Cybercriminals are increasingly targeting French fintech platforms to launder stolen money through sophisticated fraud networks. These networks create fake business accounts on platforms used by freelancers, enabling swift movement of illicit funds before authorities can detect the transactions.
Exploiting Fintech Platforms
The structure of these fraud operations is highly organized, purposefully designed to bypass detection at multiple stages. Fintech services like Revolut, Wise, and N26 provide rapid account creation, efficient KYC processes, and essential business payment infrastructures. While these features are advantageous for genuine users, they are equally beneficial for fraudsters seeking to exploit the system.
Verified individual entrepreneur accounts on these platforms allow immediate payment transfers and cross-border transactions, all under the guise of legitimate financial operations. Consequently, these accounts hold more value for cybercriminals than standard consumer bank accounts.
Dark Web Marketplaces and Mule Accounts
Research from Group-IB highlights the sale of verified mule accounts on dark web platforms, with prices ranging from $200 to $1,000 per account. The EBA-ECB Joint Report on Payment Fraud notes that credit transfer fraud losses in the European Economic Area surged to $2.5 billion in 2023, marking a 25% increase from the previous year. Mule accounts facilitate these losses, rapidly moving funds in ways that render recovery nearly impossible.
The fraud network known as ASGARD, and its member “Bastardaseller,” is identified as a major player in this operation. They operate primarily through Telegram and multiple dark web marketplaces, with Group-IB data suggesting nearly 20% of new fintech account sign-ups in France could be mule accounts.
The Three-Phase Fraud Scheme
The fraud operation comprises three stages. Initially, phishing campaigns are deployed to collect Personally Identifiable Information (PII) from victims, often under the pretense of services like mortgage advice. This information is then used to register new accounts in Phase 2, with fraudsters utilizing technology to mimic French IP addresses and phone numbers, despite operating outside France.
In the final phase, once the KYC process is completed, control of the account is transferred to the fraudsters through mobile applications. Fintech platforms are advised to monitor these operations by flagging unusual IP addresses, assessing sign-up velocity, and identifying device downgrades between KYC and operational phases.
As fraudsters become more sophisticated, the need for enhanced detection strategies at the network level becomes critical. Fintech companies must focus on identifying patterns across the account lifecycle rather than assessing isolated incidents.
Stay informed with the latest updates by following us on Google News, LinkedIn, and X.
