Exploitative Chinese scammers have set their sights on India’s digital payment landscape, using deceptive loan apps to siphon personal information and fees from unsuspecting loan seekers. A CloudSEK investigation has shed light on their extensive network, emphasizing the urgent need for robust cybersecurity measures and regulatory oversight.

Operating under the radar, these fraudulent entities have honed their strategy to prey on smaller banks and loan providers, avoiding the scrutiny faced by larger financial institutions. As CloudSEK’s CEO, Rahul Sasi, notes, these scammers have ingeniously avoided big banks to minimize oversight.

Alarming data reveals that these scammers managed to accumulate a substantial ₹37 lakh between July and September 2023, all while masquerading as legitimate banks through fraudulent Chinese payment gateways. They distributed more than 55 harmful Android apps through various channels, creating a digital minefield for unwary individuals.

The investigation uncovered a complex web of over 15 payment gateways orchestrated by Chinese individuals deeply entrenched in this deceptive scheme. This report also exposes the scammers’ response to the Enforcement Directorate’s crackdown on legitimate payment gateways for money laundering in September 2022, where they cunningly shifted to smaller, in-house, or even illegal payment gateways.

However, this is not a localized issue limited to India alone. The deceitful network extends its tentacles to multiple countries, including Indonesia, Malaysia, South Africa, Mexico, Brazil, Turkey, Vietnam, the Philippines, and Colombia, highlighting the global reach of these scammers.

Their modus operandi involves creating counterfeit instant loan apps that are deceptively disguised and made available on app stores or third-party websites. These apps are aggressively marketed, luring victims with enticing loan offers and convenient repayment terms.

Once a victim succumbs to the temptation and downloads the app, they are coerced into divulging personal information, including their name, address, phone number, and bank account details, unknowingly falling into a trap.

During their investigation, CloudSEK identified more than 15 to 20 BFSI companies that have been impersonated in this widespread campaign. With permission to access the victim’s contacts and other phone data, the scammers deliver the final blow—a processing fee, typically 5% of the promised loan amount. Once the fee is paid, the scammers vanish, leaving victims empty-handed and the digital landscape marred by their malevolent presence.

As for governmental efforts to safeguard users against such scams, Sparsh Kulshrestha highlights that the Ministry of Finance has issued new guidelines addressing fake payment gateways. The RBI will closely monitor new accounts to prevent money laundering and will cancel licenses to deter misuse.

However, the scammers have proven resourceful, as many of these payment gateways are unregistered and unlicensed. This illicit activity demands a comprehensive response, as the scammers continually adapt to new measures.

—

#cybersecurity #fraud #digitalpayments #loanfraud #financialsecurity #regulatoryoversight #scamalert #financialscams #cybercrime #India #China #exploitation #fraudulentapps #financialfraud #fakeapps #moneylaundering #loanapps