Man loses Ksh2.6M after SIM card reportedly swapped

Farah Bashir, a medical laboratory scientist, is said to have lost the money between February 7 and February 9.

Bashir described his ordeal, saying he arrived in Johannesburg on February 5 and began receiving calls from family members asking where he was.

He claims that the hackers gained access to his contacts and began calling and texting those close to him.

On February 7 at 5:43 p.m., he received an alert from Safaricom informing him that they had received a Sim Card swap request, which he could ignore if he did not initiate it.

He became even more frustrated when he was unable to access M-Pesa services while attempting to purchase airtime to call home.

He contacted Safaricom Customer Care on Twitter, where his contact information and ID number were taken, but the remote assistance was insufficient.

Bashir then decided to check his bank balance, but he ran into trouble when his fingerprint lock was rejected while attempting to access the Absa Bank app.

Now anxious and uneasy, he tried to log in using his laptop, which was successful, but he could not believe his eyes.

Bashir says a withdrawal of Ksh.150,000 had already been made from his Kenyan currency account.

While still trying to come to apprehension, another Ksh.150,000 disappeared. The account was left with Ksh.35,000.

He reached out to Absa raising the matter and he changed his password. His account was however dried up as the remaining amount was withdrawn shortly after.

His dollar currency account which had $17,451 (Ksh2 million) then followed, where his money was withdrawn in 10 quotas.

His Sterling pound account, which had Ksh 231,000 in it, was then emptied by the hackers.

Bashir claims that he was forced to survive on Yoghurt and snacks from the hotel's breakfast until his family was able to send him some money.

He then wrote Absa a letter requesting an explanation as to how the fraudsters were able to gain access to his account despite changing his password.

"I would like to know how the fraud was conducted, what internal systems the bank has to detect illegal withdrawal of funds from my accounts and why did the fraudsters access my account on February 8 at 11pm SA time after I had changed my password," Bashir was quoted as saying by the Nation. 

Absa responded that the funds were transferred to two other banks and an M-pesa money wallet via mobile banking. Bashir was informed that his Sim Card had been switched.

"We managed to secure only Ksh.500,000 and credited the amount to your account on March 7. The rest of the funds unfortunately were already utilized," the bank said in a statement.

"From the above sequence of events, we have established that security/password integrity in your account on the part of the bank. Kindly note the credentials are only known to the customer. In addition, where a password is compromised, you are under a duty to inform us immediately so that we may take appropriate action to secure your account. Based on this, the bank is not liable for the net loss of Ksh. 1,515,715 from your account."

The bank further said that it has forwarded the matter to the Banking Fraud Investigations Department for further investigations.