Fighting Credit Fraud in Uzbekistan: An Uphill Battle Against Social Engineering

Introduction

Imagine you enter a bank with the intention of applying for a loan but your application gets rejected as the bank’s worker tells you that there has already been a loan taken out in your name and your credit limit has been maxed out. You have just found out that you’re a victim of credit fraud.

Online lending is rapidly gaining popularity in Uzbekistan, and with it, the number of credit fraud cases is also on the rise. According to data from the Central Bank of Uzbekistan (CBU), there were 463 reported cases of remote online loans issued in someone’s name via apps or a fake identity, resulting in financial losses totaling approximately 15 billion UZS in 2024 alone.

This report provides an overview of the current credit fraud landscape in Uzbekistan. It explores the key factors that enable such fraud to occur and outlines potential measures to prevent it.

Key discoveries

• Fraudulent loans issued in the names of Uzbek citizens have soared in recent years – a 42% increase in 2024 compared to 2023.
• Fraudsters often impersonate bank or central-bank employees and use social engineering (e.g., fake calls, malware) tactics to gain access to personal data or banking credentials
• 34% of credit fraud activities in Uzbekistan are associated with calls from a “bank worker” or “government official”.
• The Uzbekistan government has taken active initiatives for preventing credit fraud in the country, e.g., citizens can self-block any new loan applications being formalized on their name.
• According to new legislation from the president of Uzbekistan, victims of credit fraud can be exempted from payment obligations of fraudulent credits applied in their names.

Who may find this blog interesting:

• Cybersecurity analysts and corporate security teams
• Threat intelligence specialists
• Cyber investigators
• Law enforcement investigators
• Cyber police forces

Group-IB Fraud Intelligence Portal:

Group-IB customers can access our Fraud Intelligence portal for more information about the credit fraud scheme described in this blog.

Figure 1. Timeline of Credit Fraud in Uzbekistan

Analysis of common credit fraud scenarios in Uzbekistan

Credit fraud is a growing problem worldwide. Although specific details may vary, most fraud cases follow a similar pattern. Understanding this pattern can help individuals and organizations recognize and prevent these crimes.

In the majority of credit fraud cases observed in Uzbekistan, fraudsters take out “microcredits” in the name of the victim. This type of credit service has recently started to be offered by banks in Uzbekistan, creating intense competition where banks attempt to offer loans easier, faster, and cheaper. The whole process can be completed online in the case of many banks and only requires the clients to pass the verification and be logged into the bank’s application which is an ideal opportunity for fraudsters to take advantage of.

As the World Bank notes, fraud via “taking out credit fraudulently in someone else’s name” is a top risk in digital-finance expansion in the country.

In Uzbekistan, such credit fraud cases are most commonly categorized into two scenarios:

1. Bank clients fall victim to fraud committed by actual bank employees acting on personal motives. There have been many reported cases where current or former bank workers, having access to clients’ personal details, apply for loans on behalf of the victims without their knowledge. These loans are not issued directly in the victims’ names but transferred to accounts of shell companies (LLCs) created by the fraudsters. As a result, victims usually discover the fraud only when loan payment due date arrives.
2. More complicated fraud cases are carried out by the means of social engineering. These schemes involve impersonation of bank/financial-service/telecom employees or services. In 60% of complaints, fraudsters posing as employees of a payment service or the Central Bank of Uzbekistan (CBU) were implicated. Fraudsters call their victims and introduce themselves as an official employee of the bank or government with the claim that their bank account has been compromised and there has been an attempt from fraudsters to take a loan in their name. Fraudsters convince the victims in order to reject their credit applications they have to pass a verification process which is carried out through a special bot in Telegram. After getting personal information such as passport, and in some cases, FaceID details of the victim, fraudsters complete multiple credit loan applications prepared in advance. Money from credit loans are taken out from the victim’s account with the help of another online, yet vulnerable product – electronic wallets.

In some other cases, scammers in disguise of bank workers send phishing messages to victims via various social platforms like Telegram, Facebook, or Instagram with “better or lower percentage” credit loan offers. Upon accepting the offer victims are requested to complete “credit confirmation payment” or “credit insurance payment” by electronic payment services or money transfer to the card.

Social engineering: initial contact and trust establishment

A social engineering attack usually starts with the scammer initiating contact with the victim. This often happens through a phone call or sometimes a message. The scammer pretends to be a trusted representative, such as a bank employee or official. To gain the victim’s confidence, the scammer may even know and use the victim’s full name or other personal details. This technique exploits the victim’s trust in legitimate institutions.

During the conversation, the scammer warns the victim about some suspicious activity on their account. For example:

1. An attempt to change the phone number linked to the bank card.
2. Unusual transactions or loans being opened without the victim’s knowledge.
3. That the client is currently being targeted by fraudsters.

All these messages are designed to scare the victim and push them into making quick, impulsive decisions. The scammer deliberately creates a sense of urgency, claiming that action must be taken immediately, otherwise it will be too late and the victim may lose a significant amount of money. This psychological pressure is a key part of their scheme. Scammers intentionally overwhelm the victim, giving them no time to compose themselves, calmly assess the situation, or verify the information they received. Under stress and panic, the victim becomes much more susceptible to influence and more likely to follow the scammer’s instructions, even if those instructions seem suspicious.

Figure 3. Example social engineering call where fraudsters, disguised as bank staff, warn a potential victim of suspicious account activity and the need to act fast.

Use of SMS stealers

Before 2025, with fewer anti-fraud defense mechanisms, one of the most common fraud schemes involved the use of malware. Once initial trust was established, scammers would instruct victims to download a ‘special banking app’ to supposedly resolve an issue. Links to these apps were often sent via messaging platforms like Telegram or WhatsApp. In reality, the app was a malicious program known as an SMS Stealer, which secretly forwarded all incoming text messages — including sensitive verification codes — to the attacker without the victim’s knowledge. With these verification codes, fraudsters could gain access to the victim’s accounts, allowing them to perform a range of financial transactions such as withdrawing funds; and with leaked personal information, even take out loans.

Banks fight back, but people are the weak link

Starting in 2025, new rules from the CBU came into force to better protect people from credit fraud. Clients must now complete identity verification (for example, through MyID biometric facial recognition) both when logging into their banking account and when applying for a loan. The first check happens when the client submits the loan request, and the second check happens before the money is sent to the client. Because of these rules, loan scams and financial losses as a result of malicious apps have been reduced.

Figure 4. Example MyID biometric verification now required by banks.

The next protection step is a confirmation call from the bank. This call is now a mandatory part of getting an online loan. Clients do not receive the money until a bank representative contacts them to make sure they know about the loan and really applied for it themselves.

After all checks and procedures are completed and the loan is officially approved, there is one last step — a freeze period. After approval, the money is not available immediately; it usually takes several days before it is disbursed. This delay is intended to give potential scam victims time to calm down, think clearly, and, if necessary, call or visit the bank to cancel the loan if it was taken under pressure, in a rush, or in an emotional state.

Additionally, every individual can set a voluntary credit ban, which prevents any loan from being issued in their name until they lift the ban themselves.

Figure 5. Bank verification steps during a loan process. Red arrows indicate points susceptible to social engineering.

However, even with all these protections, banks cannot fully prevent social engineering attacks. Victims often lack knowledge about fraud techniques and how the banking system works, making them susceptible to manipulation or intimidation. Scammers are very experienced in social engineering and can apply emotional pressure on the victim every step of the process, ensuring the completion of identity checks and loan confirmation during the real bank call. After the freeze period, when the victim receives the money, they may be convinced to transfer it to a ‘safe’ account, which is actually controlled by the criminals. Once the victim transfers the money, the scammers stop responding, and the funds are already moved to other fake accounts, making recovery almost impossible.

When victims finally realize they have been scammed, they’re often left with no money or large debts, shocked that they willingly handed it to the scammers themselves.

Understanding the vulnerabilities that enable credit fraud

What are the main causes of credit fraud incidents?

1. Low consumer financial literacy & data awareness. Many citizens are unfamiliar with “personal data hygiene” and how the process of digital banking and online verification works. As a result, they fall prey because they don’t recognize the red flags, share personal data too easily, or assume that “if a bank asked, it must be real”. This was predominantly the case when the credit could be taken out on someone’s name without biometric verification and mere usage of passport and verification code sent to the phone number.
2. Management failure and exploitation of authority by bank workers. 34% of credit fraud activities in Uzbekistan are associated with calls from a “bank worker” or “government official”. There were several incidents in which current or former employees of the banks have exploited their privileged access to customer data to apply for loans in clients’ names without their notice which suggests weak supervision, inadequate audit trails and lack of security compliance within the banking structure.
3. Failure of bank’s internal verification, insufficient due diligence and lack of risk control – there were cases in which the applicant with only one bank who had never taken a loan before, somehow received loans from multiple banks prior to legislation on investigation of the client’s credit history in two stages. Cases like this illustrate the lack of systematic approach in checking the risk profile of the customers by heavy reliance on self-reported data from customers and issuing the loan on incomplete information.

Further measures taken by Uzbekistan authorities to prevent credit fraud

Until recently, some online loan apps and bank apps did not enforce strong biometric checks or identity proofing, making it easier to spoof identity. The CBU introduced a temporary procedure for online loan issuers requiring biometric identification and a two-stage credit-history check.

It also advised the use of a new free service introduced by CBU to block any loan applications called “Ban on signing a credit agreement” from MyGov application. This blocks any activity related to taking out a loan in the name of the person. Between June and July 2025, ~73,000 Uzbek citizens have already signed up for this service.

From November 2025, victims of online credit fraud schemes may now have their debt collection cancelled in circumstances where it is established that a loan was issued without their knowledge. If it is proven that an online credit was fraudulently taken out in a citizen’s name, banks may be required to suspend or void the claim for repayment. While this marks a significant shift in protecting individuals who had been a victim of digital credit fraud, it raises two new issues related to “true fraud” and “fake fraud” where borrowers may falsely claim to be victims in order to avoid repaying legitimately obtained loans.

Conclusion

The rise of credit fraud in Uzbekistan reveals how rapid digitalization of financial services has created both opportunities and vulnerabilities to customers. As banks are expanding their online lending services, fraudsters are exploiting gaps in verification systems, social engineering, and low financial awareness among citizens. The government of Uzbekistan has been making serious efforts to circumvent these threats by introducing new legislations, increasing customer awareness, and protecting consumer rights.

Recommendations

To protect against fraud, we recommend that end users and businesses follow these risk mitigation recommendations.

For Businesses:

• Implement a user session monitoring system, such as Fraud Protection, to detect infected devices, unusual account activity, and logins from suspicious devices.
• Conduct regular anti-fraud training for employees and public education campaigns for customers to improve digital hygiene and scam recognition.
• Share anonymized fraud intelligence and behavioral indicators to identify recurring fraud patterns and cross-institutional schemes.
• Before issuing a loan, conduct a full analysis of user activity for social engineering or atypical behavior.
• Notify users with push notifications about attempts and instances of loans taken out in their name in the mobile app.

For End-users:

• Be cautious when receiving unexpected calls, especially if the caller requests your personal or financial information. If someone introduces themselves as a bank or government employee, hang up and call the official number from the organization’s website. Fraudsters often use disposable or spoofed numbers.
• Never share your personal information over the phone or via other messaging services with individuals claiming to be bank or government employees. Do not share personal information such as card details, passwords, or passport information via social media messaging services, as these are not official means of communication.
• Check your credit reports or online banking apps for unfamiliar loans or accounts. Early detection can prevent serious consequences.
• If you have been a victim of credit fraud, it is recommended that you immediately contact your bank and report the incident.
• Enabling self-exclusion for the most socially vulnerable individuals. Even if all data is provided, it will be impossible to take out a loan.

Fraud Matrix