Don’t Take the Bait: How Kenyan Students Can Outsmart Phishing Scams

It was a rainy afternoon in Nairobi when Brian, a second-year student at a leading university, received an urgent email from his school’s IT department. The message said his student portal account was at risk of being locked, and he needed to click a link to update his login credentials. With final exams approaching, Brian didn’t think twice—he clicked the link, entered his details, and went on with his day. Hours later, he realized his account had been hacked, and sensitive information was stolen. He had become a victim of a phishing scam.

Brian’s story is not unique. As Kenyan students navigate the digital landscape for their education, cybercriminals are finding new ways to trick them into giving up sensitive information. According to the Communications Authority of Kenya, cyber-attacks surged by 152% in 2023, with phishing ranking among the top threats. But what exactly is phishing, and how can students protect themselves?

In this blog, we’ll unpack the most common phishing scams targeting students and share practical tips to help you avoid falling for these digital traps.

1. The "Too-Good-to-Be-True" Scholarship Scam

Picture this: you receive an email congratulating you on winning a scholarship you never applied for. It looks official—complete with fancy logos and impressive terms. The only catch? You’re asked to provide your ID number, bank account details, and even pay a small “processing fee” to claim your prize. This is a classic phishing trick, preying on students' hopes for financial support.

A 2022 report by Serianu, a leading Kenyan cybersecurity firm, found that 20% of students reported receiving fake scholarship offers. These scammers disguise themselves as legitimate institutions to steal your personal information or extort money.

How to Stay Safe:

• Always verify the legitimacy of scholarships by visiting official websites or contacting the institution directly.
• Never share sensitive information with unsolicited emails.
• Watch for red flags like urgent requests or fees for free opportunities.
   

2. The Fake Job Offer: A Bait for Desperate Students

As a student looking for internships or part-time jobs, you might get excited when a well-paying job offer arrives in your inbox. The offer seems perfect, and all they need is your CV, ID, and other personal details. But before you send any information, stop and think.

Many phishing scams exploit students’ eagerness for employment. The Communications Authority of Kenya noted that fake job offers have been a growing trend, with 33% of phishing attempts in 2023 linked to bogus job listings.

How to Stay Safe:

• Research the company thoroughly before responding to job offers.
• Be wary of job ads that ask for upfront payment or sensitive information before an interview.
• Stick to trusted job platforms and avoid random job offers through email or social media.
   

3. The Urgent "Account Suspension" Trick

Students rely heavily on digital tools—student portals, email accounts, and social media platforms. Phishers often exploit this by sending fake notifications claiming your account is about to be suspended unless you act immediately. The email looks official, sometimes even featuring logos from your school or email provider, and it directs you to a fake login page designed to capture your credentials.

According to a 2023 study by Kaspersky, these types of phishing scams have increased by 27% in Kenya, primarily targeting young people who are less likely to double-check before clicking.

How to Stay Safe:

• Always question emails that urge you to act quickly or face consequences. Legitimate organizations don’t ask for personal information via email.
• Look at the sender’s email address carefully. Phishers often use addresses that look similar to official ones but have subtle differences.
• Never click on links directly from an email—always navigate to the website by typing the address yourself.
   

4. Fake Competitions and Giveaways: Everyone Loves a Freebie

Have you ever seen a message pop up on your social media or email saying you've won a brand-new phone, laptop, or cash prize? These fake giveaways lure students into providing their personal details in exchange for “winning” something they never signed up for.

A 2022 report by Serianu highlighted that over 15% of phishing scams in Kenya involved fake giveaways or competitions, specifically targeting students through social media platforms like Instagram and WhatsApp.

How to Stay Safe:

• If you don’t enter a competition, you can’t win it. Be sceptical of random prize notifications.
• Don’t click on links sent to you via email or social media without verifying their source.
• Stick to trusted, well-known competitions and giveaways from recognized brands.
   

5. The Public Wi-Fi Trap: Phishing in the Wild

Kenyan students often connect to free public Wi-Fi networks at cafes, libraries, and malls, unaware that these networks can be a goldmine for cybercriminals. Phishers set up fake Wi-Fi hotspots with names like "Free University Wi-Fi" to lure students into connecting. Once connected, students are directed to phishing pages asking for personal information or login details.

According to Cybersecurity Ventures, 60% of young adults worldwide connect to insecure public networks regularly, putting their data at risk.

How to Stay Safe:

• Avoid entering sensitive information while using public Wi-Fi. If you must use public Wi-Fi, consider using a Virtual Private Network (VPN) to secure your connection.
• Verify the name of the Wi-Fi network before connecting, and avoid networks that require you to provide personal information.
   

6. Social Media Phishing: Where Friends Become Foes

Phishers know that students spend a lot of time on social media platforms like Facebook, Twitter, and Instagram. One common tactic is to hack a friend’s account and send messages with malicious links, asking for help or offering deals that seem too good to be true.

A 2023 survey by the Communications Authority of Kenya found that 45% of students had received phishing attempts through social media, making it one of the most common platforms for cyber scams.

How to Stay Safe:

• If you receive an unusual message from a friend, verify it by contacting them through another platform.
• Don’t click on links sent through direct messages unless you are certain of the source.
• Be cautious of “too good to be true” offers shared via social media.
   

Conclusion: Stay Vigilant and Protect Yourself

As a student in Kenya, you are more connected than ever, but this also means you are more vulnerable to cyber threats like phishing. Phishers are constantly evolving their tactics, making it essential to stay informed and take precautions.

By following these tips—being cautious of scholarship scams, fake job offers, account suspension tricks, and public Wi-Fi phishing—you can protect yourself from falling victim to these increasingly sophisticated attacks. Remember, it only takes one wrong click to compromise your personal information.

Stay smart, stay vigilant, and don’t take the bait!

Cyber Hygiene Community