Kenya has urged cooperatives to tighten digital defenses as cyber-threats spike ahead of the festive holidays when financial digital-fraud rings use mobile malware and credential-stealing tools to drain member accounts.
The country’s regulator, Societies Regulatory Authority (SASRA), this week warned Savings and Credit Cooperative Organisation (SACCO) members that cybercriminals are timing their increased attacks to coincide with the upcoming Jamhuri, Christmas and New Year long weekends.
SASRA told cooperatives to be particularly extra vigilant over the festive holiday periods when mobile-money activity spikes, staffing minimal and oversight relaxed.
In a circular early this week, addressed to all deposit-taking and regulated non-deposit-taking SACCOs, SASRA acting CEO, David Sandagi, flagged the festive season as a heightened risk period for digital fraud.
“Fresh intelligence shows most digital breaches now hit in the late evening and early-night hours before or during long weekends and public holidays, when members are actively transacting but internal controls are thinnest,” he wrote.
According to data recently released by the national cybersecurity body KE-CIRT/CC, Kenya recorded a staggering 8.6 billion cyber-threat events in the year to June 2025, more than double the previous year.
In the first quarter of 2025 alone, over 2.5 billion cyber-attacks were detected nationwide, marking a 201.7 percent jump compared with the final quarter of 2024.
SASRA warns that SACCO members are especially vulnerable during the Christmas periods because members often transact via mobile money or internet banking from their phones while internal SACCO systems operate with skeleton staffing.
Many SACCOs link member savings or loan accounts to mobile phone numbers, a channel attackers are now exploiting using mobile malware and phishing campaigns that steal login credentials.
Once credentials are harvested, the digital criminals move funds through mobile-money or internet-banking pipelines, often via third-party vendor integrations or bridging platforms.
Smaller SACCOs, especially those offering digital credit or Pay-Bill float accounts, are believed to be among the hardest hit, because they often depend on third-party fintech partners and lack robust in-house IT security.
Such cooperatives typically serve informal-sector workers and small-business owners, who rely on SACCO savings and loans to meet everyday needs and festive family expenses.
SASRA has therefore instructed all SACCOs to ramp up 24/7 monitoring of digital platforms, scrutinise links between member accounts and mobile numbers and impose real-time human-intervention controls over any suspicious activity rather than relying solely on automated systems.
Share
