Once upon a time, in the vibrant realm of India's digital landscape, a mysterious and perilous web was being spun by shadowy figures from afar. At the heart of this narrative, enter the alleged Chinese scammers, who sought to exploit India's burgeoning digital payment ecosystem. Their weapon of choice was illegal instant loan apps, cleverly designed to tempt and ensnare unsuspecting victims with the promise of substantial loans and easy repayments. Little did the victims know, they were walking straight into a trap.
The scammers, like ghosts in the night, would disappear into thin air after extracting not only hefty fees but also sensitive personal information from their victims. These nefarious individuals had mastered the art of deception and evasion, leaving law enforcement agencies baffled.
Key Findings
The key findings of this, which were done during a CloudSEK investigation, painted a grim picture. CloudSEK — a contextual AI company that predicts Cyber Threats — uncovered a malicious app posing as a prominent bank based in Tamil Nadu, with a reported revenue that would make anyone's eyes widen. The fraudulent domain name consistently bore a resemblance to the bank's identity, cleverly disguised as .online.
Sparsh Kulshrestha, Senior Security Analyst at CloudSEK, also added that these entities are targeting small banks and other loan-providing companies.
"(The scammers) are smart enough to not use the names of big banks as they have some level of monitoring. However, the small banks don't have the mechanism to monitor these scams happening in their name," Rahul Sasi, CEO, CloudSEK said.
Intriguingly, the scammers had managed to amass a staggering ₹37 lakh from July to September 2023, all while impersonating a bank through fraudulent Chinese payment gateways. They had unleashed over 55 harmful Android apps through various channels, creating a digital minefield for the unsuspecting.
The investigation revealed a network of over 15 payment gateways operated by Chinese individuals who were deeply involved in this fraudulent scheme. The report also shed light on the scammers' response to the Enforcement Directorate's actions against legitimate payment gateways for money laundering in September 2022. They had cleverly shifted to using smaller, in-house, or even illegal payment gateways.
But this was no isolated incident confined to India's borders. The web of deceit extended far and wide, with Chinese individuals operating these fraudulent payment gateways in a multitude of countries, including Indonesia, Malaysia, South Africa, Mexico, Brazil, Turkey, Vietnam, the Philippines, and Colombia.
Modus Operandi
The scammers created fake instant loan apps, carefully disguised and made available on app stores or third-party websites. These apps were aggressively promoted, luring victims with the temptation of substantial loans and convenient repayment terms.
Once a victim fell into their trap and downloaded the app, the scammers coerced them into revealing personal information, including their name, address, phone number, and bank account details. The victims, unknowingly, were caught in a web of deceit.
CloudSEK also said that during its investigation, it identified more than 15 to 20 BFSI companies which have been impersonated in this campaign.
With permission granted to access the victim's contacts and other phone data, the final blow was delivered — a processing fee, typically 5% of the promised loan amount. Once the fee was paid, the scammers, like spectres, would vanish, leaving victims without the promised loan funds, and the digital landscape forever altered by their malevolent presence.
Speaking on what measures are being taken by the government to protect users from such scams, Kulshrestha said, “The Ministry of Finance has provided new guidelines, where it talks about the fake payment gateways. The RBI will also monitor new accounts that may be used for money laundering, and cancel their licenses to avoid their misuse. It will ensure that registration of payment aggregator be completed within a timeframe and no unregistered payment gateway ways payment aggregator be allowed to function after that.”
“However, we have seen that these payment gateways are not registered or not licensed. (The scammers) just the UPI QR code, and they are operating like that. And if you block one, they will open another 100,” he added.
First Published: Oct 20, 2023 12:59 PM IST
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
Stampede-like situation disrupts Rahul Gandhi, Akhilesh Yadav's joint rally in Uttar Pradesh
May 19, 2024 4:26 PM
Ladakh Lok Sabha election: With Independent candidate's entry, it's now a 3-way contest for BJP and Congress
May 19, 2024 4:01 PM