Resurgence in Cyberbullying by Digital Lending Mobile Application Owners

Background

The Cyber Security Authority (CSA) has noted a resurgence in cases of cyberbullying experienced by users of digital lending mobile applications (Apps). The Authority has so far received one hundred and thirty (130) of such reports in 2024

Modus Operandi

  • When a user installs the App, an amount (usually less than GHS 200) is automatically credited into the user’s mobile money wallet even without an actual loan request
    • One week after disbursing the loan, the fraudsters use extortion tactics including:
    • Demanding loan repayment with high interest rates from the victim or an associate
    • Threatening to circulate actual or fabricated nude photos of the victim on social media
    • Threatening to label the victim as a thief or wanted criminal.
  • Even after victims repay, some fraudsters continue to demand additional payments

Findings

  • The Apps that have been identified include:
    Ahomka Loan, Antcredit, Beanloan, Bestloan, BezoMoney, Boomloan, Casharrow, Cashwave, Cmgh loan, Cosycredit, Credit Bag, Divacash, Express Loan, Five loan,FullCredit, Homecredit, Itapcredit, Kashby, Lever credit, Leverloan, Lightscience,Loanfast, MegaCredit, Minaloan, Mixloan, Omansika, Ozzy money, Pea money, Perfect loan, PojaCredit, Profitloan, Prokash, Roseloan, Safeloan, Starloan, SunTrust, Tipcash, and UnikCredit
  • The Apps are in contravention of the Banks and Specialised Deposit-Taking Institutions Act, 2016 (Act 930) according to Bank of Ghana (BoG) notice BG/GOV/SEC/2022/10
  • In addition, the owners of the Apps have not met the compliance obligations of the Data Protection Commission (DPC) and hence their access and use of the data and PII of users violate the Data Protection Act, 2012 (Act 843).
  • Victims would typically have granted these Apps access to their data (contacts, photos) and personally identifiable information (PII) e.g., Ghana card ID, during the installation

Recommendation

  • The public is strongly advised against subscribing to these mobile applications since they ARE NOT sanctioned by the Bank of Ghana (BoG) and the Data Protection Commission. Individuals who patronise these services do so at their own risk

Contact the Cyber Security Authority

The CSA has a 24-hour Cybersecurity/Cybercrime Incident Reporting Points of Contact (PoC) for reporting cybercrimes and for seeking guidance and assistance on online activities, Call or Text – 292, WhatsApp – 0501603111, Email – report@csa.gov.gh

Issued by Cyber Security Authority
June 27, 2024
Ref: CSA/CERT/MPA/2024-06/01