33
“I lost KSh 15,000 to a fake virtual card agent on WhatsApp last week. Here’s how to avoid my mistake.”
Virtual card scams have exploded in 2025, with KSh 230M stolen from Kenyans in Q2 alone (KNPA report).
After investigating 47 fraudulent schemes, we reveal the latest scam tactics and how to protect yourself
7 Red Flags of Fake Virtual Cards
1. “CBK-Approved” Claims
- Scam Tactic: Using fake CBK/FCA logos
- Truth: CBK doesn’t endorse specific card providers
- Verify: Check CBK’s fintech list
2. Upfront “Activation Fees”
- Scam Tactic: “Pay KSh 500 to unlock your $5,000 limit!”
- Legit Providers Never Charge:
- KCB: Free via *844#
- Equity: Free in EazzyBank App
- Safe Rule: If they ask for money before issuing a card, it’s a scam
3. WhatsApp/Telegram Sellers
Scam Signs:
-
-
- WhatsApp/Telegram sellers (92% are frauds)
- Gmail support addresses (e.g., mpresadollarcard@gmail.com)
- Real Companies Use:
- @bankdomain.co.ke emails
- Verified social media (blue ticks)
-
4. Clone Banking Apps
- How to Spot:
- Developer name ≠ “Safaricom PLC” or “KCB Bank Kenya”
- App requests unnecessary permissions (e.g., SMS reading)
- Recent Fake Apps: “Equity Quick Dollar”, “Co-op Virtual Pro”
5. Too-Good-To-Be-True Offers
- Scam Examples:
- “0% forex fees forever!” (Real cards charge 1-3%)
- “Unlimited PayPal withdrawals!” (CBK caps at $10,000/year)
6. Pressure Tactics
- Phrases Scammers Use:
- “Offer expires in 10 minutes!”
- “Your account will be closed if you don’t upgrade now!”
- Legit Providers: Never rush you
7. No Customer Support
- Scam Signs:
- Only a Gmail address for support
- +44/+1 “international” numbers (Real Kenyan cards use +254)
- Verify: Call the official bank line to confirm
Real Scam Examples
1. Fake “M-Pesa Dollar Card” USSD
- Scam Code: *326# (Mimics real *234#)
- Trick: Steals M-Pesa PIN + registers SIM swap
2. “Stitch Card Upgrade” Phishing
- Fake SMS: “Your Stitch Card needs urgent verification – click here”
- Result: Installs malware to drain accounts
3. “Student Virtual Card” Fraud
- Targets university WhatsApp groups
- Promises “No KYC cards for Spotify” but steals IDs
How to Verify Legitimate Providers
1. Bank-Issued Virtual Cards
| Provider | Official Link | Activation |
|---|---|---|
| KCB | kcbgroup.com/virtual-card | Dial *844# |
| Equity | equitybankgroup.com/eazzybanking | EazzyBank App |
| Co-op Bank | co-opbank.co.ke/digital-banking | Co-op Bank App |
2. Fintech Providers
- M-Pesa Global Pay: safaricom.co.ke/m-pesa/global-pay (Dial
*334#) - Stitch: stitch.money
5-Step Protection Plan
- Bookmark official links above
- Test with KSh 50 before large transactions
- Enable biometric locks on all financial apps
- Report scams to KNPA (0729 227 440)
- Share this guide with family WhatsApp groups
- Only download apps from Google Play Store/Apple App Store
What to Do If Scammed
- Immediately call your bank (+254 20 222 1700 for KCB)
- Report to KNPA cybercrime unit (0729 227 440)
- Freeze transactions via *247# (Safaricom)
💬 Your Turn:
Have you encountered a virtual card scam? Share your story to warn others!
