Loan Apps - A Digital Trap

Loan Apps - A Digital Trap
April 04, 2025

By Alvaro Paredes

In previous articles, we’ve explored how illegal economies take advantage of technology and encrypted communication, which, while essential for privacy, can also be used by criminal groups. However, the dark side of technology isn’t limited to encrypted communications. There’s another growing threat that exploits people’s digital vulnerabilities.

In a country where only 35.4% of the economically active population has adequate employment, and only 3 out of 10 Ecuadorians can access bank credit, loan apps, disguised as quick solutions, have become a “hope” for many. “Quick cash, no requirements, instant approval” are the hooks these apps use to lure their victims.

Digital theft begins with massive advertising on social networks, text messages with offers that seem too good to be true, and names and logos that mimic legitimate financial institutions (what’s legitimate about a bank?). Impressed by the financial paraphernalia, you download the app that promises to give you the financial relief you need. It asks for access to your contacts, photos, videos, location—everything! You accept the terms and conditions (who reads them?) and just like that, they access your and your family’s most intimate information.

The “loan” itself is a curse. Usurious interest rates, hidden charges that inflate the debt, impossible payment deadlines. They chain you to an endless debt, a bottomless pit. And then, the ruthless extortion arrives. They threaten to spread your intimate photos to your contacts, call your family and friends to defame you, use your location to harass you, and even impose other loans you didn’t even apply for.

All this sounds like a psychological horror story inspired by the “Black Mirror” series, but it’s not.

The Modus Operandi

To understand the danger, it’s crucial to know how these apps operate:

The Attraction:

  • Eye-catching ads on Facebook, Instagram, TikTok, and YouTube.
  • Messages promising “easy” and “fast” loans.

The Download and Permissions:

  • Deceptive terms and conditions.
  • Request for intrusive permissions: access to contacts, gallery, messages, location, camera. Examples of permissions they request and how they use them:
    • Camera access: To take photos and videos of the loan applicant at the time of application.
    • Gallery access: To obtain personal photos for extortion purposes.
    • Geolocation access: To track the person and threaten to send armed individuals to collect the debt.
    • Contacts access: To extort the victim by sending invasive messages to their contacts, notifying them of the debt or even revealing intimate photos or manipulated images as a means of pressure.
    • Call log access: To learn who the victim calls, and identify their close relationships.

The “Loan”:

  • Usurious interest rates.
  • Hidden charges: “late payments,” “operating expenses.”
  • Creation of phantom debt, where victims end up paying debts that never existed.

The Extortion:

  • Constant calls and messages, threats of violence and death.
  • Use of personal photos and videos for extortion.
  • Contacting family and friends to defame the victim.

Practical Example: Juan downloads the “Rapicash” app, requests $50, and two days later is asked to pay $200. When he doesn’t pay, they proceed to send his contacts photos of him with defamatory messages. They also access his and his family’s social networks, which they also extort.

So, what then?

The problem of online loan apps isn’t limited to Ecuador; cases have been reported throughout the region. It’s necessary to address this complex problem from different angles, involving individual and collective protection, as well as solid regulatory frameworks and concrete actions, while also questioning the socioeconomic conditions that push people to desperate choices.

We could write hundreds of words talking about the regular channels to report these cases to the authorities, cases that are rarely resolved, fill ourselves with advice to prevent scams, the kind of advice that abound on the internet and we never put into practice.

But we prefer to be concrete:

  • Verify the legitimacy of the apps and financial institutions.
  • Read reviews and ratings before downloading.
  • Do not accept permissions to your apps without considering the impact.

If that didn’t discourage you and you’ve already downloaded one of these apps and are being victimized, act quickly:

  • Factory reset your phone IMMEDIATELY.
  • From ANOTHER device, while you reset your phone, change ALL your passwords.
  • Close all open sessions in your apps.
  • Inform your close contacts, so they are alert if the extortionists contact them.
  • Make rational decisions, do not act out of fear and desperation, that is their modus operandi to make you fall into their scam.
  • Do not feel ashamed, seek help and help others to not fall into the same.
  • And above all: Don’t grant unnecessary permissions to any app!