Posta Kenya is among the oldest Government agencies in the country. Posta services have been critical for people who want to send and receive parcels.
A source who wishes to remain anonymous has come forward with a harrowing account of a suspected hacking/compromise within Posta Kenya systems.
The victim shared a recent encounter with what appears to be a sophisticated scam targeting shoppers expecting parcels from overseas.
After ordering iPhone 15 covers, he received a text demanding address updates.
Clicking the link led to an attempt to extract money.
Posta has reportedly confirmed the breach but no public notification has been issued about the latest scam.
The client opened up to the renowned blogger Cyprian Nyakundi on the cartels running the Posta service in Kenya.
The client said, ” there’s an urgent matter that needs to be brought to the public’s attention regarding what seems to be a compromise or hacking of the postal service (Posta) system or possible collusion with scammers by some employees. Here’s what happened:
A few weeks ago, I ordered some iPhone 15 covers from AliExpress. I tracked the shipment and saw that the items had reached the country of destination and cleared customs. Today, I received Ksh 56,000 in my M-Pesa account, which I immediately transferred to my bank account. Shortly after, I received a text message with a link, informing me that I needed to update my address details or risk having my items sent back within 12 hours.
Assuming my parcel was ready for collection, I tried calling back the number provided, but it was constantly busy. I even sent a text message but received no response. Worried that my items might be sent back, I clicked on the link provided in the text message. It prompted me to input my details such as full names and physical address. After doing so, it asked me to pay Ksh 43.00 for the items to be delivered to my address. Seeing that the amount was small, I proceeded to make the payment.
However, to my surprise, after entering my card details for my M-Pesa Global card, I received an SMS notification stating that I had insufficient funds to pay Ksh 12,756.21 to a company with a Chinese name. At this point, I realized it was a scam. When I tried to access the Posta link again, it was unavailable.
Upon contacting Posta customer care, I was informed that their system had been hacked and that scammers had access to all ongoing activities and data within Posta. This raises serious concerns about the security of citizens’ information and the integrity of the postal service.
It’s alarming that Posta has not publicly notified citizens of this security breach. I urge you to sensitize Kenyans about this issue and investigate further to uncover the perpetrators behind this scam. Additionally, I would appreciate it if you could help identify the owners of the account to which I almost lost my money.”