About 55% of all fraud in India is related to third-party bank account takeovers. As per a report, this highlights a larger share in the long list of financial frauds than social engineering scams.
Typically, phishing or smishing attacks have become a major cause of third-party fraud. Such frauds are pulled off when a gullible user clicks on links that they assume to be genuine and key in their details or credentials.
For instance, an individual may receive an email or phone call from someone masquerading as an executive from the bank or financial institution to inform them that Know-Your-Customer (KYC) formalities are required to be completed on their account. On clicking a link, the victim is directed to a phishing website where they unwittingly end up inputting their important details, including bank credentials, or worse, download malware that directly steals their credentials from the bank website or mobile app as the victim logs in.
After the scammer has a victim’s credentials, they can access that individual’s bank account freely. They then resort to carrying out unauthorised transactions, often in an unbridled manner. Their core idea is to execute payments, but scammers also take out loans and cash them out.
With the exponential rise in Unified Payments Interface (UPI), fraudulent payments are being seen on this platform – although these tend to be low in value (50% of reported frauds via UPI are below Rs 10,000, mentions the report.
Another cause of concern is the rise in mule accounts. As per the report, there has been a marked rise in mule accounts used to pull off such frauds.
Typically, mule accounts are owned by individuals who are duped by fraudsters into laundering stolen or illegal money through their bank accounts. When such incidents come into the spotlight, the ‘money mule’ becomes the target of investigations due to their involvement.
It has been found that fraudsters in such cases tend to use a device shared among various mule accounts. This can be common among mule networks that are known to operate several accounts on a large scale.
According to the report, mule accounts in the country are being opened by legitimate Indian nationals who are selling off the use of the accounts (the ‘Accomplice’ persona). This makes the account harder to detect at onboarding.
The report adds that every device found to be associated with mule activity in the country logged into an average of 35 accounts each. The report states that about Rs 18 million is known to have passed through a few of these mule accounts.
Rajiv is an independent editorial consultant for the last decade. Prior to this, he worked as a full-time journalist associated with various prominent print media houses. In his spare time, he loves to paint on canvas.