Predatory creditors

While you were engrossed in your work and typing away on your computer, your phone suddenly rang. You picked it up, and the person on the other end greeted you by name, claiming to have an exclusive offer just for you. They said that you had been pre-approved for a significant instant loan, tailored to your specific needs. Despite suspicions about the offer's authenticity, curiosity led you to proceed. The caller instructed you to install a loan app and provide personal information such as Aadhar, PAN, address, and desired loan amount to complete the KYC process. The caller guaranteed that funds would be swiftly deposited into your account. Without much consideration, you installed the app and granted all necessary permissions with a single tap, assuming this was standard procedure since the app required all permissions for installation.

Do you believe that you have secured a favorable loan agreement with manageable interest rates? Do you have the means to pay off the loan by making regular repayments?

The true danger may only become apparent when you begin receiving threatening calls every day from various numbers via WhatsApp and landline, originating from different countries, demanding additional money. They will torture you severely and threaten to send your morphed nude pictures, abusive videos, and abusive messages to all of your contacts. Even if you pay the amount, they won't update and will label you as a defaulter or may ask for more money. They may also call your contacts and harass them. The malicious actors use the stolen information to coerce and extort victims into paying unreasonable interest rates. All of these apps impose steep interest and penalty rates to entice you to pay the balance. At this degree of social engineering, victims are put under more pressure to comply and frequently have to pay more than they had initially committed to.

Proliferation of fraudulent apps

The advanced malware scheme spreads via unofficial app stores and targets Android devices using social engineering tactics like phishing emails, hacked websites, untrusted Wi-Fi, and social media. It uses a predatory loan programme as a social engineering lure to trick victims into granting device permissions during app setup, leading to potential access to sensitive data by malicious actors through the grant of local permissions.

Protecting the data

The fraudulent app requests permissions such as phone logs, SMS lists, sound recording, camera access, contact lists, GPS position data, and storage and file lists. Have you thought about why these permissions are needed to get a loan sanctioned? You give the fraudulent apps access to everything on your phone, including your full contact list, images, and videos. Fraudulent apps offering same-day funding can be downloaded from the Google Play Store by completing a KYC form. Scammers access sensitive user data, including financial data and Personal Identifiable Information (PII).

Risks of loan apps

The app steals sensitive data and sends it to a remote server. It gains permissions for harmful actions, and users have reported aggressive behavior from creators. The predatory lending scheme jeopardises individuals and businesses, stealing proprietary information that can compromise connected devices.

Malware detection

This fraudulent app conceals Java strings with XOR encryption and adds extra programming skills to avoid detection. It requests user permission before gathering sensitive data, which is later transferred to a private server for blackmail purposes. The use of the Flutter framework and incorporation of code into the Flutter code makes it difficult for standard Android malware detection to identify.

Threatening fraudsters

The mode of operation appears to be the registration of fictitious entities, the use of white label software to produce apps, the upload and use of wallets and UPI for conducting business, as well as the charging of exorbitant interest rates (with GST, but these businesses are not listed in the GST database), social stigma, and threat of violence in the event of non-payment or delayed payment. Instant loan companies charge high annual interest rates of 36 per cent-50 per cent, along with penalties of up to 50 per cent of the loan amount per day for late payment, plus processing fees of 20-25 per cent and 18 per cent GST. Only 33 per cent of eligible Indians have access to bank loans due to a lack of collateral or poor knowledge of the loan application process.

Caution against fraudulent apps

Beware of many fake apps present on both the App Store and Play Store. Thankfully, their presence may be determined by a large number of unfavorable reviews, a small number of downloads, and the absence of a certified badge.

Spotting loan app fraud

Authorized RBI lenders in India store all data and conduct a KYC with each application received. Borrowers should know their lenders when seeking a loan. Likely, non-RBI-approved or non-Indian-incorporated lenders are not allowed and are not bound by privacy laws. Illicit lending apps often lack a website, which is a major red flag that buyers should be wary of. Avoid installing a lending company's app if the RBI hasn't listed its website. For credit applications, speak with a bank or use a trustworthy and secure website.

Protection

To protect yourself against such fraud, verify the legitimacy of the company that the website or app you are using represents. Ensure their website is secure and they have a physical presence. Be careful when borrowing from apps or services that don't ask for your credit history and rush you to complete the transaction. There is no fee required for loan approval from any agency. The processing fee is typically included in your loan bill or must be paid directly to the bank when an NBFC offers you a loan. It is a warning sign if you are requested to pay cash or transfer funds to any personal accounts, or if you are asked to pay any upfront fees for loan processing.

The writer is an HoD and Assistant Professor of Dept of Computer Sc & Electronics, Ramakrishna Mission Vidyamandira. Views expressed are personal