20.5k unique visitors in the last 3 days

What All Police Should Learn from the Many Arrests of SIM Swappers in One Kenyan County

The rising number of arrests in Bomet County shows what happens when crime becomes a way of life. Ramping up the policing of comms frauds around the world may reveal the rot is worse than anticipated.

I often joke before a serious presentation about previously being employed to do proper jobs in telcos but needing to stop because those jobs are too hard. The tone is meant to be humorous but the statement has a purpose; I respect how difficult the work can be. I want the audience to understand that I speak as somebody who understood the needs of my telcos by being inside them, and not because some external agent like a salesmen or a regulator pushed theoretical arguments about how telcos should operate, perhaps based on faulty data from an unreliable source. One of the hardest aspects of managing a telco’s risks comes from not knowing what to do about new problems that are encountered, whilst also knowing that advice offered by people who do not work for telcos is usually terrible. Countries that are most effective at protecting consumers from telecoms scams tend to be those where the right people inside telcos are given the opportunity to lead. The leading telcos can then set an example for others. The exchange of information between telcos is not just vital to solving specific issues, because it can also be used to create avenues for telco employees to more generally learn from each other’s successes and failures. Unfortunately, we could potentially learn a lot more from failures, but human beings are reluctant to talk about them. We should still try to learn as much as possible from the experiences of fellow professionals working for comms providers, because very few others will have relevant experience. I expect a related problem will soon become apparent to law enforcement agencies around the world, as a consequence of politicians beginning to promise more resources to tackle fraud, including the hiring of more dedicated fraud investigators.

An ordinary voter may accept the politician’s pledge to hire hundreds of new fraud investigators without responding with any concerns. Somebody with a bit more insider insight should ask how these new investigators will be trained to do their jobs, especially when the job involves tackling methods of committing fraud that police have ignored in the past, and so lack experience of dealing with. Even a diligent individual will perform poorly if they are given a complicated task without any useful guidance on how to complete it. The danger is that it will take many years of failure before investigators learn from their own mistakes, unless they are given intensive coaching in domains where even hardened professionals can sometimes be overwhelmed by the need to know about CDRs, GDPR, AIT, ATG, AML, TCGs, TCP, SMTP, MSISDNs, 10DLCs, E.164, SS7, SIP, SIMs, eSIMs, IMEIs, PII, PKI, RCD, RCS, NRAs, MSRNs, LEAs, LECs, CLECs, MVNOs, VAT carousels and IMSI-catchers. When faced with such complexity, how much do we expect a new recruit in a law enforcement agency to truly comprehend about the methods used by fraudsters and the methods used to counter them?

There is always more to learn if you strive to be a competent professional, and the danger of not appreciating the limits of your own competence has been demonstrated by research into the Dunning-Kruger effect. Reduced to its essence, experiments have shown that people who lack competence are poor judges of competence, whether they are judging their own competence or the competence of other people. This often leads incompetent people to overestimate their abilities. One classic demonstration of the Dunning-Kruger effect involves individuals ranking their competence at a specific task — it does not matter which particular task is used in the study, as the outcomes still tend to conform to the same pattern — compared to other people. Because the question involves a ranking, only 50 percent of people can be ranked in the top half, and 50 percent must be in the bottom half. But when people rank their own competence, the vast majority rank themselves in the top half. However, not everybody overestimates their abilities. Individuals at the very top of the competence scale often give themselves too low a ranking. It is thought this phenomenon occurs because the most competent individuals find it hard to believe they are so much more competent than the many overconfident people also being studied.

Correctly identifying competence is important at all times, but especially when trying to rapidly increase the number of competent professionals working within a domain. Incompetent people will judge themselves to be competent, and will judge others to be competent, even though the entire team lacks sufficient competence for anyone to accurately assess how well it performs its task. And when I look around the world of fraud management for comms providers, I see a lot of signs of incompetence, from the oft-repeated but ineptly calculated measures of fraud reported by the CFCA every two years, to the miserable quality of some training courses sold to telcos. If the community was overflowing with competent professionals then they would not be repeating dodgy statistics and they would reject bad education given by teachers that only have narrow hands-on experience. We accept these things as the norm because so little money is spent on tackling fraud, whether it goes towards the pay of an educator or the deeply amateurish methods used to generate statistics about crimes that were already difficult to detect. Suddenly adding many more professionals to this milieu, whilst employing them in law enforcement agencies rather than comms providers, is only going to deepen a crisis in learning about fraud and fraud management that has been largely ignored because too few competent professionals have been trying to address it.

In the spirit of trying to learn from success and failure, let us consider what Kenyan police have been doing in Bomet County, which is situated about 150km West of the capital, Nairobi, and is very close to the world-famous Maasai Mara reserve. The good news is that police have been arresting many SIM swap fraudsters based in Bomet County. The bad news is that police keep needing to arrest many SIM swap fraudsters who work from Bomet County. The Bomet County SIM swap crime fraternity, popularly known as ‘swappers’ by locals, has been hit by the following arrests:

There were fewer arrests in February than January, but the trend is for the gaps between police raids to get shorter, whilst a rising number of arrests are being made. Far more arrests of SIM swap suspects occur in this county, which is home to less than a million people, than in the remainder of a country whose total population is 53 million. What can we learn from this pattern?

  • When gangs of organized criminals learn how to perform a lucrative crime, they will keep committing the crime, even if specific individuals are arrested and punished.
  • Criminals teach each other how to commit crime. The peculiar concentration of SIM swap fraudsters in Bomet Country probably reflects the way these criminals are learning from face-to-face interaction with each other. Kenyans are less likely to have access to the kinds of online networks used to exchange information between more distributed gangs in Western countries, and police seizures show that targets for fraud are listed using paper and pencil when crooks in other countries would have made electronic records.
  • Police can ramp up their enforcement activities, but the more people who have already learned how to commit a crime, the more effort is required to bring it back under control. The 2022 arrest claimed the scalp of a ‘mastermind’, but years later the police are forced to arrest numerous young men who are repeating the same frauds.

The message given by the Kenyan police crackdown on SIM swappers has some interesting parallels with recent publicity about raids on SIM farms in the UK. Whilst the two types of frauds are distinct, there are the early signs of a similar increase in the tempo of British enforcement activity for crimes involving comms networks. The Kenyan experience hints at how the number of arrests in Western countries may need to further accelerate in response to a rising tide of crime. At the other end of the scale, China has recently been taking thousands of phone and internet scammers into custody. They are being captured from scam compounds in foreign countries, ostensibly because the crackdown that began within China in 2016 forced Chinese-language scammers to offshore their operations. China is a very big country, but if the Chinese authorities find it necessary to extradite thousands of people for crimes that prompted police and prosecutors to ramp up their enforcement efforts 8 years ago, then this provides further reason to believe that the rot in Western countries has been underestimated so far. Devoting more resources to identifying and capturing crooks may only reveal that our expectations of what is required to start reducing these crimes is far below what is really required.

There is some supposition in this analysis, but I do not feel bad about this because I can see how much supposition feeds the stream of misinformation that wrongly gets treated as ‘facts’ about fraud. Either some people are incompetent, or they are too proud to admit how little they really know about frauds conducted over comms networks. My conjecture is that there will be experts who will be glad to be carried along by a wave of increased expenditure on fighting fraud, but whose lack of expertise should simultaneously become evident because additional investigation resources will highlight how many erroneous assumptions had been repeated without question. To make the most of the new resources being given to police forces all over, they should receive training about fraud from the best of the best, and they need it at the beginning of their efforts, not after they have already learned from their mistakes. I fear they may receive training that is far less than the best, because it will be given by people with mistaken beliefs about how much they know.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email