A gang of Kenyan students have been hacking foreigners’ email credit cards through email phishing, according to the country’s directorate of criminal investigations (DCI). The students create fake emails to steal the passwords and credit card information of unsuspecting victims before using the money in these credit cards to purchase bitcoin, which they then convert to Kenyan currency.
The directorate said it arrested the criminal gang who were operating out of Milimani, an affluent estate in Nakuru City, the country’s fourth largest city.
Members of the gang include 2 students of the Kenyatta University, Francis Maina Wambui, alias Nick, 26; and Zellic Alusa, 25, who the DCI said was arrested during a raid in the company of 2 young ladies, in an apartment.
Five laptops, 4 mobile phones, 2 WiFi gadgets, 3 hard drives, and assorted SIM cards were among the items recovered from the DCI’s arrest.
The fraudsters spent the proceeds from their hacking to fund a lavish lifestyle and purchase properties. Among the documents recovered from the apartment was a land sale agreement entered on May 25 for a property valued at KSh850,000 ($8,000) in Juja, just close to the university.
Kenya’s rising cybercrime rate
Since the beginning of 2010, Kenya has seen an uptake in cybercrime activities which has made way for the rise of cybercrime gangs. The most notorious is the Forkbombo, a Kenyan hackers gang which fleeced people, corporations, financial institutions and government agencies of money to the tune of Sh400 million ($4 million)
Earlier in March, Kenyans lost Sh1.18 billion($10 million) to BitStream Circle, a Ponzi scheme that surfaced in December 2021 and promised investors a daily profit return of 5–10% of their investment.
Just a few days before the raid, another agency, the Kenya National Police Service opened a forensics lab to double down on tackling cybercrime and cryptocurrency fraud, which the country’s president, Uhuru Kenyatta acknowledged is rising. This is another effort by Kenyan authorities to crack down on cybercriminals that seem unfazed by the country’s Computer Misuse and Cyber Crimes Act, enacted in 2018, which prescribes a 2-year jail term and $2,000 fine for anyone found guilty of manipulating a payments system to steal money.