Fraud as a Service: How cybercrime became a subscription business india news

0
3
Fraud as a Service: How cybercrime became a subscription business india news



So, you’re using AI to make office work a little easier. Or perhaps you’re using it to help you stick to your healthy eating goals. But did you know that AI has also made it easy – frighteningly easy – to pull off all kinds of digital scams? The fraudsters were always there, and their targets too. It is the cloak of credibility, the air of plausibility that AI has helped create in digital scams that is scary. Thanks to AI, potential fraudsters don’t really need to know anything technical. All they need is a Telegram account, a few thousand rupees, and the ‘right’ places to visit on the web: “Fraud-as-a-Service” (FaaS) platforms.It’s as easy as e-commerce. Dissatisfied customers even get their money back.Cybersecurity experts who explore the obscure corners of the dark web say the FaaS model borrows directly from the ‘software-as-a-service’, or ‘SaaS’, economy. And platforms with names that leave little to the imagination – FraudGPT, WormGPT, EvilGPT, DarkBard and DarkWizardAI – are all part of a growing ecosystem in which fraud tools are packaged, updated and sold.The way it works is simple: a potential scammer visits the site and subscribes to the necessary scam toolkit. From AI-generated phishing mails tailored to the victim’s job, location, role, geography or financial behavior, to sending fake emergency calls from relatives, and from deepfake KYC videos to impersonating officers using AI voices or deepfakes to threaten digital arrest, it is possible to carry out any number of scams for a small fee.

‘Industrialization of fraud’

A report by Juniper Research, a UK-based market intelligence and analyst firm, said, “FaaS plans are virtually indistinguishable from the operations of normal, legal businesses – continuously optimizing their returns on investment through scalable strategies.”

Citation

It’s the “industrialisation of fraud”, says Srinivas L, joint MD and joint CEO of cyber security solutions firm 63SATS Cybertech. “If you have around Rs 2,000 and a Telegram account, you can easily commit fraud – and you don’t have to write a single line of code,” Srinivas explains.Vishal Gauri, CEO of data security company Seklor Technology, says the biggest change is the elimination of the skill barrier. “The attacker no longer needs technical know-how; they just need to subscribe. These FaaS platforms come with documentation, customer support, and version updates. The operating model is enterprise SaaS for criminals,” he says.AI has also made scaling easier. A fraudster can now generate thousands of personalized phishing emails in different languages, clone voices from short audio clips, create deepfake KYC videos, and automate messages tailored to the victim’s job, location, or financial behavior.“AI generates personalization at scale,” Gauri says. “The same FaaS platform can generate a million simulated phishing emails or 1,000 deepfake calls in hours, each targeted by role, geography and language.”Citing a 2025 report by US-based cybersecurity firm DeepStrike, he said FaaS offerings on dark web marketplaces have grown by more than 120% year-on-year. These marketplaces processed $3.4 billion in transaction volume in 2025, while daily Tor (The Onion Router, a free, open-source software network designed to enable anonymous Internet communications, which is not illegal in itself) users increased from 3 million in 2024 to 4.6 million in 2025.

Paradise of Scammers

On FaaS platforms, the most common product sold is phishing kits. In underground circles, some of these packages are known as ‘SCAMA’. These include fake login pages designed to mimic banks, e-commerce companies, government-facing platforms and public services like IRCTC. Depending on the number of templates and services bundled, such a kit can cost between Rs 500 to Rs 8,500 per month.Once purchased, they are used to send texts, emails or links that appear to come from legitimate companies. Victims are directed to fake pages, where they enter username, password, card details. is i PIN or other credentials. The fraudster doesn’t need to create the page or understand how the backend works. The kit does it all.But phishing is only one part of big business. The fraud supply chain now includes identity datasets, mule account networks, SIM cards, OTP blocking tools, fake customer service centers, deepfake video tools, KYC bypass services, and payment-routing systems.Ranjan Reddy, founder and CEO of US-based fraud prevention and detection intelligence platform Bureau, says the underground market has evolved from simply selling leaked data to selling entire fraud modules. “If you want to start a romance scam, you can buy the entire module,” he says.A basic subscription for the template can cost $20 (Rs 1,902) per month, while $50 (Rs 4,755) includes live support on Telegram or WhatsApp. A deepfake KYC subscription can cost around $160 (Rs 15,220) and allows users to create a large number of fake accounts, he said.

India’s weak points

Srinivas says mule accounts are one of India’s most serious problems. Young job seekers are lured with quick money – sometimes Rs 5,000 per week – through Telegram and WhatsApp groups to allow transactions through their bank accounts. Many people do not realize that they are helping to launder money obtained from cyber crime.India’s vulnerability is increased by the pace of its digital adoption. UPI has made transfers instantly easier, and millions of first-time digital users from tier-2 and -3 markets now transact online daily. But experts say digital literacy has not kept pace with access. “India has become a big target. UPI is the Ferrari car we have built without brakes,” says Srinivas. He says that while about 86% of Indian households are online, many users still lack what he calls the “fraud reflex”.Bureau data shows that a complete identity profile can be assembled for less than Rs 400.“What once required technical expertise and established criminal connections now requires only payment,” the bureau said in its report ‘India Fraud Report 2026: Digital Fraud at Scale’. According to data provided by the Indian Cyber ​​Crime Coordination Centre, India is set to lose Rs 22,495 crore from cyber crime in 2025, 24% more than in 2024. 28.15 lakh cyber crime cases were registered in the country. Investment scams caused 76% of the losses, while digital arrest scams caused 9% of the losses.

Citation

Banks have shared 18.43 lakh suspect identifiers and 24.67 lakh mule accounts through the I4C registry, helping prevent frauds worth approximately Rs 8,031 crore. But industry officials say attacks are increasing.The fraud centers have also spread beyond Jamtara, with increased scrutiny in places like Nuh, Alwar, Bharatpur, Mathura, Bokaro, Ahmedabad, Hyderabad, Chandigarh, Guwahati and Visakhapatnam.

Companies are under attack

Consumer platforms are also increasingly affected by refund abuses, reseller fraud, fake accounts, and account-takeover attacks. The Bureau estimates that reseller-driven leakage is 2% to 5% of gross merchandise value for large e-commerce platforms. Food delivery platforms alone witness frauds ranging from Rs 10 crore to Rs 30 crore per month.Images generated using AI are being used to fake damaged products or wrong deliveries, enabling fraudulent refunds. In other cases, a single tool cycles through hundreds of accounts to receive promotions before targeting accounts with saved payment instruments.Citing research data, Gauri says 82.6% of phishing emails are now AI-generated. Citing BioCatch data, he said that about 47% of Indian adults have either been a victim of an AI voice cloning or deepfake scam, or know someone who has been a victim.

Rescue operations are gaining momentum

Cybersecurity companies are trying to respond to threats at different points in the chain.Ashish Tandon, CEO and founder of IndusFace, says AI is helping attackers find vulnerabilities in existing applications at machine speed. “These are not new classes of vulnerabilities,” he says. “Because of the speed of the machine, what used to take days and months can now be found in minutes.”

Digital Scams, in 11 Easy Steps

Hyderabad-based Blue Cloud Softech Solutions is focusing on dark-web monitoring through Bluetor, while 63SATS Cybertech is targeting citizen-facing defense through CYBX, a cybersecurity app with embedded insurance.Seklor is focusing on enterprise data security. Gauri says that every exposed file, credential, quick history or exposed record inside the AI ​​pipeline can become raw material for fraud.

identify real danger

Law enforcement agencies are also trying to nab it. Hyderabad Cyber ​​Crime Police say they have not yet detected scammers using such AI tools directly in local matters, but admit that the ecosystem has become much more organized and international.“Earlier, cyber crime consisted of sporadic incidents with most of the players in India. But now it is becoming more organized, modern and international. It seems that fraudsters are using new technologies and modern tools and networks like AI tools, mule accounts, SIM networks and digital platforms to exploit the loopholes in our systems,” says Arvind Voleti, DCP, Cyber ​​Crime, Hyderabad.Voletti says data leakage is a major concern and the implementation of the Digital Personal Data Protection Act will strengthen accountability.For cybersecurity firms and law enforcement agencies, the lesson is clear: Fraud can no longer be treated as scattered crimes after victims lose money. It is now an industry with subscriptions, infrastructure, service desks, upgrades and global payment channels.Srinivas says, “The question is not about having a digital India. We have to be a trusted digital India, and for this fraud needs to be seen as an industry and not as a crime that just needs to be looked at.”


LEAVE A REPLY

Please enter your comment!
Please enter your name here