Equity Bank fraud.

Equity Bank Eazzy App Security Breach That has Enriched Mulot Fraudsters

In October 2019 DCI detectives from Bomet East arrested a fraud suspect Peter Cheruiyot from Mulot after investigations revealed that he had stolen more than Ksh. 400, 000 from different Equity Bank accounts.

Last month in August, an elderly man from Nyeri County had his account swept clean after fraudsters allegedly siphoned the KSh 457,000 from his account through Eazzy App.

Also in August, one Dennis Kipkoech Kirui was arrested at a village in Bomet East Sub County after he was accused of emptying an Equity Bank account belonging to Teresa Nduku Gitari.

Equity Bank fraud
Dennis Kipkoech Kirui at the Kibera Law Courts. Image/Daily Nation

The Directorate of Criminal Investigations (DCI) revealed that Kipkoech siphoned Sh400,000 from the woman’s account after obtaining her mobile phone’s registration details falsely claiming to be the bank’s employee.

These arrests have one thing in common, Mulot Central in Narok County.

This remote village is the hub of social engineering where young men, mostly school drop outs easily manipulate their victims.

While their knowledge of computing hack is almost zero, their skills in human psychology beat anyone’s imaginations.

They apply social skills to target the weakest link in computer security chain, the human beings.

Equity Bank App Weak Security Link

There’s a very critical security flaw in Equity Bank iPhone mobile banking app, a back channel which allows these fraudsters to gain access to bank accounts and siphon money.

A mobile application technician tells us that: “Risks do not necessarily result from any one particular vulnerability on the client or server side. In many cases, they are the product of several seemingly small deficiencies in various parts of the mobile application. Taken together, these oversights can add up to serious consequences, including financial losses for users and reputational damage to the developer.”

The application installed by the Equity bank customers make them vulnerable to fraud and theft of funds due to inadequate security features. The app is easily exploitable by fraudsters to access sensitive info e.g account balance, change PIN and view recent transactions.

Armed with Iphones, the fraudsters normally sweet talk Equity Bank agents into giving them customer details enabling them to obtain customer account number and ID.

Until three weeks ago, our source in Narok who has vast knowledge on mobile phone applications told the Kenyan Herald that the fraudsters were still using the security breach in Iphone iOS to steal money from unsuspecting customers.

The source further says that Equity bank employees are to blame for selling customer details to these fraudsters who buy off police officers by sharing the loot with them.

The swappers, he says, are way ahead of the Equity fraud team and developers.

Overtime, the fraudsters have enriched themselves, building houses, buying probox cars, boda bodas with many of the youths involved immersing themselves in alcohol and women.

“The economy of Mulot central in Narok is significantly from proceeds of the crimes” said our source who asked to remain anonymous.

 

Do you have a story you wish to tell? Oppressed at your work place? You have news? Tips? Exposé? You need to be heard??

The Kenyan Herald will carry your story. Share with us on email editor@kenyan-herald.com or info@Kenyan-herald.com or news@Kenyan-Herald.com

2 Comments

  1. The issue has been sorted. You cannot activate an app on IOS devices and do a transaction. You need to visit your nearest branch first

  2. Mike Otieno

    CBK cannot take any action because it is Equity. If it were any other bank I&M or DTB they would have acted swiftly on this matter. Mwangi and Njoroge cannot be separated. Kenyans to boycott Equity.

Do you have a comment about this article?

setPostViews(get_the_ID()); setPostViews(get_the_ID()); setPostViews(get_the_ID()); setPostViews(get_the_ID()); setPostViews(get_the_ID()); setPostViews(get_the_ID()); setPostViews(get_the_ID()); setPostViews(get_the_ID()); setPostViews(get_the_ID()); setPostViews(get_the_ID());