In India after the pandemic the trend of getting sucked into unregulated digital lending apps that offer instant loans is becoming more common. A relentless cycle of extortion follows, resulting in some borrowers ending their lives. Since privacy laws are weak or nonexistent, these phoney apps collect a great deal of information and set themselves up as the perfect extortion tools
By Ranjit Bhushan
- Aimed at low earning victims, these apps offer loans without much paperwork but, charge heavy interest rates
- The Reserve Bank of India has identified 600 ‘illegal lending apps’, operating in India
- daters who started online relationships between Christmas and Valentine’s Day were most susceptible to scams
- More than a third of those who lost money in 2022 in India belonged to the category of lovelorns from dating sites
THE messages – sent from unknown numbers – were filthy in the extreme and enough to traumatise anyone, much less a small-town boy like Amrit from Guntur in Andhra Pradesh. The text messages about him had been sent to his contact list, without deleting expletives – ‘His sister is a prostitute; his mother a pimp, who pays for his living’ – were among the relatively milder abuses circulated among his closest friends and a number of relatives. Worse, the company allegedly also threatened to ‘morph’ his nude pictures and post them online in compromising positions with women, nothing that a little bit of clever editing would not do.
It was more than what the young man could take. He quietly went ahead and hung himself from a ceiling fan, ending his agony and his existence in this world.
Amrit’s mistake? He took a petty loan of Rs 5,000 two weeks before his death, from the app, Raise Cash. When he failed to repay, the team behind the app purportedly texted all his contacts with messages to ‘teach him a lesson.’
This IT data operator is one of 68 people across India who died by suicide in 2022 after being ‘threatened, abused and humiliated’ by online loan apps, according to cybersecurity experts and police sources.
The modus operandi is quite simple. Aimed at low earning victims, these apps offer small loans without requiring much paperwork but, not surprisingly, charge heavy interest rates, often above 100 percent, which itself is illegal. They then intimidate those unable to repay the loans in time with astronomical interest.
These phoney apps prosper because they gather a wealth of information, making privacy laws puny or non-existent. They require users to grant apps access to texts, images and contacts while installing them, even to the camera. The apps then copy contact lists and photos, and the victim is set up as a perfect patsy for extortion.
Not all victims belong to the lower strata. In 2020, Abhishek Makwana, one of the writers of popular sitcom Taarak Mehta Ka Ooltah Chashmah died by suicide. His family said that he was a victim of cyber fraud and blackmail.
The so-called ‘romance fraud’, where unsuspecting victims are scammed by someone with whom they have formed a relationship – is nothing new. But online dating makes such fraud easier and experts believe that these scams have increased in sophistication and frequency
Media reports quoted Makwana’s brother Jenis as saying: “From what I understood from the email records, my brother first took a small loan from one of the ‘easy loan’ apps that charge a very high rate of interest. I looked at the transactions between them and my brother closely. I noticed that they kept sending small amounts despite my brother not applying for the loans. Their interest rates were as high as 30%.”
- On September 13, a 24-year-old woman was arrested in Pune on the charge of murdering her grandmother. According to the Indian Express, the police suspect the woman wanted to rob her grandmother to repay the loans she had taken from online credit apps.
- Sohail Shaikh’s relatives, also in Pune, received morphed photos of his wife after he failed to repay a loan he’d taken through two apps – Magicloan and Cashmarket.
- In May, Malad resident Sandeep Koregaonkar, 38, died by suicide. Morphed photos of him had been sent to his colleagues, friends and relatives after he downloaded a loan app, The Times of India reported. A loan recovery agent was arrested in Rajasthan on charges of abetment to suicide. But in most of the other cases, no arrests were made.
- In December last year, Rita Hegde, 48, took a loan of Rs 47,000 using an app called Papa Money. “They sanctioned the loan at an interest rate of 35% for seven days, though the advertisements had promised 90 days,” said Hegde, a resident of Bengaluru. “They disbursed Rs 40,000, saying Rs 7,000 was deducted as processing fee.” The amount was credited into her bank account. She began receiving phone calls from unknown numbers asking her when she was repaying the amount with interest. A week later, she was receiving “almost 50 calls” a day. “I told them I’d pay within two or three days,” said Hegde, adding that she didn’t have the money for repayment. So, she took a loan of around Rs 8,000 from another loan app. By February, she had taken loans from 60 apps to repay the original Rs 47,000 plus interest – which incredibly worked out to Rs 16 lakh!
The frequent phone calls from people working for these apps continued, and increased. “Two loan app companies called Kredit Mango and Cash Free WhatsApped my entire contact list with pictures of me and my daughter. Soon, I started getting WhatsApp messages with pictures of nude women, warning that my face would be morphed into those photos and sent to my contacts. The messages threatened to put pictures of me and my daughter on porn sites and publicise us as prostitutes,” Hegde points out.
She filed an online complaint on the National Cyber Crime portal as well as paid a visit to the closest police station where the probe continues because it is pretty difficult – if not downright impossible – to trace the app owner.
The Reserve Bank of India has identified 600 `illegal lending apps’, operating in India. According to India Today, the central bank had received over 2,500 complaints against online lending apps from January 2020 to March 2021.
Union finance minister Nirmala Sitharaman took cognisance of ‘illegal loan apps’, which offer loans at ‘exorbitantly high interest rates’, using ‘predatory recovery practices’. To operate, these apps must register with the RBI and be part of their “white list” – which Sitharaman told the apex bank to prepare – of lending apps that are permitted to be listed in app stores.
Some pundits term it as the pandemic’s residual effect on personal finances that gullible Indians in their thousands have been falling for – hook, line and sinker. Getting sucked into a vortex of instant loans offered by unregulated digital lending apps is becoming a pattern. Invariably, it is followed by stealing of personal data and a relentless cycle of extortion that has resulted in some borrowers taking the extreme step of ending their lives.
TRAPPED IN DATING APP FRAUD
Not every such fraud is financial though. It also involves love. The so-called ‘romance fraud’, where unsuspecting victims are scammed by someone with whom they have formed a relationship – is nothing new. But online dating makes such fraud easier and experts believe that these scams have increased in sophistication and frequency.
In February 2022, Madhu, a finance professional in her 30s, joined a dating website called Jaani. She had been single for two years, recovering from an incredibly difficult, abusive marriage. “I was finally ready to meet someone,” she says. So, when she met Atul – virtually ofcourse – a good-looking food importer, who moved seamlessly between Europe and India, it was like a dream come true. The ‘lovelorn’ pair were soon spending hours talking on the phone each day and Madhu was smitten. “He showered me with love and affection,” she remembers with a shiver.
They made plans to meet up, but Atul told her he had to go to the United Kingdom on an urgent business trip. They continued to chat on the phone and also, occasionally, on video. Then one day, Atul asked her for money; just a small amount. “He told me he’d had a work crisis and needed help with port charges for a delivery. He was so distressed that I felt sorry for him and helped him immediately.”
Now she is feeling sorry for herself – she hasn’t seen or heard from her Atul since then. Madhu is convinced that her perfect man was, in fact, a character invented by a criminal gang to extort her. Utterly distressed, she decided to end her life, but was found in a comatose state by a neighbour, who rushed her to a hospital emergency that managed to revive her after a week in intensive care.
Romance scammers draw people in using pictures stolen from around the internet, building false personas, good enough to be true. Inevitably, smooth talking crooks will ask for money from the unwitting and besotted women and then disappear without a trace. Invariably, the men have a reason for not meeting the women – a situation when the red-light ought to go up, but it doesn’t.
“On dating apps, the currency of trust is what is abused by scammers. They create fake profiles and once connected, they may tout get-rich-quick schemes, especially cryptocurrency investment scams, to lure unsuspecting users into fake investment websites. Scammers are also known to seek login credentials for national banks or peer-to-peer payment apps like Cash app, Venmo and PayPal,” explains Ramesh Chander, an independent analyst who tracks financial websites.
The numbers of those falling prey to romance scams is proliferating. According to a US Federal Trade Commission (FTC) calculation, in 2021 alone, consumers lost 547 million USD to such parleys. And the largest reported losses to romance scams that year were paid in crypto currency: 139 million USD.
ALL OF A PIECE
The heist follows a pattern. People are led to believe that their new online partner is a successful investor, who before long, casually but carefully offers investment advice. These so-called investment opportunities often involve foreign exchange trading or cryptocurrency. Of course, following this investment ‘advice’ is a one-way ticket to doom – they are in all likelihood likely to lose their ‘investments’.
According to Action Fraud, the UK’s reporting centre for fraud and cybercrime, 8,863 cases were reported to the National Fraud Intelligence Bureau (NFIB) between November 2020 and October 2021, up from 6,968 the previous year, with total losses for the past year amounting to almost £92m. Interestingly, daters who started online relationships between Christmas and Valentine’s Day were the most susceptible, with 901 reports recorded in March 2021 alone.
Interestingly, while dating sites and apps are favourite platforms for the lovelorn, social media websites like Facebook and Instagram are catching up. More than a third of those who lost money in 2022 in India belonged to this category.
RBI MUST INTERVENE
Experts like Chander believe the issue is serious enough for the Reserve Bank of India to intercede. “The apex bank should ask Google to remove unauthorised lending apps from its Play Store. RBI should also make a white list of eligible apps, which can be listed on the Play Store,” he said.
He adds: “It isn’t illegal for a loan app to recover money lent, but there is a way to do it. The RBI has set up guidelines. They can take the borrowers to court. But they don’t, because they know what they are doing is illegal.”
Romance scammers draw people in using pictures stolen from around the internet, building false personas, good enough to be true. Inevitably, smooth talking crooks will ask for money from the unwitting and besotted women and then disappear without a trace
As far as the police are concerned, the overload of routine duties makes it difficult for them to concentrate or specialise in cyber crime to any significant degree. For now, only a few states like Telangana, Odisha and Tamil Nadu are probing such cases seriously. “DGPs across states should pass orders that police stations should file FIRs on the complaints of such victims,” proposes Chander.
Nonetheless, the police are beginning to take action against offenders. Delhi Police recently busted a fake loan application and extortion gang by arresting 22 persons. They allegedly lured people with fake loan schemes; in some cases, the police found out that money that was extorted using their personal data would be sent to their associates in China via cryptocurrency.
Then again, Chandigarh police’s cybercrime cell took 21 members of a gang into custody, including a Chinese national living illegally in India, for duping people on the pretext of providing them instant loans online and extorting money.
The Enforcement Directorate (ED) has launched an investigation under the Prevention of Money Laundering Act (PMLA) into the unauthorised instant loan app businesses on the basis of multiple FIRs registered in Hyderabad and Bengaluru over the past two years.
Gayatri Sharma, a cybersecurity analyst, said her team surveyed about 50 loan apps, all of which required ‘maximum permissions’ during installation. “Consumers who install the apps never think about why a loan app needs access to your microphone or photo gallery,” she said, adding, “But due to their needs, they allow all permissions. Even if we identify an app and report it, the people behind the app renames it and uploads it again.” And thereby hangs a tale.
Sharma points out that such apps were promoted under the names of existing, credible authorities. “They use credible names to trick people, some going as far to pretend that they have non-banking financial institution (NBFC) licences,” she points out.
Clearly, in the absence of a regulatory authority to report these kinds of data thefts, mere technical expertise will not suffice. A mix of technology, policy and government intervention is needed.
An India with a weak data protection law, inadequate privacy laws and no specific legislation to deal with cybercrimes, present a fertile ground for racketeers. Says Supreme Court advocate Pavan Duggal, President of Cyberlaws. Net: “The country is an attractive destination for such unscrupulous elements, who believe that they can have a free run without the fear of being convicted.”
He says that it would be ‘next to impossible’ for the police and other enforcement agencies like the ED to pre-emptively deal with these ‘fraudulent apps’ within the existing legal and regulatory framework. “We need pre-emptive measures to deal with such crimes and for this, we need a holistic and dedicated criminal code as it exists in many developed countries,” Duggal adds.
Nonetheless, some advances have been made. On November 18, 2022, the Ministry of Electronics and Information Technology proposed a new law, namely the Digital Personal Data Protection Bill 2022. The bill extends substantial rights to individuals and provides them with better visibility, awareness, decisional autonomy and control over their data, while obligating companies to comply with the rights of the individuals and provide effective redressal mechanisms linked with significant penalties of up to Rs 50 crore for contraventions relating to individual rights.
However, on the question of apps, it is still silent. But with cybercrimes on an upward spiral, it is only a question of time when more stringent law would come into force.