Be cautious of seemingly harmless banking and loan apps promising instant loans. This is because they might be scams set up to collect your personal and financial data, and also grant them excessive access to your phone’s data.
CloudSEK’s cybersecurity team has recently uncovered a scam operation by Chinese fraudsters that exploits the Indian digital payment system. These scammers use illegal instant loan apps to hoodwink their victims, promising substantial loans with convenient instalments. They collect personal details and fees only to disappear after getting what they want.
According to the information uncovered by these researchers, these scammers have managed to stay under the radar of law enforcement by using Chinese payment gateways and tapping into the Indian money mule system.
The malicious activities of these fraudsters were uncovered between 22nd July and 18th September 2023. During this period, they managed to compromise around 30,000 Adhaar cards and bank accounts, and trick thousands of users.
CloudSEK initiated a detailed investigation after discovering a fraudulent app on 8 September 2023. This app concealed its identity behind a well-known bank based in Tamil Naidu, India, which generated revenue of $23 million. The fake domain name for the Command and Control (C2) server followed the format: .online.
CloudSEK’s in-depth [report](https://www.cloudsek.com/whitepapers-reports/chinese-scammers-launder-money-through-upi-a-new-threat-to-indias-digital-payment-ecosystem) revealed more details about a sophisticated scam network orchestrated by Chinese fraudsters. The report stated that these scammers had amassed over INR 37 lakhs (approx. $46,000) through 55 malicious Android apps. They lured their victims with a loan offer of 641 crore INR.
The fraudsters push fake loan apps that promise large loans and flexible repayment packages. Upon installation, these apps request permissions to access personal data such as contacts, photos, etc. They then go undercover after securing the desired personal information and loan processing fees.
Their operations, which span various countries, have been difficult to track due to their vast network. The countries include Brazil, Turkey, Mexico, Vietnam, Malaysia, Colombia, Indonesia, Philippines, and South Africa.
Moreover, these scammers take advantage of regulatory loopholes to carry out their operations. For instance, UPI service providers are not governed by the Prevention of Money Laundering Act (PMLA), creating a potential weakness for these fraudsters to exploit.
Their scam network also utilizes a robust network of money mules who receive funds from the scammers and transfer them to other accounts. They attract these money mules using multiple strategies, e.g., face-to-face meetings and sponsored travel.
A look into the fraudulent payment gateways showed that money is distributed to multiple recipients either through online (UPI) or offline (debit card) methods. However, these fraudsters maintain a presence within India to acquire SIM cards and bank accounts for their operations.
To curb this menace, banks, NPCI and related organizations need to devise reliable fraud detection and prevention measures. It’s also crucial that UPI security is enhanced, and service providers introduce more measures to safeguard their users.
Contents
Frequently Asked Questions
How do the Scammers Operate?
The scammers create and promote fake loan apps offering substantial loans and easy repayment plans. They then proceed to collect the personal data and processing fees of their victims before disappearing.
How Have they Managed to Stay Under the Radar?
These scammers have avoided detection by law enforcement by leveraging Chinese payment gateways and the Indian money mule system.
What can be done to Stop these Scammers?
Joint mitigation efforts between banks and NPCI are required, along with introducing more stringent security measures and better fraud detection and prevention methods.
