–By Issah Olegor
The Cyber Security Authority (CSA) has issued a public alert following a disturbing surge in cyberbullying and extortion cases tied to digital lending mobile applications operating unlawfully in Ghana.
From January to May 2025, the Authority recorded 377 complaints — an alarming increase compared to the 228 cases documented throughout the entire year of 2024.
These unauthorized apps, many of which operate outside the purview of the Bank of Ghana (BoG) and the Data Protection Commission (DPC), are being used by cyber fraudsters to exploit unsuspecting Ghanaians.
The CSA has identified dozens of such applications, including Miniloan, Mix Loan, Devtage Loan, Ozzy Money-Cash, Plus Cash Arrow, Fundscredit, among others, as being central to this criminal activity.
How the Scam Works
According to the CSA’s investigation, users are often unaware participants in the fraudulent scheme.
Once a user installs any of the malicious apps, a small amount of money — usually less than GHS 200 — is deposited into their mobile money wallet, even without a formal loan request. One week later, the extortion begins.
In many cases, even after full repayment, scammers continue to harass victims with further demands.
Some victims have had their personal data — including photos, contacts, and national ID details — used as leverage in blackmail campaigns.
Threats issued include publicizing nude images (real or fabricated) or falsely labeling victims as criminals on social media.
This aggressive cyberbullying tactic extends beyond the primary user.
Associates whose contact details were unknowingly accessed during app installation are also targeted with threats and defamation, turning what appears to be a small digital loan into a wide-scale privacy violation.
Legal and Regulatory Violations
The CSA’s findings show that these lending platforms violate several laws. In particular, they breach the Banks and Specialised Deposit-Taking Institutions Act, 2016 (Act 930), as outlined in BoG notices BG/GOV/SEC/2022/10 and BG/GOV/SEC/2023/07.
Furthermore, the apps fail to comply with the Data Protection Act, 2012 (Act 843) by unlawfully accessing users’ personal information, including Ghana Card IDs, photos, and contact lists.
The Bank of Ghana and the Data Protection Commission have not sanctioned these mobile loan services, meaning their operations are entirely outside the bounds of legal financial and data protection frameworks in Ghana.
The CSA is urging the public to avoid engaging with or downloading these applications, emphasizing that doing so puts individuals at serious risk of financial fraud, reputational harm, and psychological abuse.
The Authority also reiterated that these apps are not licensed by the BoG nor are they compliant with national data protection laws.
