This archive report was first published on 21 October 2019.
On October 20, 2019, the Directorate of Criminal Investigations (DCI) arrested Robert Mwaura Mwita, a suspected mastermind of a fraud circle that robs unsuspecting Kenyans of their bank deposits through ATM machines.
According to the DCI, Mwita runs a theft ring that includes bank ATM guards, who withdraw money from the machines using codes generated by Mwita.
“Upon withdrawing the money conned from unsuspecting members of the public, the said guards have been taking their agreed upon portion and sending the rest to Mwaura,” the DCI said while sharing the video evidence.
Two guards, Stanley Nyakundi and Godfrey Masinde Simiyu, were identified in the video as accomplices of Mwita. They had sent over Ksh2.2 million to Mwaura in the month of September alone.
Even though withdrawing money by Mpesa from ATMs seems secure, there is one attack that fraudsters are using to exploit them: account takeovers.
Account takeovers occur when a hacker gains access to your online bank account and uses your login credentials and PIN to register a mobile phone that they own to your account. They can then use that phone to make withdrawals wherever they’re located.
DCI KENYA (@DCI_Kenya) warned that withdrawal limits on some cardless ATMs seem to be a lot higher than normal, making it easier for hackers to steal thousands from unsuspecting victims.
DCI KENYA (@DCI_Kenya) shared a video of the arrest on Twitter, stating that Mwaura has been linked to various cases of Mpesa fraud in which members of the public have been defrauded millions of shillings.