Phishing: DCI cautions Kenyans on how scammers are stealing personal data
By Aloys Michael, October 7, 2025The Directorate of Criminal Investigations (DCI) has warned the public to beware of scammers using phishing techniques to defraud unsuspecting Kenyans.
This warning comes on the back of the recent notice in which Kenyans were urged to exercise best password creation practices amid a rising trend in cybercrime attacks, not only in Kenya but globally.
Also Watch: 12 suspected gold scammers arrested by the DCI
In an X notice on Tuesday, October 7, 2025, the sleuths stated that phishing is on the rise, in which criminals deceive individuals into providing sensitive information.
“Proceeds of crime are no longer hidden under mattresses. They’re laundered through complex corporate structures, global bank accounts, real estate, and cryptocurrency. Our response must evolve just as quickly,” the notice read.
Detectives said information may include identification numbers, usernames, passwords, or the card verification value (CVV) found on credit cards, and other personal data.
Additionally, DCI revealed that phishing is specifically conducted through fake emails, links, messages, or websites that seem to be the source.
For instance, the deceptive messages may offer something enticing, such as ‘click this link and register to get unlimited talk time for any network’, or use urgent or threatening language, such as ‘Your account will be closed after 24 hours’.
Tame phishing
DCI further explained that phishing involves an attacker sending a fake email, website or message that pretends to be from a reputable institution.
They may also request personal or financial information, such as OTPs (one-time passwords) and date of birth. Once the user enters their details, the attacker captures the information for malicious use.
Detectives have therefore urged users to avoid clicking links, opening, or downloading attachments that come with unknown or unexpected emails or Short Message Service (SMS).
On October 2, 2025, the detectives raised concerns over rising cybercrime attacks, which it revealed were largely successful due to weak passwords, among other poor practices.
To mitigate cases of cybercrimes mainly caused by weak passwords, the detectives recommended a raft of measures, including creating passwords as long as 64 characters and using spaces.
According to the DCI, most passwords are vulnerable to cybercrimes because of issues such as poor user habits, evolving attack methods, and organisational oversights.