The Sri Lanka Computer Emergency Readiness Team (SLCERT) has issued a warning, advising the public not to divulge personal information to online instant loan providers. This caution comes in response to a surge in online loan scams, with over 100 complaints related to such scams reported to SLCERT in recent months.
Charuka Damunupola, Senior Information Security Engineer at SLCERT, in an interview with the Daily Mirror about the rising prevalence of online loan scams. These fraudulent companies often lure individuals with promises of lower interest rates compared to local banks and claim to require minimal documentation for loan approval. Loan amounts typically range from Rs. 5,000 to Rs. 1 million, seemingly with attractive low-interest rates.
To exploit potential victims, these companies ask them to register through provided links and install their mobile apps. During the app installation process, the application requests access to sensitive areas of the user’s phone, such as contact lists and picture galleries. Granting these permissions allows the loan companies to access and retrieve personal data from the user’s device at any time.
After installing the app, the company extends a loan facility with a seemingly low-interest rate, which may later be increased based on the user’s loan repayment history. If a borrower fails to make a payment on time, the company resorts to accessing the borrower’s personal contacts and harassing them to settle the outstanding loan. SLCERT has already received 150 complaints regarding such tactics, and a majority of the victims are women who felt pressured to repay loans due to these threats.
SLCERT strongly advises people against applying for online loans from such sources and cautions against installing apps that are not from trusted sources like Google Apps. If individuals have already installed such apps, they are advised to perform a factory reset on their mobile phones and avoid restoring previous apps. Simply uninstalling these applications may not prevent unauthorized access to personal data.
To enhance data security, SLCERT recommends enabling two-factor authentication (2FA) wherever possible. It is crucial to refrain from sharing sensitive personal and financial information, including photos of national identity cards (NICs), passport copies, birth certificates, and one-time passwords (OTPs) with unknown entities to prevent falling victim to scams.