Skip to content

How you are Losing Airtime Online

Cases of people losing their credit mysteriously are becoming quite rampant nowadays. Safaricom, the market leader, accounts for the most complaints of this nature. Up until now, the telecoms have done very little to sensitize their customers on the means through which they lose their credit and how to prevent this.

Some have claimed the reason for this laxity is that they also profit in the process. A claim that has recently been exacerbated by an open letter to Safaricom which claimed that some employees of the telecom giant are complicit in running companies that swindle Kenyans of their hard-earned airtime.

Such companies run those so-called premium services that charge your credit for services like games, music, video downloads among other content. This could explain how some people have been finding themselves being subscribed to services they didn’t opt into in the first place.

What’s even worse is that you might find that you’re subscribed to multiple services at the same time. Top up, and they waste no time taking their share.

Personally, like the majority of you, I’ve never subscribed to such services. Reasons, one they’re exorbitant and two I see no need to download substandard content while I can legally get better elsewhere at the cheap price of free. Such is the case of games which are awash in the store.

Nevertheless, I suppose they do appeal to some people, but in so far as they don’t find themselves having been unknowingly subscribed.

So after a lot of noise from Kenyans, Safaricom has sort of yielded and are running a kind of “campaign” to sensitize their subscribers if they have active premium services. I don’t know about the rest of you, but every couple of days I get an SMS alert from Safaricom telling me I have an active premium service.

Ironically, the service in question is one I’m well aware of, since it’s my bank’s mobile banking USSD service.

Safaricom Active Premium Service
Safaricom Alert on Active Premium Service

If you’ve not got such an SMS read here on how to unsubscribe from premium services.

Deceptive Ads the New Subscription Vectors

Now that you’ve hopefully unsubscribed from such services, you should learn how to not fall prey for this unscrupulous services in the future.

The ones advertised on TV or Radio seem legit, not to mention you have to send a message to get subscribed in the first place. The real threat however as I’ve come to learn is over the internet. That’s where they have since taken their flourishing business.

You must have at one point come across some interesting animations or pictures while you surf on your phone or computer and even when using some apps on your phone. Something like “Your phone is infected”, “You’ve been selected…” “You’ve won…” blah blah blah, the list goes on.

Now for the tech-savvy they can instantly recognize this as merely Ads and can easily skip over them if they wish to.

However, some people do mistake them for being part of the site they’re browsing and if whatever is being claimed there catches their attention, they go ahead and click it.

Still, if you don’t click them knowingly, chances are that you’re going to by mistake owing to how these ads have been strategically placed on mobile sites or apps. It’s unfortunate that our fingers rarely display the same accuracy as the mouse pointer.

And it’s not just ads. Clicking actual links on some sites may launch pop up pages (or the less intrusive though equally risky new variant, aptly titled pop unders) instead of taking you to the page you wanted. These pop-ups may contain similar ads.

The problem however are not the ads. Actually were it not for ads most sites would never see the light of day. The problem is the content, and in our case the ads are either misleading or outright malicious.

Such is the case of some of this premium service companies, who are now capitalizing on the fact that most people nowadays have internet capable smartphones and have shifted to using internet ads to subscribe you into their services in very scheming ways.

Let me give you some real-world scenarios that I experimented with.

Exhibit One: Your Phone is Infected!

1. You go to a site e.g

2. You see an ad that catches your attention like the one below.

Phone is intefetced ad
You don’t say!

3. Scared out of your wits, you decide to “remove virus now”. Reason? Your phone is quite new and expensive at that, so you’re not taking any chances with anything foreign, be it dirt, bacteria or this so-called “Virus”.

4 viruses were found
Virus get ready to attack! 1,2,3…

4. “What? Not just one virus, but four, and they’re not only going to damage my sweet phone but also gobble up my contacts in the process. Gosh, and it’s Google that has done the scan. This is very serious! Soon or later I’ll have to click that big blue button that says “Remove viruses!” or else these 2 minutes will time out.”

5. If you are among the few that don’t fall for that and decide to go back, you’ll get an even more convincing warning. This time from the phone and not the webpage so that it looks even more serious. The wording is also contradictory to trick you into pressing the OK button to continue. OK it is!

Virus Prompt
Now should I press Ok or Cancel? You lost me there!

6. Another scan on a more eye-catching page this time round. It actually looks like an actual antivirus. No sign of Google or the four viruses but still it claims the system is in danger. Sure, let’s tap that “clean” button to get if from danger.

Protect Plus Fake Scan
Get it to safety then!

7. Huh? You’re going to remove it using Messages or WhatsApp. OK, fine by me, just make sure you get rid of the virus or is it viruses.

Complete Action
Just get rid of the viruses already!

8. Yes I want to confirm that I want to protect my phone. Please take my credit while you’re at it!

Subscription SMS
Yes I confirm!

9. Well, if protecting your phone means losing your credit mysteriously every now then, be my guest and hit the send button.

You’ve to give credit (pun intended) to them for being this ingenious. Who thought it would lead to that? I wish I had gone along with the scam to see where it led, but of course I didn’t hit the send button. But it’s obvious that the whole process was just to get the number then send me a download link to a “fake antivirus” or “game”, who knows.

The scanning was all fake, not to mention using the Google logo was a big red flag. Also, if you read the rather unreadable disclaimer you’ll notice it clearly states that “Any tests, games and/or applications featured in this page are for entertainment purposes only”.

The company then goes on to list its address and contacts, apparently it’s from Edinburgh (UK) but also gives a Kenyan number for contact. Doing a WhoIs search on the webpage address ( claims the company is from California (US) while the address that redirected me to it ( didn’t reveal anything important as it’s protected by WhoIsGuard. It could be this is not just a Kenyan thing but a global one after all.

This is just one example I decided to go along with, and actually it’s “less malicious” in that it actually expects you to send an actual subscription SMS. So I went digging for another one and my suspicions were proven true.

You don’t really have to send an actual SMS for you to get subscribed. Just hitting a button in a webpage will do all that. I did exactly that, but I made sure I had zero credit beforehand. The result was as follows:

Exhibit Two: We made Subscribing Easy… Super Easy!

1. Clicked the big fancy Continue Button

Continue Button
Subscription Page

(this was from an actual link and not and ad and so somebody would be expecting to continue to the site and not a premium service)

2. Immediately with no warnings got the following SMS:

Top Up to Subscribe
Top up? In your dreams!

3. The Webpage then loaded this:

You should be sorry

If I just had twenty shillings in my account, that would have been the end of it. In a week they stand to make a whooping KES 60, and for what? They don’t even say what you’re subscribing to. Just some big button to subscribe you.

They can however, easily justify such an action by claiming that the subscription page has information regarding the service and what it costs. But the truth of the matter is that the text is quite small to notice and even for some to read.

Still, who even has the time to read that after interrupting what might have been an engrossing browsing experience? I take it this what they mean by social engineering and dark patterns. However, if you have the patience to reach this far on this article, then we can safely presume you’re amongst those least likely to fall for such tricks. Or am I wrong?

Precauctions to Protect your Airtime over the Internet

1. First rule, don’t even think about clicking that questionable ad
If you do for the fun of it or by mistake, don’t press any link or button on the landing page. Simply close that webpage or exit the browser.

2. Keep away from bad sites
If you see a site keeps loading pop-ups, pop unders or automatically redirects you to ad pages or has those questionable ads, just keep away from it. If that site is very important to do without, consider installing add-ons that block scripts or ads (e.g noscript or uBlock Origin for Firefox Mozilla), flash (e.g flashstopper for Firefox Mozilla). Doing this may however affect the browsing experience on other legit pages.

3. Don’t ever enter your number on a webpage that you don’t trust
If you must, make sure the site is legit and is using a secure connection (HTTPS and not HTTP). Also have the courtesy not to enter somebody else’s number because they may get a confirmation message and fall for it.

4. No browser is immune to all this
Not even those simple browsers a.k.a. mini-browsers (opera mini, uc mini etc.) that don’t run scripts. Actually I believe those are the main targets because more people use them. In the above tests I used these two, however Opera Mini fared better because of its ad blocker. So, be always mindful of what you click, regardless of the browser you’re using.

5. Some apps do run these type of ads too
I’ve seen the “phone is infected” one on somebody’s Android phone and the owner, prior to asking me, had actually believed that the phone was infected. Now, I’m all for developers making money, but not by running such kind of ads (they’re not necessarily the ones to blame for this). So as a user, what you could try is:

  • Just avoid clicking such misleading ads. I think this is the most practical option for the majority.
  • Disable the internet when using such apps, that’s assuming the app itself doesn’t need internet to run.
  • If the app is really good, you can always support the developers by buying the paid app that doesn’t have ads.
  • Get an alternative app that doesn’t have ads.
  • Install a system-wide ad blocker. If on Android, you may have to root your android phone for this to work.
Share this post:

Leave a Reply

Your email address will not be published. Required fields are marked *

Kelvin Kathia

Kelvin Kathia is the editor of Kenyan Fix, an informational blog that helps Kenyans with solutions to everyday questions on mobile networks, government services and banking.