The New Criminal Business Model
Fraud-as-a-Service, or FaaS, mimics the legitimate software-as-a-service (SaaS) economy, but its products are illegal. Instead of selling cloud storage, these underground marketplaces on the dark web rent out everything needed to commit financial crimes.
For a small fee, aspiring criminals can buy phishing kits with fake login pages for Indian banks, AI-powered tools to create deepfake videos for KYC fraud, or access to networks of compromised accounts. This model drastically lowers the barrier to entry, turning complex cyberattacks into a simple transaction. What once required deep technical knowledge is now available to anyone with a few thousand rupees and a Telegram account.
Understanding Subscription Scams
A major product within the FaaS ecosystem is the subscription scam. These schemes are designed to trick users into recurring payments for services that are either worthless or non-existent. A common tactic is the 'free trial' trap, where users sign up for a free offer but are hit with high fees after the trial abruptly ends. Scammers also use misleading fine print to hide automatic renewals and recurring charges, making them difficult to notice until significant money is lost. In India, these scams have been seen in fake but attractive offers for bundled OTT platform subscriptions, promoted heavily on WhatsApp and Telegram to lure unsuspecting users.
Why India Is a Prime Target
Several factors make India a fertile ground for these cybercrimes. The country's rapid digitisation means over 86% of households have internet access, creating a vast pool of potential targets. This includes many first-time digital users who may have lower cyber awareness. Furthermore, the explosion of real-time payment systems like UPI, which processes billions of transactions monthly, has created more opportunities for instantaneous fraud. Recent reports show India's suspected digital fraud rate is nearly double the global average, highlighting the nation's vulnerability. In 2025 alone, India lost over ₹22,000 crore to cybercrime, with fraudsters increasingly targeting active user accounts rather than just creating new fake ones.
The Real-World Consequences
The impact of FaaS and subscription scams is felt by both individuals and businesses. For consumers, it leads to direct financial loss, the stress of dealing with unauthorised charges, and potential identity theft. Businesses, especially in sectors like e-commerce and food delivery, face significant revenue leakage from refund abuse and reseller fraud, with some platforms losing crores each month. These attacks also erode customer trust in legitimate subscription services and digital platforms, damaging the credibility of the entire digital economy.
How to Stay Protected
For individuals, vigilance is the first line of defense. Always be wary of offers that seem too good to be true, like heavily discounted subscription bundles. Before providing payment details for any trial, read the terms and conditions carefully, especially the cancellation policy. Regularly monitor your bank and credit card statements for any unfamiliar or unauthorised recurring charges. If you receive an email or text asking you to renew a subscription, don't click the link. Instead, go directly to the company's official website to verify its legitimacy. Using virtual credit cards or services with limited-use numbers can also prevent unauthorised recurring charges.
What Businesses Can Do
Businesses must move beyond basic security. Implementing multi-layered and multi-factor authentication is crucial, especially for account logins, not just new sign-ups. Investing in AI-driven fraud detection systems can help identify suspicious patterns in real-time, such as multiple accounts being operated from a single device or unusual transaction behaviours. Educating customers about common scam tactics is also vital to build a more resilient user base. As fraud becomes increasingly industrialized and organised, companies need to adopt a proactive stance on security to protect their customers and their reputation.
















