With Kenyans going through strained financial times, a big blow in the telecoms and banking sector have been accusations of fraud. Residents of Silicon Savannah have to contend with cyber-savvy criminals finding new ways to swindle them each month.
In the past three weeks, one particular form of fraud has taken centre stage among banks and brands. It pales compared to the louder cries of customers speaking on falling victim to well-timed social engineering scams.
Social engineering scams involve tricking people into divulging confidential information like P.I.N.s, passwords, I.D. numbers, dates of birth, and more. Scammers then use that to perform identity theft, often using SIM cards to register new phone lines in a world where a phone number is akin to a bank account.
In Kenya, a decade-long push has asked customers to interact with telecoms, banks and financial services companies through social networks. The two most familiar places customers have been encouraged to visit are Facebook and Twitter. Customers have been promised faster response times and less waiting than phone calls, where they remain on hold, awaiting an agent to listen and address their issue.
The business case of this is that it is simpler for a business to respond to a social media query delivered virtually than to pay for a toll-free line and get personnel operating individual call-centre stations to talk to customers.
Over the past two years, a rising scam has caught my attention. It involves fraudsters opening multiple Facebook and Twitter accounts purporting to be your preferred telecoms, bank, or financial services provider. They mimic the tone, bio, and all public-facing details except for the verified badge of the brand.
Given the sheer volume (thousands of requests an hour) that the telecoms, banks, and financial services providers get, the fraudsters play a game of numbers. They find customers who are complaining about financial issues in particular. And they private/direct message the customer who has publicly updated that they are seeking help. In this private message, they pretend to be the brand and strive to get confidential information - even resorting to calling the customer as part of the con.
When brands discover these sorts of fake profiles, they work on having them reported. This leads to the pages and profiles being suspended. However, all the scammers do is create a new email address and profile and start afresh. Sometimes they have dozens of such profiles, knowing they will lose them all to suspensions over time.
In my view, the solution to this is three-fold:
A bonus tip for brands is to have a documented system for reporting fraudulent profiles - this involves building relationships at Twitter and Facebook and knowing the process of reporting profiles for impersonation.
Overall there are no easy answers to this issue, and it will continue to plague the industry. We can't squeeze the toothpaste back into the tube. Millions of customers will use social media to register service and experience complaints.
While they pale compared to those that call, email, and text, these customers are among the loudest when it comes to raising the alarm on fraud since they are social media users with audiences of their own.
P.S. Nendo does this social listening work and reputation/CX consulting for brands, so please contact us if you are interested in this type of support via firstname.lastname@example.org
P.P.S. I've held back from speaking on issues particular to Twitter. Brands on Twitter may soon have to register for 'golden' checkmarks (instead of blue ones) and may be forced to pay $1,000 monthly to maintain them. It is also easier than ever to get a blue checkmark, further complicating things and creating specific vulnerabilities for brands in 2023 (if Twitter survives until the end of the year).