'Rent-an-account': The backbone of online frauds in India

While luring users online might still be easier for cybercriminals, extracting money using online solutions such as UPI with a layer of anonymity was still a challenge.

Fraudsters are now renting social media and bank accounts of genuine users to solve this problem.

The rise of the influencer economy has created a perception of social media as a money-making machine. Scammers, who are on constant lookout to exploit this belief, are now targeting social media users on the pretext of enroling them for marketing purposes, with the promise of quick cash.

If entrapped, users can lose control of their accounts and even land in legal troubles.

Renting social media accounts and even some bank accounts is a relatively novel and somewhat legitimate marketing business practice in some countries.

Additionally, India Today has observed a rise in the use of UPI accounts in cyber fraud. By using these bank accounts to transfer fraudulent funds, it becomes difficult for authorities to trace the fraudsters, allowing them a layer of anonymity.

Also, it has been seen that after gaining access to social media accounts, the scammers employ the accounts for impersonation, scams, and misinformation & disinformation campaigns.

ON THE SCAM TRAIL

While scrolling through Facebook, we stumbled upon a post that promised $30-$100 (about 2500-8400 in rupees) for an account per month, based on the number of users it is connected with.

On Telegram, the scammer introduced themselves as a representative of a US-based energy firm and offered 5 USDT (a cryptocurrency) or more than Rs 400 instantly for sharing a LinkedIn account's username and password.

"We'll evaluate the utility of your account for seven days," came the message.

Quickly after logging in, the scammer deleted the conversation on Telegram. However, we were quick to terminate the login session on their device.

LinkedIn active session log showed that the scammer had logged in from Virginia, United States. Interestingly, they shared a screenshot of LinkedIn's login page that displayed text in Mandarin suggesting a possible VPN connection from China.

Another suspected scammer posed as an employee of a London-based medical tech firm and tried to recruit us as a middle person to rent more LinkedIn users.

On further investigation, there were many posts also offering payments for renting Indian bank accounts. Several Telegram groups facilitate the buying and renting of these accounts, promising commissions of up to 2.5 lakh rupees per day.

PERILS OF SM ACCOUNTS RENTING

Users sharing their social media account credentials could not only lose access to it, but the scammers could also persuade them to share credentials of their accounts on other social media platforms and associated email accounts.

What's worse? If the rented account is used in any illegal activity, the law enforcement may prosecute the real owners of the account since it is registered with their real email address or phone number.

Cybersecurity expert Mohit Kumar says that many times social media account owners who log into their accounts with their email could end up losing access to their email account, and thus exposing themselves to different kinds of financial losses in the future.

A few suspected scammers India Today interacted with said access to email accounts associated with the LinkedIn profile was a requirement for "unblocking" in case the platform blocks or restricts the accounts after detecting suspected activity.

"Scammers can leverage such accounts for illegal activities, including spreading false information or scamming others, all while using the trust people have in the account holder to their advantage," Kumar added.

HOW TO SPOT THE SCAM

The demand for login credentials is a big red flag. "No reputed company would need access to your LinkedIn account to promote its brand. They would instead seek collaborations or endorsements without requesting credentials," Kumar opines.

The social media accounts where such offers are made can also offer some clues. For instance, an account is likely to be fake if it's new, has a low friends or follower count, doesn't carry the profile picture of a real person, or only has posts about rent-an-account on their timeline.