It started with just a phone call. The number looked real, the voice sounded official, and the message created panic. Victims were told their bank accounts had issues or their SIM cards were under threat.
Within minutes, they had shared critical information and lost thousands. Now, the Directorate of Criminal Investigations (DCI) has unmasked the syndicate behind this scam. Six men in Mombasa were running a high-tech caller ID spoofing system that helped them steal millions.
They set up their operation in a rented Airbnb, using gadgets, SIM cards, and manipulation software to outsmart Kenya’s cyber defenses.
How Thugs Use Caller ID Spoofing System to Defraud Kenyans
The DCI has identified and arrested six suspects operating a cybercrime ring from Nyali, Mombasa. Their main weapon: a caller ID spoofing system that made their calls appear legitimate. The system allows users to manipulate how their number appears on a phone screen.
Instead of showing their real number, it displays a trusted one—like a bank’s customer service line. This deception tricks victims into believing the call is from an official source. Once on the line, the conmen use pressure tactics.
They pretend to be agents from banks or telecoms. They warn the victim of fraud, blocked accounts, or SIM problems. In the confusion, the target gives away key information—passwords, PINs, or identity numbers.
The fraudsters then use that information to transfer money electronically. One suspect, said to be the mastermind, charged other criminals for access to the spoofing software. He is linked to the notorious ‘Mulot Swapper’ network and reportedly offered spoofed call services for a fee.
The DCI revealed that the spoofing app is expensive and hard to access. The group paid Ksh500,000 to obtain, configure, and secure the IP address needed to operate the system. That alone highlights the scale and intent of their operation.
Airbnb Turned into Cybercrime Training Base
The gang didn’t just carry out fraud—they trained for it. Their Airbnb apartment became a full-fledged fraud hub. Police found 19 mobile phones, dozens of SIM cards, SIM holders, and a notebook filled with possible targets. Detectives believe this was a staging ground where members learned to imitate customer service staff and plan attacks.
The setting gave them a low-profile, luxurious base while staying hidden in plain sight. The apartment provided space to rehearse scripts, configure devices, and manage the logistics of their caller ID spoofing system. This level of organization shows how modern cybercrime is evolving in Kenya.
The suspects didn’t just target individuals—they had a list. That list, found in the notebook, likely came from data breaches or inside sources. These were not random attacks but carefully planned operations with high success rates.
Their technique relied on timing and panic. By placing spoofed calls during work hours or late evenings, they caught victims off guard. They often gave tight deadlines for action, pushing victims into poor decisions. Many realized the fraud only after their money was gone.
Mastermind Linked to Wider Cybercrime Networks Beyond Caller ID Spoofing Systems
The key suspect in the case was not working alone. Authorities believe he has deep ties to a broader cybercrime network, including the infamous Mulot syndicate known for SIM swapping. He allegedly sold access to the spoofing tool, making money not only by scamming victims but by enabling other fraudsters.
DCI officers suspect that more suspects will be arrested as investigations continue. The software used is still circulating, and more gangs may be operating in similar style across Kenya.
This arrest is a major win in the fight against digital fraud. But experts warn that as long as people trust caller IDs and fail to verify calls, scams like these will thrive. Caller ID spoofing systems are legal in some countries for businesses—but in the wrong hands, they are powerful tools of theft.
The suspects were arraigned in Kahawa Law Courts on June 3. A ruling is expected tomorrow. Until then, they are being held at the Capitol Hill Police Station. Authorities urge the public to remain vigilant and report suspicious calls immediately.
