It is not uncommon to get a message from an unfamiliar number saying that you have won money in a competition you never entered.
The message could also be from a ‘white’ woman or man looking to start a relationship with you. Some messages are signed off as from a politician who is seeking your vote.
But where could these bogus competitions, love connections and politicians be getting your number from?
Millions of Kenyans inadvertently give away personal information. As a security measure, most managers of buildings require that you leave your contact details and ID number before you gain access.
This makes it easy for someone to bribe the guards to get a copy of the contact details.
In addition, mobile money transactions involve giving out your phone and ID numbers.
A data security expert, who requested not to be named due to the sensitive nature of his job, told Nation some unscrupulous mobile money agents sell customer details to Premium Rate Service Providers (PRSPs), which then push unsolicited products to people as a vicious marketing strategy.
“These PRSPs are the reason you get subscribed to …premium services you did not ask for, or get messages advertising particular services and products. In the case of the subscriptions, the PRSP makes money by charging you for every message sent,” he said.
He noted that this practice is illegal and a mobile phone user can sue the network operator and PRSP for infringing on the terms and conditions of the customer agreement.
As a result of this rampant theft of personal data by PRSPs, some mobile networks have made it possible for the consumer to unsubscribe from receiving unsolicited messages.
A more sophisticated method of data theft is where technosavvy conmen fish data from users using bogus websites.
These websites invite internet users to create accounts which invariably ask for the user’s email address and also require him or her to put in a password.
As most people use the same password for a variety of online accounts, the people behind the website steal the password, match it to the address the user entered and simply log onto the user’s email.