Welcome to Fraud-as-a-Service
Think of any 'Software-as-a-Service' (SaaS) you might use, like a streaming platform or a productivity tool. You pay a subscription and get access to a powerful service. Now, imagine the same model applied to cybercrime. That's Fraud-as-a-Service, or FaaS.
It's a shadowy marketplace where experienced criminals develop and sell tools, allowing anyone with a few thousand rupees and a Telegram account to launch sophisticated scams. This model lowers the technical barrier for would-be fraudsters, transforming cybercrime from a specialised skill into a purchasable package. Instead of needing to know how to build a fake website or code malware, a criminal can now simply rent the necessary tools.
The Criminal's Toolkit for Subscription Scams
So, what exactly are these 'tools'? For subscription scams, the FaaS model offers a ready-made arsenal. The most common product is a 'phishing kit'. These kits include professionally designed fake login pages that mimic banks, e-commerce sites, or popular streaming services. The scammer doesn't need to build anything; they just deploy the template. Other services include access to botnets (networks of infected computers) to send out mass scam messages, stolen identity datasets, and even deepfake tools for creating fake video-based KYC verifications. The entire fraud supply chain is available for a monthly fee, complete with customer support via encrypted chat apps.
How a Typical Subscription Scam Unfolds
The trap often starts with an irresistible offer sent via SMS or WhatsApp: a free trial for a premium service, a massive discount, or a pending reward. Clicking the link takes you not to the real service, but to a convincing fake page from a FaaS kit. You're asked to enter your card details for a tiny verification fee or to start your 'free' trial. The fine print—if there is any—is where the trap lies, hiding terms about automatic renewal at a high price. In other cases, the site is purely for stealing your financial data. Before you know it, you're locked into a recurring charge that is notoriously difficult to cancel, with the money often routed through a complex network of mule accounts.
Why India Is a Prime Target
India's rapid digitalisation makes it a fertile ground for these scams. The sheer volume of new internet and digital payment users means there's a large pool of individuals who may not be accustomed to spotting sophisticated online threats. Scammers exploit this, sending out millions of AI-generated fake messages daily, knowing that even a small success rate will be profitable. Furthermore, India's vast network of mule bank accounts, often obtained from people lured by offers of quick cash, provides the financial plumbing for laundering the proceeds of these crimes, making it harder for law enforcement to track the money.
Protecting Yourself in the FaaS Era
While the threat is industrialised, your defence can be personal and effective. Vigilance is your best tool. First, never install apps from links sent via messages; always use official app stores like Google Play or the Apple App Store. Scrutinise every offer that seems too good to be true. Always read the terms and conditions before entering payment details for a 'free' trial, paying close attention to cancellation policies. Get into the habit of regularly reviewing your bank and credit card statements for any unauthorised recurring charges. If an offer feels incredibly easy to sign up for but has no clear way to cancel, it is a major red flag.
















