Beware of online app–based loan scams, warns CERT

9 October 2023 03:23 pm Views - 1766

Do not give out personal details to online instant loan providers, the Sri Lanka Computer Emergency Readiness Team (SLCERT) said today.

“There is an increase in online loan scams, and people have requested not to provide their details to those companies,” SLCERT Senior Information Security Engineer Charuka Damunupola told the Daily Mirror. 
He told the Daily Mirror that more than 100 complaints relating to online loan scams had received the SLCERT during the past months.

"People fall prey to loan scams as those companies promise to provide lower interest rates than the local State and private banks while claiming that they only require less documentation to provide the loan facilities. 

“The loan facilities range from Rs. 5,000 to Rs. 1 million with purported low interest," Damunupola said.
Those companies requested the people to register with them through a link that they provided and instructed them to install their app on their mobile phones.

“During the installation, the application requires permission to access the phone contact list, picture gallery, and several other locations where sensitive data is stored.

“After giving permissions, the loan companies can get direct access to all data stored on mobile phones, and they hence they can retrieve any data at any time from your phone,” he said.

“After installing the application, the company provides the loan facility to settle within several months under low interest, and considering the loan settlement, the company increases the loan amount.

“If the person who obtained the loan is unable to pay any instalment at the given time, the company will access the personal contacts list of his or her mobile phone and complain to them about the loan obtainer, bothering them to pay the loan while making them uncomfortable.

“SLCERT so far has received 150 complaints related to that. Most of the victims were women. People used to settle the loans with interest because it was difficult to face people due to threats.

“Therefore, the SLCERT request people not apply for such online loans and not to install apps other than those from Google Apps,” he said.

“If you have already installed the apps, you must go for a factory reset of the mobile phone and do not restore previous Apps. Uninstalling these applications will not prevent access to personal data,” he said.

He also said that people should register with two-factor authentication (2FA) to add another layer of safety for personal data. People should not share sensitive personal and financial or bank details, such as photos of national identity cards (NICs), passport copies, birth certificate copies, and one-time passwords (OTPs) with unknown parties. (Chaturanga Pradeep Samarawickrama)