A transnational telephone scam known as Wangiri is on the rise in Kenya, warns the Directorate of Criminal Investigations Kenya (DCI Kenya). Wangiri, a Japanese word meaning ‘one telephone ring and cut,’ is where criminals defraud unwitting victims when they return a missed international call. This call is charged to the victim at a high cost.
Unlike other scams, such as the business email compromise, Wangiri uses uncomplicated technology and may target anyone with a SIM card connection. The scam exploits people’s innate curiosity to follow up on a missed international call. The country of origin of the call may vary, but may also tally with where the victim has a relative, has applied for a job, or visited before.
Once the victim returns the call, the criminals use tactics such as putting the victim on hold, talking in a foreign language or simply conversing with the victim on any topic such as winning a lottery or setting up a job interview under the pretence of being head-hunted. The more the victim converses or is kept on hold, the more charges he or she incurs.
An engineer working with a telecommunications company in Kenya who requested anonymity explained how the scam works. He explains that although the numbers take the prefix of telecommunications companies, almost all of them are sourced from the dark web and are thus difficult to trace.
Once a person calls the number back, money is deducted instantly from their SIM-linked account, and routed to the dark web. The scammers then cash out the money using more sophisticated and rapidly evolving techniques. Kenyan law enforcement agencies are still figuring out these techniques and thus also ways to disrupt and prevent this practice. Yet this is easier said than done.
Of Kenya’s 53 million population, the number of active mobile telephone subscribers as of March 2020 stood at over 55 million. This translates to a SIM card penetration of 116.1% – the highest penetration in the East African region and among the top 10 in Africa. Kenya is thus a preferred target for Wangiri scammers.
A DCI Kenya officer who spoke to ENACT on condition of anonymity said they’d received many complaints from Kenyans on the Wangiri scam through their Twitter and Facebook public communication platforms.
However documenting and investigating these complaints isn’t possible as the DCI only investigates a case once it is logged in the Occurrence Book (OB) at a police station and an OB number issued. Most Kenyans avoid reporting any case to the police through these channels as this is generally a very lengthy process. The officer said that because of this, they were unable to respond to the many cases of Kenyans falling victim to the Wangiri scammers.
Another DCI officer explained there was no specific legal framework for investigating, prosecuting and convicting cases of the Wangiri scam. The officer, who has handled scam cases, pointed out that the law enforcement agencies have had to rely on different laws and bodies to investigate these tech-enabled crimes.
The laws currently used are the Kenya Information and Communications Act, 1998 and the Computer Misuse and Cybercrimes Act, 2018. The bodies responsible for telecommunications security include both the telecommunications companies such as Safaricom and Airtel and government, mainly the Communications Authority of Kenya.
The officer noted that even though formally reported cases had been forwarded to the respective telecommunications companies and the Communications Authority Incident Response Team, cases took a long time to be investigated, and most were not resolved. The officer recalled only one case that was successfully resolved through joint cooperation between Kenya and Vodafone – a UK-based telecommunications company. The case took 30 days and the client was successfully refunded. This is exceptional and far from the experience of most Kenyans.
Reviewed information suggests that to address this form of transnational syndicated scam is difficult, not only for Kenya but also for many other countries in Africa and the world. Tracing, investigating and arresting criminals who run these scams virtually, internationally and through the dark web is almost impossible. It is easy to hide when operations are across jurisdictions and invisible.
DCI Kenya officers that ENACT approached suggested possible measures to disrupt the scammers from operating. Firstly, reviewing the police’s systems of report and logging cases to speed up responsiveness may need to be in place to encourage victims to report of such scams formally. This will provide the authorities who are mandated to oversee telecommunications security with evidence of the scale and severity of the problem.
Secondly, a civic awareness campaign as a preventative measure to alert people to the risks of returning missed calls from unknown and suspicious international numbers. Thirdly, at the strategic level, advocating that telecommunications companies and government bodies look at the evidence and develop response that secure clients and citizens, and at the least block numbers reported to them by victims.
However, the officers acknowledge that these measures are likely to be more preventive and may not stop the crime from taking place. The scammers increasingly use locally based numbers to con Kenyans, and telecommunications companies are overwhelmed with the volume of numbers needing to be blocked from the dark web.
Transnational organised crime expands with development, and for a country like Kenya that enjoys a robust telecommunications infrastructure, criminals who operate virtually will see it as a lucrative and easy target. Advanced technological capability, operational and innovative responses, such as crime-proofing SIM number registration and swapping, are needed from both the government and private companies to address this crime.
Mohamed Daghar, Researcher, ENACT project, ISS