A website that goes by the name of ‘Pradhan Mantri Yojana Loan’ and was earlier linked to a Google Play Store app with the same name (the app has now been removed) is luring Indians in providing loans, in exchange for personal identifiable information that can potentially be misused online, New Delhi-based think tank CyberPeace Foundation warned on Friday.
The personal details that were collected from the applicants such as Aadhaar card, ration card, PAN card are openly available on the website and can be misused by any hacker.
CyberPeace Foundation, along with Autobot Infosec Pvt Ltd., launched an investigation into the matter to confirm whether the offering was a legitimate government of India application or merely masquerading as one.
“The website www.pradhanmantriyojanaloan[.]com asks for personal information and bank account details. After some random dummy data was provided, it redirected to a page with a Thank You message,” the foundation said in a sttaement.
Earlier, the Android app also redirected the user to the website that asks for personal information, address proof and the rest.
“The website has a domain of .com, which is itself peculiar since any websites that belong to the government of India are hosted on .gov.in or .nic.in. Several grammatical errors were also noticed on the website,” the report noted.
“After decoding this QR code, a PhonePe Merchant UPI string was obtained. Verification of the UPI ID was attempted; however, it was concluded to be invalid,” the researchers said in the report.
After submitting the information, the user is taken to another page, where they are asked for an OTP sent to the mobile number that was provided while filling the application.
“No OTP was actually received on the mobile number shared. At the bottom of the page, it showed that the details have been submitted,” the report noted.
A 10-digit receipt number was assigned. “Initially, it was assumed that the receipt number would not work since the OTP could not be submitted, but it was accepted and the status was: your application is submitted. Thank you!,” the report said.
The app was removed in the latest Google drive to sanitise its Play Store of fake and malicious personal loan apps in the country.
Google removed about 100 instant loan apps from its Play Store that were involved in alleged collection of personal data and its misuse, fraudulent and unlawful practices of physical threats and use of other coercive methods for recovery of loan, according to the Ministry of Electronics & Information Technology (MeitY).
Answering a query in the Lok Sabha earlier this month, the IT Ministry said that upon being notified by law enforcement agencies of the availability of certain money lending apps that were possibly not in compliance with the applicable legal and regulatory framework, Google removed about 100 such apps since December 2020 till January 20, 2021.