Peruvian Loan Scam Harvests Cards and PINs via Fake Applications

The Peruvian loan‑phishing campaign uncovered by Group‑IB illustrates how cybercriminals have refined social‑engineering tactics to turn a simple loan offer into a high‑value credential‑harvesting operation. By deploying polished advertisements on social media, the actors lure victims into a counterfeit application portal that mimics a reputable bank’s website. Early fields accept any plausible national ID, building trust before the victim reaches a verification stage where facial recognition deliberately fails, forcing the user to submit a bank card. A built‑in Luhn algorithm filters out invalid numbers, ensuring the harvested cards are immediately monetizable. The sophistication of the validation layer forces financial institutions to rethink traditional fraud defenses. Standard rule‑based filters that flag generic phishing URLs miss the campaign’s 370‑plus domains, many of which rotate sub‑domains to evade blacklists. Threat intelligence feeds that surface domain‑level indicators, combined with real‑time digital risk monitoring, become essential for early detection. Moreover, the requirement for card numbers and six‑digit PINs underscores the urgency of deploying multi‑factor authentication and transaction‑level verification, which can disrupt the final credential‑capture step. Beyond Peru, the operation has already replicated its template across Colombia, Chile, Ecuador and El Salvador, suggesting a regional playbook for loan‑related fraud. Regulators are therefore urged to foster cross‑border information sharing and hold digital advertisers accountable for malicious placements. For consumers, the safest approach remains using official banking channels, scrutinizing URLs, and refusing to share card details on unsolicited loan forms. As cyber‑crime groups continue to blend psychological manipulation with technical precision, a coordinated response from banks, security vendors, and policymakers will be critical to curtail the next wave of financial scams.