When Sylvia Wanjiru received a million-shilling ($7,773) payment, her relief was short-lived. Moments later, a man claiming to be from her bank’s customer service called, offering to “confirm the transaction.” The timing was too precise to be a coincidence. For Wanjiru and many other Kenyans, the question is not whether hackers are breaching systems, it’s whether insiders are feeding fraudsters information.
The Central Bank of Kenya (CBK), in its 2025 Financial Sector Stability Report, revealed that reported cyber fraud cases more than doubled in 2024, with exposed amounts rising to KES 1.9 billion ($14.7 million) and actual losses nearing KES 1.5 billion ($11.6 million). The Communications Authority of Kenya (CA) tracked 7.9 billion cyber threats in the first eight months of 2025, double the previous year’s figure.
Regulators insist the sector remains “resilient,” but the numbers mask a deeper reality. Victim accounts, law enforcement records, and insider testimony suggest many breaches are inside jobs.
Former compliance officers describe Nairobi neighborhoods hosting call-center-style hubs where employees, lured under “customer service” job ads, are tasked with impersonating bank officials. Bank staff allegedly monitor transactions and tip off fraudsters, who move stolen funds through mule accounts, mobile money, and even crypto wallets.With youth unemployment at 67%, the lure of quick pay per fraudulent “hit” sustains this underground industry. Protection allegedly extends to corrupt officers who shield syndicates from raids.
Kenya’s largest lenders Equity Bank, KCB Group, and Co-operative Bank are prime targets, handling millions of daily transactions where fraudsters can “hide in the noise.” Rural pensioners, traders, and salaried workers are frequent victims. In some cases, collusion turns deadly: in April, a teacher in Mumias was killed after withdrawing KES 285,000 ($2,206), with investigators suspecting bank tellers leaked details.
To restore trust, lenders are cleaning houses. Equity Bank made headlines in May when it fired 1,500 employees linked to misconduct. CEO James Mwangi declared: “I will protect the customers and the bank. I will be ruthless.”Other banks, including KCB, NCBA, and Co-operative Bank, have also quietly dismissed staff in recent months.
Fraud in Kenya rarely fits neat definitions. A phishing text may start the chain, but stolen data often flows from insiders, laundered through mobile money and shielded by compromised authorities. This blurring of cybercrime and insider collusion erodes public confidence.
The biggest risk to Kenya’s fast-growing financial sector may not be external hackers, but the trusted hands inside.
