In the times of social media, getting a loan is just one click away as scores of apps offer loans without you having to prove your CIBIL score or show guarantees that generally banks ask for.

Before falling for such enticing offers, you must exercise restraint, warn cybersecurity experts. You may end up falling prey to Chinese loan apps, which have built a well-oiled machine to dupe you. Thousands of victims flock to police stations in States like Telangana and Andhra Pradesh over the last few months with complaints of exploitation by the Chinese loan apps.

Cybersecurity firm CloudSEC claims that in just two months (July and September 2023), the infamous Chinese apps went around the social media and put fake loan offers worth ₹641 crore and siphoned off ₹37 lakh.

Modul operandi

Rahul Sasi, Co-Founder and Chief Executive Officer of CloudSEK, says the scamsters have evolved a modus operandi to entice vulnerable loan-seekers, take personal information, make them believe that they are going to get the loan and, then, vanish in thin air after charging the processing money.

“They aggressively promote illegal loan apps, enticing victims with promises of substantial loans and convenient repayment terms. Once the app is downloaded, victims are coerced into providing personal details, including their name, address, phone number, and bank account information,” he said, releasing the findings of its research on the scam.

“The app requests permission to access the victim’s contacts and other phone data. Subsequently, victims are coerced into paying a processing fee, typically 5 per cent of the promised loan amount. Once the processing fee is paid, the scammers vanish, leaving victims without the promised loan funds,” he says.

To dodge the law enforcement agencies, these scammers are using Chinese payment gateways and Indian money mules. (In cybersecurity parlance, mules are those who volunteer to let the scamsters use their bank accounts for transfer of money. They get a percentage of the money transacted through their accounts.)

The investigation began in September this year when CloudSEK discovered cybercriminals advertising a malicious app impersonating a prominent bank headquartered in Tamil Nadu (with a reported revenue of $23 million).

During the investigation, it found that over 15-20 BFSI companies were impersonated in this campaign. 

“From July to September 2023, cybercriminals amassed about Rs 37 lakhs by posing as a bank through fraudulent Chinese payment gateways,” he said in a virtual conference on Friday.

Mushrooming of apps

He said over 55 harmful Android apps were being populated through various digital channels and over 15 payment gateways were being used to suck the money out of India.

The Chinese individuals are operating these fraud payment gateways in multiple countries including Indonesia, Malaysia, South Africa, Mexico, Brazil, Turkey, Vietnam, the Philippines, and Colombia. 

“In the aftermath of the Enforcement Directorate’s actions against legitimate payment gateways for money laundering in September 2022, cybercriminals have shifted to using in-house or small-scale legal/illegal payment gateways,” he said.

Scammers are found to be employing sophisticated methods to evade law enforcement, highlighting the importance of organizations and regulators staying vigilant and implementing robust safeguards.

How they spread the word

The cybercriminals are using multiple channels such as bulk emails, bulk SMSes, promotions in social media using small-time influencers, and YouTube channels.

“This is not something that is happening in India alone. It is happening across the world,” Sparsh Kulshreshta, Lead Security Researcher at CloudSEK, says.

Related Topics
comment COMMENT NOW