Mumbai Crime: After hacking, loan recovery agents now resort to text-bombing customers
Recovery agents are now bombarding customer phones with hundreds of messages at a time, making them crash
After hacking into mobile phones of borrowers, loan recovery agents are spamming them with 'text bombs' containing gibberish that makes the mobile hang for a certain period. Some of the victims have uninstalled payment apps fearing their bank accounts linked with their mobile phone numbers will be compromised and money will be siphoned off.
Shaikh Mohammed Rawther, 25, a Mahim East resident, had started a small-scale business before the lockdown and needed capital. "I borrowed Rs7,000 through the CashIn app. But the pandemic hit and I had to wrap up the business. Recovery agents first harassed me through phone calls and hacked into my phonebook," said Rawther.
Threats of viruses, bugs
"Loan recovery agents threatened to install a virus on my mobile phone. I pleaded that I am not able to repay the loan as there is no income. But they disconnected the call saying they will spam my phone," Rawther told mid-day.
Shaikh Mohammed Rawther
"Minutes after the call, my cellphone was bombarded with a string of messages. For 15 minutes, every second an SMS popped up on the screen. I feared the phone was attacked by viruses," he added.
Fearing the virus attack, Rawther changed his phone. He had also taken a loan of R5,000 from Cashbean and is contending with their recovery agents too but he hasn't approached police amid the lockdown.
Pratik Rathod, 25, a Thane resident, was bombarded with 700 SMSes after he failed to repay a R7,000 loan to U-cash.
Victim Siddhesh Nandiwadekar; Some of the text-bombings received by borrowers
"The recovery agents have my phonebook, PAN card and Aadhaar card copy. I don't know how. When I sought time to repay, they bombarded me with 700 messages containing OTPs. I could not operate my phone. I changed my phone after the experience," said Rathod, who has complained to cyber police but no action has been taken so far.
Siddhesh Nandiwadekar, 28, a Dombivli resident, was spammed with bulk messages containing bugs for a R1,500 loan from RapidRupee.
"They spammed my mobile phone with 50 messages at one go. I got scared and uninstalled all mobile payment apps as I got scared that my bank accounts linked with my mobile number may get compromised," said Nandiwadekar, adding that he felt disturbed by the messages.
Govind Ray, cybersecurity expert
A cybersecurity consultant, Govind Ray, said, "SMS bombing is a well-known method to harass individuals. People receive thousands of SMSes in a few minutes. This becomes shocking for a layman. Also, these messages consist of OTPs from random platforms."
"This not just about notifications when we look at the psychological effect — since the victim is receiving OTPs, the very first thought is of bank accounts being hacked, which creates fear," Ray added.
Ray explained that the method is a way to create fear. "It's a form of Denial of Service attack which prevents the user from using his phone comfortably. Users should install anti-spam applications which block irrelevant texts," Ray said.
A case can be filed under Section 43(e) (damage to computer, computer system, etc) read with Section 66 (Computer Related Offences) of the IT Act, 2000 along with section 425 (Mischief) of IPC.
Special Inspector General of Maharashtra Police (Cyber), Yashashwi Yadav, said, "Hacking and spamming are serious offences under the IT Act. Victims must come forward to register complaints and we will take strict action against the offenders. How loan recovery agents access phonebooks of borrowers needs to be thoroughly investigated."
Leaks on dark web
The chairman of Save Them India Foundation, Pravin Kalaiselvan, has been helping the victims to fight harassment.
"These instant loan applications are owned by NBFCs directly or indirectly funded by Chinese investors. When so many users are coming up with complaints about threats from recovery agents, it is quite possible that critical data like addresses, contacts, photos, phone numbers, fingerprints and retinal scan attached to Aadhaar are at risk. There have been recent reports about leaks of Indian National IDs on the Dark Web (Cyble.io)," he added.
What loan providers say
Some borrowers have been threatened with fake legal notices and threat letters under a fake logo of the Central Bureau of Investigation.
Chief financial officer of instant personal loan platform CashBean, run by PC Financial Services Private Limited, Raghuveer Gakhar, claims that an FIR has been registered against two agents for sending wrong notices to borrowers in Gurgaon.
"We have been working within the ambit of law. A very small fraction of our clients were harassed and we have taken strong action. I have been apprised of a few more such cases through a media report and I am looking into it. If borrowers are harassed by agents, they can visit our website and call on the number 18005728088. They can email us at firstname.lastname@example.org," Gakhar said.
Amount of loan taken by Pratik
Amount of loan taken by Siddhesh Nandiwadekar Rathod
No. of messages sent to borrower Pratik Rathod
Catch up on all the latest Mumbai news, crime news, current affairs, and a complete guide from food to things to do and events across Mumbai. Also download the new mid-day Android and iOS apps to get latest updates.
Mid-Day is now on Telegram. Click here to join our channel (@middayinfomedialtd) and stay updated with the latest news
Sign up for all the latest news, top galleries and trending videos from Mid-day.comSubscribe