Recovery Scams

Avoiding Recovery Scams in Kenya (2026 Edition)

If you have already lost money to an online scam, you are exactly the person another scammer wants to talk to.

In many cases, the first fraud does not only cause financial damage. It also has an emotional impact, making the victim feel angry, stupid, vindictive, desperate, etcetera. Recovery scams work so well, because they do not only address the financial loss; they appeal to the injured emotions as well. Just like with initial financial scams, there is also often an element of stress, where the recovery scammers make you feel you need to act fast to get everything back. 

Recovery scammers usually approach victims in Kenya weeks or months after the original loss. By then, the shock has faded but the frustration remains. You may have told friends, family, and your bank or payment processor. You have reported the scam to the police, and to the Capital Markets Authority (CMA), and nothings has happened. All hope seems lost. But then, someone calls or messages you saying they know about the scam, they have “a file on your case”, and they believe they can help you recover the money. In that moment, your risk filter is at its weakest.

The data they have on you makes it feel even safer. They know your name, the platform you used, how much you lost, maybe even the dates and screenshots. That is not magic. Either they are the original scammers recycling data under a new brand, or they bought your details from so called “sucker lists” where criminal groups trade information about people who have already fallen victim to one ore more scams. Global reports and law enforcement briefings have confirmed that scammers frequently resell victim data and use it to run multiple fraud cycles on the same people.

Psychologically, someone who “recognizes” that you were wronged feels like an ally, not a threat. The caller frames themselves as being on the moral high ground: “What happened to you was illegal. We work with regulators / with Interpol / with blockchain analysts. We are trying to help people like you.” When you hear your own anger and sense of injustice reflected back at you, it becomes very easy to accept their authority.

Recovery scams depend on that mix of despair and hope. The more you feel that no one else is listening, the better their chances that you will listen to them. Some victims have lost more in the recovery scam than in the original one.

Common Impersonations in the Kenyan Context

In Kenya, recovery scams in 2026 often involve the impersonation of government officials; either belonging to Kenyan law enforcement or reaching out from abroad. The exact names and organizations change, but the patterns are surprisingly similar. Some scammers take another approach, and pretend to be working independently, e.g. as crypto-recovery experts, private investigators, or individuals with ties to “powerful people who can make things happen”. 

What all of these roles share is the same script: “We know what happened to you. We have power. We can fix it. You just need to pay something small first.”

If you fall victim to the scam, they will typically continue to bleed you for as long as it works. When you finally refuse to pay more, the line goes silent, and you find yourself blocked on all channels. There is no case number, no office you can walk into, and often not even a real name to quote in your police report.

The Fake Police Officer 

One favourite role is the “DCI officer”. The caller claims to be from Directorate of Criminal Investigations, often the “Digital Asset Unit” or “Cybercrime Unit”. They may reference the physical location at Mazingira House on Kiambu Road, quote the real toll free #FichuaKwaDCI hotline 0800 722 203, or drop terms like OB number, file number or case reference to sound authentic. The goal is to convince you that your earlier complaint has triggered an investigation and that your funds are now “traceable” or “frozen pending court orders”. If you have already reported the scam to the police and/or the CMA, it makes perfect sense to believe someone is finally reaching out to you. If you have not, the fraudster will put you at ease by explaining that your name and account have come up as a part of a bigger investigation into the fraudulent organization. The fraudsters business model becomes clear in the next step: they claim that your forex loss, crypto loss, or online investment loss has been approved for payout, but you must “regularise some charges” first. In order to get your money back, you need to first make a small payment. The exact rationalization as to why vary, but the underlying method is the same. In order to get all your money back, you must pay a small fee upfront. 

Fake foreign law enforcement personal are also a known route for scammers, e.g. pretending to be someone working for Interpol, Europol, Afripol, the FBI, or similar. Sometimes the organization does not even exist in reality, e.g. the Pan-African Financial Cybercrime Task Force. 

The Fake CMA Officer

Of course, pretending to be an “CMA compensation officer” is also common. Here, scammers borrow the name of the Capital Markets Authority and talk about the Investor Compensation Fund (ICF), whistleblower rules, or “recovered sums from fraudulent investment schemes”. The ICF does exist, which makes the story more believable. Fraudsters can send over links to real CMA education material and explain how the CMA has the powers to compensate investors in certain situations. Just as with the fake police officer, the fake CMA officer will tell you to make a small payment first, before you can get your lost money back. 

Sometimes, the fraudster does not pose as a CMA officer, but as an officer working for a foreign financial authority. A Kenyan trader who has lost money to a company based in the Seychelles can for instance be contacted by someone claiming to work for the financial authority of that country. Another common choice is an internationally well-known entity such as the FCA of the United Kingdom or the SEC of the United States. 

The Fake Central Bank Officer

The fake Central Bank officer works from roughly the same script as the fake CMA officer. The Central Bank has frozen the assets of a fraudster, or carried out some type of charge-back, and you are entitled to a payback. But first….you need to make a small deposit.   

The Fake Law Firm & The Class Action Suit  

Then there is the class action law firm. Fraudsters pose as advocates from a well known Nairobi practice, often using a real firm name, logo and address scraped from the web. Or, they pretend to reach out from a big and internationally well-known firm, e.g. one based in the United States or the United Kingdom. A company with strong muscles who knows how to navigate complex international fraud cases that span multiple jurisdictions. 

The fake lawyer will tell you that the firm is about to launch, or have already launched, a class action law suit against the entity that defrauded you. Conveniently, your name appears on the list of victims. You never hired them, but according to them your claim is valid because you appear on their list, and you only need to join the class action to get your money back. All that is required from you now is a filing fee, court fee, or a contribution to shared legal costs. In another version of this scam, the class action law suit has already been won, but due to some technicality, you must make a small payment before your money can be released.  

The Fake Crypto Recovery Expert 

In recent years, the “crypto recovery expert” has become more prominent in recovery scam cases. These are usually individual actors or small groups who call themselves blockchain forensics specialists. They talk about tracing TX hashes, chain analysis and “reverse engineering” Bitcoin or USDT transfers. Some show you online tools with moving graphs and wallet clusters. They insist that they can “lock” or “recall” your coins from the scammer’s wallet if you just pay for on chain tracing, court orders, gas fees or “miner priority fees”. Both regulators and independent security researchers have repeatedly warn that any service promising to reverse ordinary crypto transfers is misrepresenting what blockchains allow.

Some “crypto recovery experts” claim that they can scan the blockchain and track the scammers’ wallets. Then ask you to install remote access software such as AnyDesk or TeamViewer on your device, or to “link your wallet” to their portal so that they can “mirror transactions” and “trace flows”. Global law enforcement bulletins on crypto fraud repeatedly warn that no legitimate investigator needs direct wallet control to trace funds, but scammers rely on technical jargon to overwhelm victims. Once remote access is granted, the so called expert simply empties whatever balances remain in your real wallet or on linked exchanges. If you query the missing funds, they blame “gas fees”, “miner errors” or a supposed need to top up for a second attempt. 

The Fake “Fixer” 

As mentioned above, some recovery scammers do not impersonate a governmental official or well-known law firm. Instead, they make a point of not being official. They claim to be able to resolve situations through irregular routes, special contacts and maybe even illegal methods. Sometimes they hint at knowing powerful people in high places, other times they make veiled references to tracking down scammers and physically make them pay. Of course, their services are not free. But for a trader who has lost significant amounts of money, and their faith in the normal legal channels available for restitution, the offer can be very tempting.  

Red Flags Specific to Kenya in 2026

As we are now in 2026, the basic scam techniques utilized to trick traders in Kenya have been upgraded with newer tools, but red flags are still visible if you know where to look. Below, we will take a look at a few things that are either particular to Kenya or fairly new and might not be found in older warning guides. 

Kenyan governmental entities & Kenyan transaction methods

Some fraudsters stick to an international scrip and hope it will be enough to fool people around the world. Others take a more specialized approach and make sure to tailor their story specifically to the Kenyan landscape. With trading scams being on the rise in Kenya, putting some effort into creating a Kenya-specific scenario can be well worth it for recovery fraudsters. 

When recovery scams are tailored specifically to victims in Kenya, they tend to lean on familiar terms like court fees, M-Pesa transaction taxes, cyber investigation costs, asset freeze lifting fees, or KE-CIRT forensic charges. They pick the name of governmental agencies, banks, law firms, and payment processors that exist in Kenya and include them in their spiel to make it more believable for Kenyan victims.

AI Voice Spoofing – A New Tool For Scammers 

A newer problem is fraudsters using AI voice spoofing. A 2025 report from the National KE-CIRT/CC show growing use of AI generated voices in vishing attacks against mobile money users and corporate finance teams, and there is no reason to believe that recovery scammers will abstain from using this great and affordable tool. 

Scammers no longer need to “sound right” to convince a victim in Kenya that they are actually a Central Bank officer in Nairobi or a cybercrime law expert employed by the FBI. They don´t even have to speak the right language. Thanks to AI, scammers can clone a suitable voice and make the program speak convincingly. Just a short clip of recorded audio is enough. (In other types of scams, this has been used to clone the voice of someones family member.) Research on vishing scenarios shows that many people struggle to tell synthetic speech from a real voice, even when they think they are good at it. It is one thing to watch a clip on tiktok, knowing that many of those voices are synthetic. It is another thing to be called-up in your own home, by someone who seemingly knows all the details about who you are and the amount of money you lost to a faux investment platform exactly nine weeks ago. 

When that synthetic voice tells you “this is confidential, do not call your bank yet or the recovery will be blocked”, they are exploiting two buttons at once: urgency and secrecy. Legitimate investigators will typically not mind if you inform your bank, your mobile money provider and the police. It is scammers who insist you must keep quiet until you pay them, and their explanations can be very believable. Maybe the bank or the payment processor is  under investigation for collaborating with the fraudsters. Maybe the caller belongs to a top-secret task force created to work outside the corrupt national police force.  

If a call combines urgency (“you must act within the hour”) with secrecy (“do not involve your bank yet”), that combination alone should put you on high alert.

M-Pesa Recovery Scam 

The M-Pesa bait usually starts with a claim that your stolen money is currently held in a “suspense account” at Safaricom or at your bank, waiting to be released. The caller or texter may reference real fraud alerts you have seen in the news and even quote part of Safaricom’s public statements about data protection or number masking. They then say your funds can be returned if you follow a set of steps.

Those steps often include dialing a USSD string, forwarding SMS messages, or sending a “reversal deposit” to a specific number to prove that you are the rightful owner. Sometimes they frame it as paying “excise duty on the recovered amount”, “transaction tax”, or “system unlocking fee”. In reality, you are just sending more money to a fraudster. 

You would think that the fraudsters would be satisfied to receive the initial amount, but may of them keep angling for more. They can claim something went wrong with the first attempt (“We can´t see it on our end, can you try again?”). Or, suddenly, various new fees must be paid, one by one. They know that once a person has begun paying, he or she will be invested and reluctant to realize they have been scammed.  There are also reports showing that once the first deposit has been sent, fraudsters proceed with SIM swap attempts, using the codes you reveal. A SIM swap is when a criminal convinces a mobile carrier to move your phone number to a SIM card they control. If they succeed, they will now receive your SMS messages, one-time passwords (OTP), bank verification codes, mobile money confirmations, and more. 

Examples of psychological fallacies and cognitive biases that make us extra vulnerable to recovery scams 

Sunk Cost Fallacy

  • What it is: The tendency to continue investing time, money or energy because you’ve already invested a lot.
  • How recovery scammers exploit it: After someone loses money in an initial scam, a “recovery agent” says they can get it back for a fee. Because the victim already lost money, paying more feels like a way to fix the loss.
  • Example thinking: “I already lost $3,000… paying $500 to recover it might be worth it.”

Loss Aversion

  • What it is: Studies show that humans tend to feel the pain of losses more strongly than the pleasure of gains, and are willing to take bigger risks to avoid accepting a loss.
  • How scammers exploit it: They promise “90% recovery success” or “legal action underway.” Victims focus on the chance to erase the loss rather than the risk of losing more.

Authority Bias

  • What it is: People trust someone who appears to be an expert or official.
  • How scammers exploit it: They claim to be police officers, CMA investigators, advanced blockchain analysts, lawyers working for a top-notch firm, etc. Common tricks include AI voice tools, fake documents, fake badges, and referring you to official-looking website they control. 

Commitment & Consistency Bias

  • What it is: Once people take a step toward something, they feel pressure to stay consistent.
  • How scammers exploit it: They begin with a small fee, e.g. for “case opening”. Then additional fees begin to pile on, for things such as “international transfer clearance”, “legal fees”, or “taxes due on recovered funds”. 

Urgency Effect

  • What it is: When you (believe you) have to act quickly or lose this unique opportunity, you do not have time to think things true, investigate and verify. 
  • How scammers exploit it: They make you believe you have to act right now. “Your funds will be released today if you pay the recovery tax right now, but the authorities will seize the funds if you delay.” 

Confirmation Bias

  • What it is: We are more likely to believe information that confirms what we want to be true.
  • How scammers exploit it: Victims want to believe their money will be recovered and criminals will be punished. They therefore ignore warning signs and focus on the “proof” provided by the scammer.

Legitimate Legal Paths in Kenya

So if the “instant recovery” offers are fake, what does a real legal path look like in Kenya?

The starting point for criminal fraud is National KE-CIRT/CC and Communications Authority of Kenya on the cyber side, and law enforcement on the policing side. Cyber incidents, including online fraud and impersonation, can be reported to KE-CIRT through their incident email and hotlines listed on their official site. This helps create a formal record and can sometimes trigger broader action when patterns of abuse appear.

For criminal investigation, you can report directly to Kenya Police Service DCI, especially the cybercrime unit at Mazingira House on Kiambu Road in Nairobi, or the nearest regional DCI office. DCI advertises its toll free hotline 0800 722 203 and WhatsApp line 0709 570 000 for anonymous tips and fraud reports. In practice, for serious monetary loss it is still wise to appear physically at a police station or DCI office, obtain an OB number and provide all documents.

Trading scams should also be reported to the Capital Markets Authority (CMA) Kenya. CMA runs both an eCitizen portal and a dedicated complaints portal for reporting misconduct by licensees and unapproved schemes, and publishes phone and email contacts for complaints and whistleblowing. The Investor Compensation Fund (ICF) maintained by the CMA may, in limited cases, pay compensation, but it is only available when a CMA-licensed intermediary fails to meet its obligations, and scammers are, of course, usually not CMA-licensed. 

For scams that involve misuse of your personal data, such as your ID, KRA PIN, selfies or bank statements, you may also have a route through the Office of the Data Protection Commissioner (ODPC), depending on the circumstances. The ODPC allows individuals to file complaints and report data breaches through its website, and publishes contact numbers and email addresses for assistance. They can investigate misuse of your personal data under the Data Protection Act.

Your Personal Data: Prevention & Damage Control 

Once you realize that your personal information is in the hands of fraudsters, you should take damage control actions. There are also things we as traders and investors can do beforehand, to reduce the risk of our data ending up in the wrong hands. Below, we will look at a few suggestions for both. These suggestions are not only about recovery scams, they are more general.

Data Minimalisation 

As a trader and investor, you can add your own version of data minimalisation. Use separate email addresses for trading platforms, get an additional phone number and do not share your primary phone number, and don´t post or share transaction screenshots that show names or partial numbers. When apps or financial services ask for permissions, documents or personal info, stop and ask yourself whether they are properly licensed and whether that level of access is necessary. The aim is to reduce your “surface area” when it come to exposed data.

M-Pesa Privacy Upgrade 

One useful change in 2026 is the privacy upgrade on M-Pesa. Safaricom has now received approval from the Central Bank of Kenya to mask phone numbers during many Till, PayBill and even some peer to peer transactions, reducing how often your full number is exposed to merchants and strangers. Recent coverage also shows that even M-Pesa statements sent to customers have started redacting phone numbers by default, with full unmasked statements only available through stricter in person processes. This is classic “data minimisation” in action: the less data is visible, the less there is to harvest.

High Risk Alert 

If you think your data might have ended up in the wrong hands, e.g. because you have been the victim of a forex trading scam, ask your bank, payment procesosr and mobile operator to note your account as higher risk for account takeover attempts, and ask them for information about how you can strengthen the verification steps (if applicable). 

Monitor 

Make a habit out of keeping an eye on your credit reports. Any new loan notification will be easier to deal with if you spot it right away. While Kenya’s credit reference ecosystem is still evolving, unrecognized loan alerts, mobile loan approvals, or debt collection calls in your name are all signs that your identity might be in use elsewhere.

Data Protection Act 

If you have already sent a copy of your ID or passport to a suspected scammer, treat it as a potential identity theft incident. Under the Data Protection Act, you can complain to ODPC if your personal data has been misused, and they publish clear channels for reporting breaches and misuse. 

Safekeep Documentation 

Store copies of police abstracts, complaint numbers and regulator responses in one folder. If someone later opens a line or account in your name, having that paper trail makes it easier to show that your documents were compromised earlier.

Acceptance – Don´t Throw Good Money After Bad 

One of reasons why recovery scams work so well is because we, naturally, hate the helpless feeling of being scammed an not being able to neither get the money back nor bring the criminals to justice. It is very tempting to put a lot of effort into getting things right. As we have mentioned above, some people even lose more money to the recovery scam than the initial scam. 

Even though it hurts to “just give up” and throw our hands in the air, we also need to be smart and strategic. As a trader, you are probably familiar with the expression “Don´t throw good money after bad”. Among investors, throwing good money after bad means continuing to spend money on something that is already failing or lost, instead of stopping and cutting your losses. An investment has gone very wrong, but instead of accepting the loss, we keep putting more money into it, even though it is unlikely to fix the problem. We just don´t want to accept that we made an investment decision and it did not pan out as planned. 

As investors, we know that “throwing good money after bad” is a horrible idea when it comes to investments, but we need to realize that this is true for scams as well. At a certain point, it becomes ridiculous to keep throwing time, money and energy into recovery efforts, especially when the amount lost is comparatively small and the realistic chance of recovery is diminutive, e.g. because we sent money to a foreign entity operating without a CMA-license.  

A part of avoiding recovery scams is to accept that is not much the Kenyan legal system can do when fraudsters are hiding out in offshore locations where the authorities do not cooperate with other countries to bring this type of financial criminals to justice. 

Recovery scams are appealing, since the give us hope. They promise fast action, certain refunds, and dramatic interventions. Maybe even some punishment for the scammers. The harsh reality is that in may cases (not all), filing reports with the DCI, KE-CIRT, CMA, ODPC and your bank will probably not bring back your money. What those steps do is create evidence of your being the victim of a scam and give you some protection in case fraudsters use your data for other frauds.

The hardest part is often to accept that there is no special backdoor channel where clever and powerful insiders reverse wire transfers, roll back Bitcoin transactions or force foreign brokers in offshore paradise locations to pay back our deposit.

This article was last updated on: March 12, 2026