Alerts

Background

The Cyber Security Authority (CSA) has received reports of cyberbullying experienced by users of digital lending mobile applications (Apps). These Apps can be found on Google Play Store or may be shared as Android Package files (APK) via social media.

Modus Operandi

These Apps offer loans at varying interest rates and payment terms. When subscribers default in repayment, they are threatened by the owners of these digital lending Apps with having their identities published as wanted persons or fraudsters on various social media platforms and to their contacts. In some cases, the App owners follow through with their threats. Some victims also reported that even though they had not taken such loans, they received the threat messages.

Key Findings

The commonly reported Apps in this scheme include FourCredy, FiCashX, 4Cedi, Aliloan, Boseapa, CediBoom, Cocoaloan, Mach Loan, Easy Loan and Onloan.

The victims would typically have granted these Apps permissions during installation (unknowingly or without proper scrutiny), to access their data and personal identifiable information (PII) e.g., name, phone number, Ghana card ID number, contacts, photos etc.

A Bank of Ghana notice (BG/GOV/SEC/2022/10) states that it has not licensed any company to provide digital lending services of such nature to the public.

In addition, these digital lending Apps have not met the compliance obligations of the Data Protection Commission (DPC) and hence their access and use of the data and PII of users are in violation of the Data Protection Act, 2012 (Act 843).

Recommendations

The public is advised against subscribing to these mobile applications since they ARE NOT sanctioned by the Bank of Ghana and the Data Protection Commission. Individuals whopatronise these services do so at their own risk.

The public is further advised to review access permissions for mobile applications carefully before installing them.

Contact the Cyber Security Authority

The CSA has a 24-hour Cybersecurity/Cybercrime Incident Reporting Points of Contact (PoC) for reporting cybercrimes and for seeking clarification and guidance on online links and transactions;Call or Text – 292, WhatsApp – 0501603111, Email – report@csa.gov.gh

Issued by Cyber Security Authority
January 5, 2023

Government Advisory

• Impersonation of Government Officials
• Risk of Sharepoint Vulnerability

Business Advisories

• Video Teleconferencing Hijacking
• How to recognise and avoid phishing scams
• Website Defacement

Public Advisories

• Romance Scam
• Mobile Money Fraud
• Whatsapp Scam

Children Advisories

• Revenge Scam
• Cyber Grooming
• Cyber Bullying

Others

• Alerts
• Vulnerabilities