Skip to content
Entrepreneur's Corner

THE “PRIZE” TEXT THAT CAN EMPTY YOUR M-PESA

BY Steve Biko Wafula · July 13, 2026 01:07 pm

At 6:43 on a Tuesday morning, “Grace” — a fictional composite based on common scam patterns — is opening her small shop in Webuye. School fees are due. Stock is low. Her phone vibrates before the first customer arrives.

UNVERIFIED SENDER: 0712 XXX XXX

“CONGRATULATION! Your SAFARICOM line has WON KES 250,000 in the CUSTOMER LOYALTY PROMOTION. Call now. Pay a KES 1,850 clearance fee before 9:00 AM to activate payment. Do not share this message. Ref: SFK-9084.”

 

For a few seconds, Grace sees relief: rent, school fees, food and new stock. That emotional flash is exactly what the criminal is buying. The fraudster does not begin by attacking technology. He begins by attacking judgement — using hope, urgency, secrecy and the authority of a trusted brand.

Grace calls. A confident voice congratulates her, reads out a fabricated reference number and tells her the “prize department” is processing the payment. He then asks for a small fee, followed by her full name, identification number and a code that has just arrived by SMS. Each request is presented as normal. Each request moves her closer to losing money or control of her account.

This is smishing: phishing conducted through text messages. The message is designed to make the victim click, call, disclose information, transfer money, or follow phone instructions before slowing down to verify the claim. Kenya’s National KE-CIRT/CC has warned that attackers increasingly impersonate trusted institutions through SMS and messaging platforms while using urgency and psychological pressure to manipulate victims.[1]

THE MOST IMPORTANT PAUSE

The moment a message makes you unusually excited, frightened, or rushed, stop. Strong emotion is not evidence that the message is genuine; it is often the mechanism the scammer is using to bypass careful thought.

Why Fake Prize Messages Work

Fake prize SMS messages are powerful because they combine five pressures at once: a trusted name, unexpected good news, a deadline, a supposedly small first payment and the fear of losing a rare opportunity. The criminal may sound polite, professional and patient. He may know your name. He may use a Safaricom-coloured profile picture on WhatsApp. He may send an image containing a logo, a certificate or a photograph of cash. None of those things proves authenticity.

The first amount requested may be deliberately modest — perhaps KES 300, KES 850 or KES 1,850. Once the victim pays, the criminal invents a second obstacle: tax, insurance, account unlocking, anti-money-laundering clearance, delivery, registration or “M-PESA limit enhancement.” The victim keeps paying because abandoning the process would mean accepting that the earlier money is gone. This is how a small lie becomes a chain of losses.

The Fake SMS, Dissected Line by Line

What the message saysWhat it is trying to do
“CONGRATULATIONS!”Emotional trigger and poor language. A flashy opening is meant to stop you thinking about whether you entered any promotion.
“Your line has WON KES 250,000”An unexpected win. Ask: Which promotion? When did I enter? Where are the published terms and draw details?
“Call 0712…”A personal mobile number is being used as the supposed prize office. Do not call the number supplied by the suspicious message.
“Pay KES 1,850 clearance fee”The prize is being converted into a payment demand. A prize that requires advance money is a major fraud signal.
“Before 9:00 AM”Artificial urgency. The deadline is designed to prevent independent verification.
“Do not share this message”Secrecy isolates the victim from family, friends, and official customer care who could expose the lie.
“Ref: SFK-9084”A reference number is easy to invent. Professional-looking details are not independent proof.

 

The Red-Flag Checklist: Treat the Message as a Scam Until Verified

You are told you won a promotion you do not remember entering.

The message arrives from an ordinary personal number, a strange sender name or an unexpected WhatsApp account.

You are asked to pay a “clearance fee,” “tax,” “activation fee,” “delivery fee,” airtime, deposit or commission before receiving the prize.

You are asked for your M-PESA PIN, SIM PIN, password, one-time password (OTP), identification number, date of birth, M-PESA balance or security answers.

You are instructed to dial a code, press numbers during a call, replace your SIM card, install an application, share your screen or allow remote access.

The sender creates a deadline: “claim in ten minutes,” “before 9:00 AM,” or “your prize will be cancelled.”

The sender tells you not to speak to anyone, not to visit a shop or not to call customer care.

The message includes a shortened, misspelled or unfamiliar web link.

The page uses Safaricom colours and logos, but the web address is not the official Safaricom domain.

The supposed official asks you to transfer money to a personal number, Pochi, Till or PayBill that you cannot independently verify.

There are spelling errors, excessive capital letters, random punctuation or inconsistent company names.

The caller becomes angry, threatening or impatient when you ask to verify the promotion independently.

You are asked to forward the message to many people, join a WhatsApp group or share the link before claiming.

The offer is vastly more generous than any clear action you took to qualify for it.

ONE RED FLAG IS ENOUGH TO PAUSE

Do not wait until every warning sign appears. A single request for your PIN, OTP, advance payment, or remote access is sufficient reason to stop the interaction and verify independently.

How to Detect a Fake Safaricom Prize on Your Phone

1. Do not tap, call, or reply immediately.

A reply confirms that your number is active. Calling the number takes you directly into the criminal’s script. Put the phone down and create distance from the urgency.

2. Ask whether you actually entered the promotion.

A person cannot reasonably win a draw that they never joined. Search your own memory, receipts, app activity and prior official messages — not the information supplied by the suspicious sender.

3. Inspect the sender information.

Open the message details without following any link. A random mobile number is a serious warning sign. Even a familiar-looking sender label is not enough on its own; criminals can imitate branding, wording and appearance.

4. Read the link from right to left.

The decisive part of a web address is the actual domain, not the Safaricom word placed somewhere in front. “www.safaricom.co.ke” is very different from “safaricom.co.ke.prize-claim.example” or “safaricom-rewards.example.” Do not open a suspicious link to investigate it.

5. Verify outside the message.

Manually open the mySafaricom or M-PESA app, type the official Safaricom website address yourself, call official customer care or visit a Safaricom shop. Never use the phone number or link supplied by the alleged prize message.

6. Check for official promotion information.

A legitimate national promotion should have clear terms, eligibility rules, dates, prize descriptions and a verifiable public trail. A logo, poster or “winner certificate” sent by the claimant is not independent verification.

7. Challenge the payment demand.

Ask why a genuine company would need a winner to send money to a private number before releasing a prize. The criminal’s answer will normally become vague, urgent or aggressive.

8. Protect all security codes.

Safaricom states that it will never ask for your M-PESA PIN, passwords or personal details through an unsolicited interaction.[2] An OTP is an approval key, not proof that the caller is genuine.

How Genuine Safaricom Communication Differs

No single visual feature should be treated as absolute proof, because criminals copy logos, language and colour schemes. Verification must depend on an independent official channel. Safaricom’s own fraud-awareness guidance says the company will not request your M-PESA PIN, passwords or personal details, and advises customers to forward fake messages to 333.[2]

Safer indicators of genuine communicationTypical indicators of a fake prize message
The promotion can be verified on official Safaricom platforms or through official customer care.The only “proof” is the message, caller, WhatsApp profile, certificate or link supplied by the same person.
Terms and conditions, dates and eligibility are clear and publicly available.Rules are vague, hidden or invented during the call.
No demand for your M-PESA PIN, OTP or password.The caller asks for security codes “to activate” or “confirm” the prize.
No payment to a personal number as a condition for receiving a prize.A fee, tax or deposit must be sent before release.
You are free to verify through a shop, app, website or customer care.The caller discourages verification or insists you must remain on the line.
Communication remains professional when you ask questions.The caller uses pressure, threats, insults or a countdown.

 

OFFICIAL SAFARICOM VERIFICATION CHANNELS

Safaricom’s current guidance lists 100 for PrePay customer care, 200 for PostPay customer care, official social accounts using the SafaricomPLC name, and 333 for forwarding suspected fraudulent messages. Safaricom also states that official outbound calls are made from 0722000000.[2][3][4]

The 60-Second Verification Test

STOP

Do nothing while excited or afraid.

QUESTION

Did I enter? Why am I paying?

INSPECT

Sender, wording, request, and link.

VERIFY

Use an independent official channel.

REPORT

Forward the message to 333 and block.

What You Should Never Do

Never send money to “unlock” a prize.

Never reveal an M-PESA PIN, SIM PIN, password, OTP or security answer.

Never dial a code given by an unknown caller who claims to be fixing, upgrading, reversing or registering your line.

Never install an application or screen-sharing tool at the request of a prize caller.

Never hand your phone to a stranger to “help” you claim a promotion.

Never trust a screenshot of an M-PESA message, certificate, staff card or social-media profile as final proof.

Never continue merely because you have already paid once. Stop immediately; an earlier loss does not become recoverable by making another payment.

What to Do When a Suspicious Message Arrives

Preserve the evidence.

Take screenshots showing the full message, sender, phone number, link, date and time. Do not edit the images.

Forward the suspicious message to 333.

Safaricom identifies 333 as its fraud-reporting SMS channel. Forwarding assists investigation and blocking efforts.[2]

Block and report the sender on your phone.

Use the phone’s spam-reporting feature after preserving and forwarding the evidence.

Verify independently.

Use official customer care, the official website or app, a verified official social account or a physical Safaricom shop.

Warn the vulnerable people around you.

Older relatives, new smartphone users, teenagers, traders and people under financial pressure may be especially susceptible to “good news” scams.

If You Already Clicked, Shared Details or Sent Money

Do not allow shame to delay action. Fraud succeeds when victims remain silent. The first few minutes matter, and while recovery cannot be guaranteed, rapid reporting can reduce further damage.

Stop all communication and payments.

Do not pay a second “recovery,” “release,” “refund” or “investigation” fee.

Change compromised credentials immediately.

Change your M-PESA PIN and any password reused elsewhere. Use the official app, USSD menu or customer-care route — not instructions from the caller.

Contact Safaricom and your financial institution through official channels.

Explain exactly what was shared and what transactions occurred. Ask about available account-security and reversal steps.

Check your M-PESA and bank activity.

Look for transactions, login alerts, new beneficiaries or changes you do not recognise.

Secure your email and messaging accounts.

Email often controls password resets. Change the password, sign out unknown sessions and enable multi-factor authentication where available.

Report the incident.

Preserve transaction codes, phone numbers, screenshots, names used and call times. Serious incidents can also be reported to the police and National KE-CIRT/CC.[1][5]

Tell trusted people.

A second person can help you think clearly, contact providers and prevent the fraudster from isolating you.

DO NOT PAY A “RECOVERY AGENT” WHO CONTACTS YOU FIRST

Victims are sometimes targeted again by people claiming they can recover stolen money for an advance fee. Treat unsolicited recovery offers as another potential scam and use official law-enforcement, bank and operator channels.

Protecting Families, Schools and Small Businesses

Smishing education should not remain an individual responsibility. Families and workplaces need a simple verification culture: nobody sends money, shares an OTP or follows account instructions received through an unexpected message without consulting another trusted person and verifying independently.

Create a family “pause rule.”

Any unexpected prize, emergency, or money request must wait five minutes and be checked with another family member.

Teach children and teenagers that OTPs are secret.

A code sent to the phone can approve access or a transaction. It should never be read aloud to an unsolicited caller.

Separate business and personal controls.

Small businesses should limit who can access the M-PESA PIN, statements and registered SIM card.

Use transaction confirmation, not screenshots.

A merchant should verify funds in the actual M-PESA balance or statement before releasing goods. Safaricom warns that screenshots or edited messages can be misleading.[4]

Discuss scams without mocking victims.

Ridicule produces silence. Calm reporting produces evidence, learning, and faster response.

A Message Every Kenyan Should Share

A fake prize SMS does not steal only through clever technology. It steals through the ordinary human desire for relief. The person targeted may be a parent facing fees, a trader struggling with stock, a student hoping for a new phone, or an elderly person who trusts a familiar corporate name. That is why public education must be firm without blaming victims.

The safest response is simple: stop, question, inspect, verify and report. Do not let a deadline created by a stranger become more powerful than your own judgement. Do not let a logo replace verification. Do not let a small “clearance fee” open the door to a much larger loss.

A PRIZE THAT DEMANDS YOUR MONEY OR YOUR SECRETS IS NOT A PRIZE.

PAUSE. VERIFY. REPORT. PROTECT SOMEONE ELSE.

SAVE THIS CHECKLIST ON YOUR PHONE

✓ I did not enter = I did not win.

✓ Advance fee = stop.

✓ PIN, OTP or password request = scam.

✓ Unknown link = do not tap.

✓ Unknown caller’s code = do not dial.

✓ Verify using 100/200, the official app/site, or a Safaricom shop.

✓ Forward suspected fraud messages to 333.

 

Read Also: The Red Flag You Can’t Afford to Ignore: When “Job Offers” Ask for M-PESA First

Steve Biko is the CEO OF Soko Directory and the founder of Hidalgo Group of Companies. Steve is currently developing his career in law, finance, entrepreneurship and digital consultancy; and has been implementing consultancy assignments for client organizations comprising of trainings besides capacity building in entrepreneurial matters.He can be reached on: +254 20 510 1124 or Email: info@sokodirectory.com

Trending Stories
Related Articles
Explore Soko Directory
Soko Directory Archives