THE Daily CyberSecurity piece dated 23 January 2026 reports a sophisticated wave of loan phishing scams sweeping Peru, revealed in a Group-IB briefing. According to Group-IB, the operation begins with targeted social-media advertisements that drive victims to professionally designed sites impersonating Peru’s leading banks, where a seemingly legitimate loan application process harvests credit card numbers and PIN codes.
The attackers use client-side validation to ensure only usable credentials are stolen, and they employ the Luhn algorithm to check the validity of entered card numbers, reducing noise and increasing monetisation potential. The campaign is described as scalable and modular, with a custom JavaScript function named gegsdfgsh() mapping inputs to Spanish-language loan-brand themes, and endpoints tucked into temporary directories like /temp/js/ to aid rapid reconfiguration across campaigns.
Group-IB has identified approximately 370 unique domains linked to this fraud since 2024, and the perpetrators are expanding from Peru to financial institutions in other Latin American countries.