A sophisticated SMS phishing scam is targeting Kenyan motorists, creating false panic to steal money by demanding payment for non-existent traffic fines. The National Transport and Safety Authority (NTSA) has issued an urgent fraud alert, warning the public not to fall for the deceptive messages.

This new wave of cybercrime exploits the public's trust in official communications to siphon funds directly from their mobile wallets. With millions of Kenyans relying on mobile banking for daily transactions, the scam places a significant portion of the population at immediate financial risk, turning a routine traffic matter into a potential gateway for fraud.

In a statement released Thursday, the NTSA clarified that it is not behind the messages, which direct recipients to a counterfeit website to settle fabricated fines. "We have received reports of fraudsters sending SMS messages to members of the public, urging them to pay alleged traffic violation fines through a specified link by a deadline," the authority noted.

How the Scam Impersonates Authority

The fraudsters' tactics are designed to mimic official NTSA communication, making the messages appear legitimate at first glance. They create a false sense of urgency by threatening court summons or other penalties if the supposed fine is not paid immediately.

Once a user clicks the link in the SMS, they are taken to a cloned website, identified as 'ntsca.cc', which is not affiliated with the official state body. A major red flag, the site prompts motorists to enter their vehicle registration number—information the NTSA would already possess in a legitimate case.

This scam is part of a larger, troubling trend. According to the Central Bank of Kenya, bank customers lost a record KES 1.59 billion to cybercriminals in 2024, with mobile banking fraud seeing a staggering 344% increase.

Protecting Your Digital Wallet

The NTSA has emphasized that public vigilance is the first line of defense and is actively working with investigative agencies to dismantle the scheme. To avoid becoming a victim, the authority and cybersecurity experts advise the following:

• Verify the Source: Official NTSA notifications are sent from the short names 'NTSA' or '22847_NTSA'.
• Use Official Channels: All legitimate traffic fines should be verified and paid through the official NTSA portal on the eCitizen platform. The authority's only official website is http://ntsa.go.ke.
• Never Click Suspicious Links: Do not click on links or reply to unsolicited messages. Doing so can expose your device to malware or further fraud.
• Report and Block: If you receive a suspicious message, report it to the authorities. If you have already paid, contact your bank immediately to attempt to block or reverse the transaction.

As fraudsters' methods grow more sophisticated, the core advice remains constant: always pause and verify before making any unplanned payment. This vigilance is the most effective tool for safeguarding your finances against digital predators.