The money had just hit Sylvia Wanjiru’s account when her phone rang. It was a million-shilling ($7,773) payment from a client, and the caller claimed to be from her bank’s customer service. He spoke confidently, offering to “help confirm the transaction.”
“At first I thought it was just a coincidence,” Wanjiru recalls. But when the same thing happened again, she realised someone was watching her transactions and reported it to the bank.
Her parents were not so fortunate. Pension payments of KES 34,000 ($263) and KES 2,500 ($19) from a mobile money wallet disappeared after they called a number that texted: “*** BANK. Dear Customer, your account has been SUSPENDED. Please contact 010****366 within 24 hours.”
The money was long gone by the time they rushed to the bank and mobile money provider. Wanjiru’s experience is one among many others. Across Kenya, customers report similar encounters, including calls moments after cash deposits or transfers and text messages disguised as official alerts followed by withdrawals.
The speed and timing point to a possibility that the fraudsters work hand in glove with bank staff and mobile money agents with access to customer information.
Rising cyber-threats
The Central Bank of Kenya (CBK), in its Financial Sector Stability Report 2025, in August reports cases of cyber fraud in the banking sector more than doubled in 2024, rising from 153 to 353, with the amount exposed increasing to KES 1.9 billion ($14.7 million) and losses nearly quadrupling to KES 1.5 billion ($11.6 million).
The Communications Authority of Kenya (CA) reported 7.9 billion cyber threats in the first eight months of 2025, double the figure for 2024. CBK said attacks rose from 7.7 million in 2016 to billions due to Kenya’s economy’s rapid digitisation.
The regulator insists that despite rising risks, Kenya’s banking sector remains “resilient,” able to withstand shocks from successful cyber-attacks. However, accounts from victims, bank staff, and law enforcement suggest that most losses of funds are inside jobs.
A former compliance officer described a shadow industry in Nairobi neighbourhoods like Utawala and Ruiru, which thrives on mobile banking fraud. The setups look like call centre outsourcing hubs with rows of desks, computers, and phones.
“There are bank staff who monitor accounts, tip off the fraudsters, and within minutes, money is pushed into mule accounts,” says one ex-risk and compliance at a major bank. The cash is laundered through mobile money wallets and withdrawn at agents, or some are pushed to crypto wallets.
With 67% youth unemployment, workers are recruited through job ads for “customer service” roles, only to discover that the scripts involve impersonating bank officials or mobile money agents. And because it’s quick cash, many stay.
Pay is per successful hit, which means the more money they steal from customers, the more they earn. Corrupt police officers, according to the former compliance officer, are paid to protect operations, tip off the syndicates before raids, or frustrate investigations.
“It’s a big operation, more than you can imagine,” the former officer says. “The real people behind these schemes are known to some in Kenya Police’s serious crimes division.”
Targets the biggest banks
The people behind the schemes design them for scale, according to an investigations officer at Banking Fraud Investigations Unit (BFIU)—a unit under the Directorate of Criminal Investigations (DCI)—who has handled such cases and asked not to be named. They target banks with vast retail business like Equity Bank, KCB Group, and Co-operative Bank— Kenya’s biggest retail lenders with a combined customer base of over 50 million. With such big operations, the fraudsters hide in the noise of millions of daily transactions.
Rural pensioners, urban traders, and salaried workers with predictable income streams make easy prey.
“It’s a numbers game,” says the BFIU officer. “The bigger the bank, the more likely someone will slip.”
Most of these frauds are not violent, but sometimes they turn deadly. In April, a teacher in Mumias was trailed and killed after withdrawing KES 285,000 ($206). Detectives believe two bank tellers may have passed on the information to robbers, pointing to insider collusion with criminals.
There are numerous reports of customers being trailed after withdrawing or depositing large sums at banks and mobile money agents across the country.
In 2024, Equity Bank reported it lost KES 1.5 billion ($11.6 million) in what was initially described by news outlets as a sophisticated hacking attack. However, investigators later alleged that bank staff colluded with property developers and lawyers to siphon off the bank’s money from the salary suspense account in thousands of small, salary-like transfers to avoid detection.
Deeper rot
On social media, many Kenyans brush off mobile banking fraud as the work of prisoners with smuggled phones when they are operations run by people living among them. While some operations enjoy corrupt officials’ backing, the BFIU officer concedes that the regulators are overstretched.
“Mobile money and banks process millions of payments daily, and that’s why some of the cases even go unnoticed,” says the officer.
However, faced with mounting fraud, most Kenyan banks have begun housecleaning to restore customer confidence. KCB Group, NCBA, Absa, and Co-operative Bank are some lenders that have recently fired staff over misconduct.
In May, Equity Group took a bolder step, announcing publicly that it was firing 1,500 staff to protect the bank’s image and its customers.
“The moment of reckoning has come,” Equity Bank CEO James Mwangi said in May. “It doesn’t matter how many I will lose. I don’t even care. I will protect the customers and the bank. I will be ruthless.”
The bank has since extended the exercise to its subsidiary in Uganda, which has also suffered staff-linked fraud in the past two years.
Blurring of lines
The lines between cyber fraud, insider theft, and organised crime are blurred. According to the BFIU officer, most victims never report, whether from embarrassment, the small sums involved, or the hassle of filing a complaint with the police, making the CBK’s figure of KES1.5 billion an understatement.
The BFIU investigator says the schemes rarely fall into specific categories. A phishing text may be the start, but a bank teller can pass on stolen data, laundered through mobile money, and protected by police officers. Each stage blurs the line between cyber-attacks, insider theft, and organised racketeering.
The consequence, the former compliance officer warns, is erosion of trust. Many customers, unsure whether the fraudsters are hackers or someone inside their bank, choose not to report. Anxious to reassure shareholders and depositors, lenders frame the losses as “cyber threats” even when investigations show human hands.
This gap between the official narrative and what victims experience is where the danger lies. The BFUI investigator says that as Kenya’s financial system grows, the weakest link may be the people inside—tellers, agents, and officers with access to real-time customer records.
Mark your calendars! Moonshot by is back in Lagos on October 15–16! Meet and learn from Africa’s top founders, creatives & tech leaders for 2 days of keynotes, mixers & future-forward ideas. Get your tickets now: moonshot..com
