The Industrialisation of Digital Crime
Forget the image of a lone hacker in a dark room. Today’s digital fraud is organised, professional, and disturbingly easy to get into. Fraud-as-a-Service, or FaaS, is a business model that mirrors the legitimate Software-as-a-Service (SaaS) economy. Instead
of selling cloud storage or productivity software, FaaS platforms on the dark web sell ready-made tools for committing cybercrime. For a monthly fee, anyone with a few thousand rupees and a Telegram account can buy phishing kits, malware, stolen identities, or even AI-powered deepfake generators. Some FaaS packages, known as 'SCAMA', include templates for fake login pages of banks, e-commerce sites, and government portals, costing between Rs 500 and Rs 8,500 a month. This model has dramatically lowered the barrier to entry, democratising fraud so that technical expertise is no longer required. It’s a chilling evolution that cybersecurity experts call the “industrialisation of fraud”.
India: A Fertile Ground for FaaS
India’s rapid digital transformation has made it both a major target and a hub for these criminal enterprises. The country’s massive internet user base, coupled with the swift adoption of UPI and other digital payment systems, has created a vast landscape for fraudsters to exploit. Unfortunately, digital literacy has not always kept pace with this growth, leaving many first-time online users from Tier-2 and Tier-3 cities vulnerable. Furthermore, the FaaS model thrives by recruiting money mules—often young jobseekers lured by promises of easy money on WhatsApp or Telegram—to launder the proceeds of crime through their bank accounts. The scale of the problem is staggering; India lost a reported Rs 22,495 crore to cybercrime in 2025, a 24% increase from the previous year. Alarmingly, 7.1% of all digital transactions in India in 2025 were fraudulent attempts, nearly double the global average.
The Deceptive Simplicity of Subscription Scams
One of the most insidious tools in the FaaS arsenal is the subscription scam. These scams are designed to trick users into signing up for recurring payments, often through deceptive means. A common tactic is the 'free trial' trap, where a service offers a low-cost or free introductory period, only to automatically enroll the user in a high-cost plan without clear consent. Users might see a small charge of Re 1 or Rs 2 for a trial, only to be billed thousands of rupees later. Scammers also use phishing messages with links to download malicious APK files that bypass app store security checks, gaining access to a user's SMS, contacts, and banking apps to intercept OTPs and drain accounts. The goal is to make the charges small enough or the cancellation process difficult enough that the victim either doesn't notice or gives up trying to stop the payments.
Key Lessons for the Digital Age
The rise of FaaS teaches us that fraud is no longer a scattered series of individual crimes but a coordinated industry. For consumers, the primary lesson is the need for heightened vigilance. This means regularly scrutinising bank and credit card statements for unfamiliar recurring charges, no matter how small. It’s crucial to use official app stores for all downloads and to be deeply sceptical of links sent via SMS, WhatsApp, or email, especially those that create a sense of urgency or offer deals that seem too good to be true. Enabling multi-factor authentication on all accounts is no longer optional. For businesses, the lesson is that security can't just focus on new sign-ups. With fraudsters increasingly targeting established user accounts, companies must implement robust security for returning users and proactively monitor for suspicious activity, such as multiple accounts being accessed from a single device.
















