.
Any attempt by the target to make a follow up lead to a phishing attack.
Alternatively, the attackers may send a subsequent message pretending to have mistakenly dialed the phone number.
In most of these cases, the attackers end up requesting for crucial information under the guise of a trusted friend, entity or a family member.