The Rwanda Investigation Bureau (RIB) is holding five suspects in connection with a recent online banking scam that targeted customers of Bank of Kigali, as authorities move to contain what officials describe as a limited but coordinated phishing attempt.

Sources confirmed that the suspects are linked to accounts where funds from the fraudulent scheme were transferred.

The scam, which circulated through deceptive SMS messages, targeted approximately 3,000 customers.

However, only seven individuals were affected, with total losses reported at slightly below Rwf30 million.

The fraudulent messages urged recipients to click on suspicious links, often framed as urgent actions to “avoid account suspension.”

According to the bank, the scheme was directed at customers rather than a breach of its internal systems.

In a press statement issued on April 3, 2026, the bank reassured the public that its infrastructure remains secure and that the incident was quickly contained.

“The Bank of Kigali wishes to reassure its valued customers and the public that it continues to uphold strong security protocols to protect its systems,” the statement read.

The bank emphasized that it does not request sensitive information such as passwords, PINs, or one-time codes through SMS or unsolicited links. Customers were advised to avoid engaging with suspicious messages and to use only official platforms.

According to Thabit Habineza, PR and Corporate Communications Manager at the bank, swift internal action helped limit the impact.

He added that the bank will continue to play an active role in public awareness campaigns focused on safety and financial literacy, particularly in response to evolving and emerging fraud tactics targeting customers.

The bank alerted customers and employees as soon as the scam was detected and implemented additional safeguards, including temporary adjustments to transaction limits on its mobile app and USSD channels.

“BK’s modern infrastructure and cybersecurity tools continue to protect customer accounts. The overall impact remains insignificant and well contained,” the statement added.

Chief Executive Officer Dr. Diane Karusisi reiterated the bank’s commitment to safeguarding customer trust, urging clients to remain vigilant and report any suspicious activity through official channels.

Authorities are continuing investigations into the suspects, focusing on tracing the flow of funds and identifying any wider network involved in the scheme.

The incident highlights the growing use of phishing tactics targeting mobile banking users, while also underscoring the role of rapid response and customer awareness in limiting financial losses.