China-based scammers are using a combination of fake loan apps and India’s real-time mobile payment system, Unified Payments Interface (UPI), to separate victims from their cash, according to a report by threat intel firm CloudSEK.
“UPI service providers currently operate without coverage under the Prevention of Money Laundering Act (PMLA),” explained [PDF] CloudSEK researchers, letting the scammers’ exploit the platforms with relative ease.
Posing as providers of loan apps, and sometimes impersonating existing entities, the scammers lure victims with promises of easy repayments for quick money in exchange for a fee worth between 5 and 10 percent of the loan. To receive the loan, victims are asked to share personal information, including bank details and their phone numbers and even to upload their national identity cards known as Aadhaar and tax related Permanent Account Number (PAN) cards.
Once the fee is paid, the loan never materializes and the fee is laundered through mules out of India to China.
Chinese payment gateways ensure the authorities cannot pursue the scammers.
Mules who have legitimate existing bank accounts in small banks – those without too much investigative structure – are paid a 1 to 2 percent cut of the transaction in exchange for their service. The mules change their phone numbers with their bank, thus giving the scammers control over the account and the ability to launder the money.