How “Sharp Boys” in Nairobi Exploited America’s Student Loan System

Investigators have linked Kenyan cybercrime networks to a large-scale fraud scheme targeting the United States student aid system, with millions of dollars in federal education funding diverted through fake student applications.

For years, Nairobi’s informal academic writing industry operated quietly, producing coursework for overseas students. Beneath that trade, however, a more organised criminal operation emerged. Investigations show that cybercriminals known locally as “sharp boys” used stolen identities to pose as students and access financial aid through the Free Application for Federal Student Aid (FAFSA).

The groups reportedly bought personal data on the dark web, including social security numbers, driving licences and bank details. Using VPNs to conceal their locations, they submitted applications, enrolled in online courses and claimed federal aid payments.

The process was designed to avoid detection. Fraudsters first secured smaller disbursements of about $1,000 before applying for additional payments linked to course participation. Kenyan academic writers were then hired to attend online classes and complete assignments on behalf of the fake students for relatively small fees.

The larger profits came from federal student loans. Once a fabricated student account progressed beyond the first semester, it could qualify for loans worth up to $10,000. One participant said failed applications were often linked to technical errors that exposed the true location of applicants.

The U.S. Department of Education estimates that almost $90 million has been lost to fraudulent claims in recent years. Federal investigators are also examining around $350 million in suspicious transactions connected to the scheme.

Authorities have identified cases in which bots created thousands of fake enrolments using stolen identities, including social security numbers belonging to deceased people. The impact has been significant for educational institutions. California’s community college system reported tens of thousands of fraudulent applications, while the College of Southern Nevada said it had written off $7.4 million in losses during a single semester. 

In response, Education Secretary Linda McMahon announced stricter identity verification measures for student aid applicants. She said taxpayers seeking education funding should be required to present identification.

The investigation has also highlighted the international scale of the fraud. Earlier this year, Interpol carried out Operation Red Card 2.0 across 16 African countries, resulting in 651 arrests and the recovery of $4.3 million in stolen assets. Kenya accounted for 27 of those arrests, reinforcing concerns about its role in transnational cybercrime operations.

Interpol’s 2026 threat assessment ranked financial fraud among the world’s five largest organised crime threats, with estimated global losses exceeding $442 billion in 2025. Kenya’s highly developed digital economy has also increased its exposure to cybercrime, with the country ranked behind only Nigeria in reported cyber fraud losses.

Technology companies have also intensified restrictions on online fraud networks. WhatsApp removed several “Know Your Customer” groups that investigators said were used to trade stolen personal data and share fraudulent methods. The closures disrupted communication channels that had supported cybercrime groups operating from Nairobi.

The case illustrates how organised cybercrime networks have exploited weaknesses in international education systems. The fraud has increased pressure on colleges, strained public resources and prompted tighter cybersecurity measures across universities and government agencies.