Kenyans lost close to Sh30 billion to cybercrime in just three months, a new report has revealed, laying bare how online fraud is increasingly targeting everyday financial activities, especially mobile money transactions that have become central to daily life across the country.
The findings, contained in the GeoPoll report titled ‘Connected & Concerned: Cybersecurity and Data Protection in Kenya’, show that cybercrime is no longer a rare or technical problem but a common risk affecting millions of users who rely heavily on digital payments.
The report estimates that between July and September 2025 alone, Kenyans lost about Sh29.9 billion to cyber-related fraud.
A large part of the risk is linked to the country’s deep reliance on mobile money services, with more than 30 million users and over $50 billion (about Sh6.45 trillion) processed annually.
The report points out that platforms such as M-Pesa have become both a backbone of the economy and a major target for fraudsters using tactics such as Sim-swap schemes, stolen login details and manipulation of victims through social engineering.
More than half of those surveyed, at 54 per cent, said they had experienced mobile money fraud. In addition, 61 per cent reported phishing attempts, while 31 per cent said their accounts had been hacked. The report further notes that three out of four respondents know someone who has personally fallen victim to cybercrime, showing how widespread the problem has become.
“This is not a marginal issue — it is embedded in everyday financial life,” the report notes.
At the household level, the impact is felt across many income groups, even though many cases go unreported or are downplayed. About 37 per cent of respondents said they had lost money to a cyber incident within the past year. Most of the losses, representing 74 per cent, were below Sh5,000, but the report warns that repeated small losses add up over time and strain households.
A smaller group, about 6 per cent of victims, reported losses above Sh50,000, pointing to more serious and organised forms of cyber fraud.
The report shows that victims lose money through different schemes including online scams, cryptocurrency fraud, pension-related schemes, fake retail offers, job-related email scams, artificial intelligence investment bots, subscription traps and fake celebrity endorsements.
Gender patterns also emerge in the findings, with 40 per cent of men reporting financial loss compared to 34 per cent of women.
Beyond mobile money fraud, Kenyans are also exposed to phishing attacks, account hacking, stalking and harassment, identity theft and bank fraud, all of which continue to evolve as digital use grows across the country.
The findings also reflect earlier trends in the sector. A 2021 FinAccess survey showed a sharp rise in users reporting losses, including mistaken transfers, which increased from 8.4 per cent in 2019 to 47.4 per cent in 2021.
Despite the rising threats, the report notes that Kenya has relatively strong awareness of basic cybersecurity practices. About 78 per cent of respondents said they use strong passwords, while 52 per cent reported using two-factor authentication, a figure above global averages.
This is linked to the widespread use of security features within mobile money and banking systems, which has helped shape more awareness among users. However, the report says this awareness has not fully translated into safer behaviour, as many users still reuse passwords or share personal details, creating gaps that fraudsters continue to exploit.