Daybreak - The murky world of money mules and how they fuel India’s Rs 2,500 crore fraud economy
Episode Date: November 22, 2024The world of cyber fraud has gotten even murkier thanks to a slick new tech service that is streamlining fraud for scammers and making them even harder to track down. This new concept is call...ed ‘Mule-as-a-service’ or MaaS. It’s kind of like a plug-and-play fraud tech where service providers are able to deploy an army of mules on behalf of cybercriminals. These mules are people who lend their bank accounts to move dirty money for cybercriminals. The scary thing is this mule network is getting smarter about leaving no money trail for authorities to follow.More often than not, these mules are ordinary people from low income groups who sign up to make a quick buck, without realising just how dangerous the whole business is.Daybreak hosts Snigdha and Rahel are joined by The Ken reporter Rounak Kumar Gunjan and Dhiraj Gupta, co-founder of the fraud-protection firm MfilterIt, about how this network works and why regulators have been struggling to keep up. Tune in. Subscribe here to listen to the full episode of Two by TwoListen to the free version of Two by Two here: AppleSpotifyDaybreak is now on WhatsApp at +918971108379. Text us and tell us what you thought of the episode!Daybreak is produced from the newsroom of The Ken, India’s first subscriber-only business news platform. Subscribe for more exclusive, deeply-reported, and analytical business stories.
Transcript
Discussion (0)
Hi, this is Rohan Dharma Kumar.
If you've heard any of the Ken's podcasts, you've probably heard me, my interruptions, my analogies,
and my contrarian takes on most topics.
And you might rightly be wondering why am I interrupting this episode too.
It's for a special announcement.
For the last few months, I and Sita Raman Ganeshan, my colleague and the Ken's deputy editor,
have been working on an ambitious new podcast.
It's called Intermission.
We want to tell the secret sauce stories of India's greatest companies.
Stories of how they were born, how they fought to survive, how they build their organizations and culture,
how they manage to innovate and thrive over decades, and most importantly, how they're poised today.
To do that, Sita and I have been reading books, poring over reports, going through financial statements, digging up archives,
and talking to dozens of people.
And if that wasn't enough, we also decided to throw in video into the mix.
Yes, you heard that right.
Intermission has also had to find its footing in the world of multi-camera shoots in professional studios, laborious editing, and extensive post-production.
Sita and I are still reeling from the intensity of our first studio recording.
Intermission launches on March 23rd.
To get alert, as soon as we release our first studio recording,
episode, please follow intermission on Spotify and Apple Podcast or subscribe to the Ken's
YouTube channel. You can find all of the links at the ken.com slash I am. With that, back to your
episode. Man is a 28-year-old auto repair mechanic from Moga Punjab. Now, for most of his life, he's
dealt with money problems. He's from a small farming family and never attended college. So he knew that
a high-paying job was never really an option for him.
Neither was farming because it was just too unpredictable.
He was making about 12 to 15,000 every month, so things were tough.
But then in 2023, an opportunity came his way that changed his life.
A friend of his introduced him to a telegram group.
His friend told him that every couple of weeks,
the admin would share the download link of a particular app.
He made it sound pretty kosher.
Just a quick and easy way to make an extra buck or two.
So, Maan joined the group.
group. He told him that all you need to do is, you know, wait for the next instruction, as in
the next download link of one of these apps. And he got registered on that telegram app. He got
that download link. He downloaded the link put in his UPI ID bank details. And they told him
that starting tomorrow, you'll start receiving some funds. All you need to do is here is the next
bank account's number, next bank account's UPI ID. All you need to do is transfer this money onto that
bank account as soon as you receive it.
In fact, he was given a deadline of 15 minutes as well.
So within 15 minutes, he was supposed to transfer the money from his account to the next.
And for that, he will be able to get a cut of about 4% to 5%.
That was the Ken reporter, Rana Kumar Gunjan.
When he spoke to Mann last month,
the mechanic told him that there was a little bit of niggling suspicion when the money
started coming in, but he was just glad to have an extra source of income.
And initially, it wasn't even a lot of money.
a couple hundred rupees here and there,
but it was enough to get him hooked.
So, Mann kept going.
Over time, more and more money started landing into Mann's account.
And then one day...
His friend was called to an ICSA branch in Moga,
and he was told that his account has been flagged for suspicious activity.
Fortunately or unfortunately, for the friend,
there was not a lot of money in that account,
so he let the bank close his account without much complaint.
he came back and told his friend
told Maan about it that
his account got flagged and then they
blacklisted it etc
that's when
Maan got really suspicious
Now Maan was always a little
suspicious of the whole thing
but for the most part he ignored it because of the money
but when his friend's account was blacklisted
he started to question whether this new side hustle
of his was even legal
so he reached out to the friend who had actually
brought him into the whole telegram group
And that is when he realised just how murky the whole business was.
You see, without quite realizing it, Maan had become a money mule.
Hello and welcome to another special episode of Daybreak.
I'm Snigda.
And I'm Rahil and every Friday we come together to talk about something in business and tech
that interests the both of us.
And it won't just be us.
Depending on what we're talking about, we'll have some really interesting people joining us on the show.
Stay tuned.
Ronuk, to begin with, can you tell us what exactly is a money mule?
So, mules are money mules, as they are called, are people who lend their bank accounts to cyber criminals, usually unknowingly.
And it helps in moving money from a victim's account by dodging the law enforcement agencies.
In exchange, these people also get a small cut.
So mule accounts are mostly used for fishing scams, online gambling, ransom payments for kidnapping, for insuffing.
instance, escort services, wherever people cannot use legit bank accounts, legit forms of payments,
mule accounts become helpful there.
The rather unfortunate part of all of this is that most people who unknowingly land up as money mules
are a lot like man.
They're usually from low-income groups who get intrigued by the prospect of making some easy money.
But more often than not, they don't realize just how dangerous and, well, illegal it all is.
You see, mule accounts are the go-to for most illegal transactions.
Mule service providers do not participate in the fraud directly.
They simply deploy a small army of mules like MUNs to move cash around.
Each month, these channels funnel over 2,500 crore rupees in illicit funds.
And most of this money is never recovered because the people running these rackets are experts at evading law enforcement.
Now, more than ever before.
You see, the fraud machine is getting sleeker and busier than ever, not to mention more organized.
So to understand this whole phenomenon better, we spoke to Dhiraj Gupta.
He's the co-founder of M-filterate, a nine-year-old company.
And its whole raison d'etre or reason for being is finding fraud.
So, Dhiraj, you know, you've been following these online scams for almost a decade now.
And you have so much perspective.
Can you tell us a little bit about how.
digital fraud has kind of evolved over the years and how it has become so sophisticated now
with new tech coming into the picture like AI?
I think the simple way to consider fraud these days is personalization.
I think personalization has entered everywhere, including fraudsters.
Fraudsters will not just try and commit fraud by just making a random statement.
They actually try and personalize the way they will pitch to you to win your confidence
and then do the fraud.
Unfortunately, a lot of our data of our daily lives,
our family, our friends is out there,
which these criminals can access and then prepare for.
And obviously, the AI tools are making it much more easier
for them to spoof their voice, to spoof their video or their image,
which allows these scams to, let's say, get democratized, right?
So it's no longer, you know, really high-tech equipment, which is very expensive.
And then, you know, you have people like Tom Cruise doing it in Mission Impossible.
But even, you know, people like you and me can actually, you know, do this.
Also, and the other variable which has ended up coming in place is crypto.
Typically in any investigation, the investigative authorities at two angles, right?
either reach out and try and find the person who did it or try and follow the money as to where the money went, right?
And both of them could lead you to the fraud, the mastermind.
Now, one of that variable is now gone for a toss because the moment the money gets moved from the banking channels into crypto, it's become anonymized,
which means that now investigative agencies have lost one good way of tracking the proceeds of the crime.
which has made this more difficult to trek.
And on top of all of this is the layer of mules
who mainly use telegram for their illegal activities.
And it's telegram because we all know.
It is anonymized.
Your phone number also will not be displayed.
We love it for privacy reasons, of course,
but obviously it works out perfectly also for fraudsters.
They can just use a fake name and talk to you.
So, Dyraj, we were actually wondering,
because you know you track all these channels for work,
do you think you could open your phone right now
and kind of give us a little bit of a BTS
of what these groups look like?
I'm just curious to know
the kind of messages that are being sent on these channels.
So very briefly, right?
So for example, if I, you know, okay,
so if I search for escorts, okay?
So you get this group, for example,
Delhi, Pune, Mumbai escort services, right?
Now, and, you know, you actually just message on it saying,
Hi, I'm interested, right?
And you suddenly get a menu option, right?
And you will get payment options and so on.
Nothing else to be done, right?
And as I said, if you, you know, you just say, okay, I want to pay.
They will send you a QR code, right?
And that QR code is going to be a formula.
So it's obviously illegal activity.
The same, just replace escort services with drugs and you have the same thing happening, right?
And if you take the QR code and you report it to the police, right,
because there's no phone number.
You can't report the phone number.
The telegram group is anonymized.
But if you take the QR code and you, you know, give it to the police,
actually, you know, again, that mule comes in.
So that's how these services are running.
And, you know, and they may be running on telegram.
They might be running on dark web.
They might be running in multiple places.
But the MO, the modus operandi is practically the same.
But Dera, it's not just people looking for illegal things like gambling, drugs,
escod services, right?
Like, a lot of normal people also kind of fall prey to these fraudsters, right?
Yeah, so there are a lot of college kids, a lot of regular people who are accessing
Telegram is a popular app for a lot of people, right?
And so it's, and there's obviously a lot of legitimate or normal chats which happen on
telegram, right?
It's a fairly popular application.
So absolutely, there's a lot of these things which are happening.
I'll, in fact, go towards investment scams.
If you search on these telegram groups and you search for, you know, investment advice,
you'll find a plethora of channels.
In fact, Sebi has come out with a lot of these channels and flagged them that, you know,
they're providing wrong information, fake information for investors.
So typically on these, you will get, suppose you go and say, I want to invest, right?
Suddenly people will reach out and say, I'll double your money in six hours, right?
imagine how beautiful that is in six hours your money gets deviled.
I should stop working if that could happen.
But the problem is that these are all, first of all, completely illegal.
They're not registered Chevy advisors for sure.
But what they're also going to do is that they're not actually going to give you advice
that, say, you know, by Tata steel or by this share, right?
They're not doing that.
What they're going to say is, okay, here's my payment QR code, transfer $30,000
rupees and I will invest on your behalf, right?
And the moment you do that, you're basically become party to an investment scam.
There's going to be a big butchering which is going to happen for Lehman.
It basically means that the fraudster is not going to run away with the money.
He's actually going to show that in six hours, you actually doubled your money.
Through screenshots, you're going to say, look, your money is doubled.
Now he's going to say, put 30,000 more, put 50,000 more.
You get excited.
You put more money.
That also doubles or tribles.
You put more money.
So that's called pick butchering.
And finally, when you've invested a few lapsed,
and you say, okay, now I need to recover this money, that guy will ghost you and disappear, right?
Okay, on that note, Dhiraj, if you could explain to us, the role that M-filtered kind of plays in this whole cyber fraud landscape, you know?
So, we at Amfiltered are, we have a core skill set of crawling and finding dark and deep corners of the internet to pull information out, make sense out of it, connected together and provide that in a meaningful way.
So what we do is that we go into these platforms, whether it's telegram groups or its emailers or its Insta groups or its YouTube shorts or just websites, apps, chatting groups.
We find out where these activities are happening. We bait these people to share their details, right? So we actually bait them to share their QR code, their bank details, etc. And then we take that and we report that to the banking industry. Now, of course, these are mules, right? So the master's
mind might still be hidden, but now those mules have got exposed, which is the first layer of
which gets unraveled. And the effort for these fraudsters to keep finding new mules keeps
increasing. So every day, we are tracking thousands of mules with, you know, with full proof
points and screenshots which are provided to regulatory bodies and banking authorities.
Right. Also, you know, Diderj, you were talking to Ronek about, you know, how you've noticed
this very concerning trend in this entire fraud machinery.
of how fraudsters are now running what looks a lot like a B2B operation actually.
And the new buzzword that we are hearing a lot, which also Ronak mentioned in his story,
is mule as a service or mass.
So can you help us understand what exactly it is?
What it means is that someone manages all the mules and rotates them.
What that means is that a fraudster will not use only one mule at any given time.
he will his money is actually segregated maybe over 500 mule accounts right which means that as a payment gateway
that unofficial or unauthorized payment gateway a mule as a service payment gateway i can keep rotating it to
bypass those thresholds which say transaction else's meeting right because i don't need to i can keep
saying okay i will allow this much money to go into say your account a mule account a then wait for
say 15 minutes because that's what rb a you know thumb rule is and then after
15 minutes, take another set of money, then again sleep for 30 minutes, then put another set of money,
not, you know, and so on so forth.
Now, practically by doing this, I'm able to manage the patterns which is being used to catch me,
which means that you might think that meals have reduced and you've taken action and you've
protected, but actually just that fraudsters have changed the patterns by which they're doing the
fraud, right?
D-Mart is synonymous with discounts.
Its stores are packed on most weekends like there is a festival going on.
But despite all of this, the listed company has been in a bit of a slumber for some time now.
So my colleagues, Rohin Dharma Kumar and Praveen Kopalakrishnan, decided to investigate the forces that are making DEMOT, take a pause and decide what its strategy is to defend its position.
Stay tuned to hear what they and their really interesting guests had to say at the end.
end of this episode.
And now back to daybreak.
If you ask an RBI official
or pretty much any bank employee
about the whole Mule Network scenario,
they'll tell you that it has gotten
way out of hand. In fact,
four banking executives Ronek
spoke to said the topic has come up in
nearly every closed-door meeting this year.
Both regulators and
industry players are all desperately
trying to find a solution,
but so far, progress has been slow.
Sadly, only 10% of the
the money is being able to be recovered till now.
So about 2,500 crore a month is being used by these mule accounts and they're evading
the system completely.
And out of that, only about 250 to 300 crore is able to be recovered.
Right.
You know, Ronak, it kind of sounds like for banks and actually even for the RBI, it's almost
like a never-ending game of playing catch-up, no?
Like, especially because these digital fraudsters, they've become so evolved and sophisticated
with the kind of online scams that they're pulling off?
Mostly, presently, it is a game of catch-up, to be honest,
because banks or the RBI do not have a definitive solution as to how to stop this kind of fraud.
So there are only two kinds of solutions.
We are able to be either predictive or preventive.
For instance, the Innovation Hub of RBI has come up with a mule tracker, an AIML-based mule tracker.
So what these guys do is they make their systems or their models read huge amounts of transactional data
so that in real time they're able to sort of predict which account is moving towards a suspicious activity.
For instance, if account A was dormant for about a year, a couple of years,
and then suddenly there's a lot of activity in it, then the mule tracker will probably tell us that there is something suspicious going on.
But that's completely predictive. There may not be something suspicious going on.
So that's one.
Second, the kind of model that companies like Mfilter it use,
so what they do is they use web crawlers.
So that's sort of preventive.
But in real time when there is a scam going on,
when there is money being dissipated,
when there is, for instance, a mule being hired and brought into the system,
for all of those things, we still don't have a solution.
So banks are, you're right, banks are playing catch-up,
but they're trying to get as innovative as possible
and, you know, trying to close in.
But there is still a long way to go.
You see, law enforcement authorities in India are working overtime to track down these mule accounts.
In fact, they look at it sort of like a multi-level deception scheme,
a pyramid with multiple tiers of recruits,
all of whom are at different levels based on how much money is involved.
Roanak explains how it works and where Mann fits into the pyramid.
The lowest trunk of people are usually called L3.
And there are people like Mann who don't have much technical skills.
and are new to the system.
L3s are usually inducted through referrals from L2s.
Now, L2s are one step above L3s.
They're more experienced mules who've been in the system for a while
and are trusted with larger amounts of money to move.
The top of the pyramid is occupied by L1s.
These guys are technically skilled folks
who move the money from the victim's account
to the eventual source,
either by converting it into cryptos or through hauolas, etc.
The referral system is incentive-based, so L3s, fresh L3s keep coming.
Fresh L3s like Mane keep joining the system.
And the money keeps moving from the victim's account to L3, then to L2, then L1, then out of the system.
The biggest use case for these Mule accounts has been online gambling, which, by the way, is banned in India.
In fact, just earlier this year, the Indian government banned nearly.
early 200 betting sites.
But every time a site is banned,
a new one pops up in its place.
It's kind of like the proxy sites
that would pop up for websites
streaming pirated movies.
It's almost a feasting ground
for these money mules
because every time you go
to make a payment for
gambling on a website X,
you will find different names
of UPI IDs being mentioned there.
because I'm sure you're aware that
and a UPI ID can only receive a certain number of
transactions in a day, certain amount of money,
there is a ceiling to it as well.
So you cannot have one UPIID receiving money
throughout the day on a gambling app.
So they keep rotating these UPI IDs as well.
And the amount of interest that people have in online gambling India is crazy
which is why if you go to a famous online gambling website,
say 1X, you will constantly find that every half an hour the UPI ID that's getting displayed on the payments page keeps changing.
So from that we can understand the amount of involvement, the amount of interest that people have,
which is why they're having to rotate those UPI IDs every 30 minutes.
The reason these sites rotate UPI IDs so frequently is to dodge regulatory flags.
Obviously, you see the NPCI Caps daily UPI transfers at 1,000 rupees per.
ID. So through these mule networks, these illegal sites are able to move huge amounts of money
all while staying under the radar. And while folks like Dhiraj have been able to identify
many patterns of how these mule networks operate, these networks constantly change their
modus operandi and they do it so fast that it is almost impossible to catch them just based
on their operating patterns. So what does an expert like Dhreraj do? By our
solution which is going to the source of where the mules are, you can keep getting these
additional data points because there, we are sure that it's a mule. Now, if that new account
has a different title, now that can actually help you in training back the model, saying that now,
by the way, you can't use 95% as a threshold. You have to use 80% or 85% because that 95% no longer
is there. So this data helps you in training and predicting and improving the accuracy of all your
other analytics. So the modus operandi of these criminals will keep changing. But the backbone
requirements remain the same. They need a hook to justify, you know, they need a money flow.
They need some mules to collect the money. Then they will route it and then convert to crypto.
That doesn't change. You know, it might be kidnapping. It might be drugs. It might be money laundering.
It might be digital arrests. It might be investment scams. But this part remains the same.
And if we can action on this part, we can actually reduce.
the effort of every fraudster,
increase the effort of every fraud
into doing that fraud,
which in itself should reduce
the implication of this.
It sounds a lot like a never-ending
cat and mouse chase. You see,
as these mule networks get smarter,
regulators and start-ups like M-filter
will have to keep up.
Because right now, the fraud economy
is booming and just playing catch-up
isn't going to cut it anymore.
Like Diedad said, they have to
find the source and stop it right
there. About whether or not they launched Demarch Ready to defend their existing business,
right? We need to understand when I think Demart Reddy was launched in 2017, 2018, but it was more
of a pilot. Before COVID. Yeah, but it gathered steam during the pandemic. Yeah, yeah. They were still
doing pilots. By then, Big Basket had been operational for what, eight years, right? And Big Basket is
also a value retailer, e-tailer. Yes. You get really good discounts on Big Basket. Because at
At that point, it was only next day delivery.
Correct.
So you could wait for a day and get a 20%, 30% discount in your overall basket.
So, Big Basket was already there and GeoMart launched in April or May 2020.
And that's when Demart started to take this business seriously.
So it's not that customers didn't have, and Geomart was free delivery, regardless of the order value.
Right?
So, Demart Reddy was not the first to do this.
So, they were clearly trying to protect their customers from being poached.
And it hasn't worked.
At that point, it did seem counterintuitive.
Groin said, you know, Blinket and Zeto, they've shown that you can indeed get customers to pay for delivery.
At that point, everyone was doing free delivery.
And Demar said, sorry, it was 50 to 80 bucks then.
Yes.
Right?
But now you're telling me to come to your store and pick up?
Not even a store.
It's a kiosk.
Absolutely.
Right?
And your CEO is talking about how they want to move everything to same-day delivery
when refrigerators and TVs are being delivered in 15 minutes and 20 minutes.
Okay, that's an exaggeration.
We haven't been there yet.
We probably will.
No, you can.
I just check Big Basket.
You can get a microwave oven in 10 minutes.
From Chrome.
Yeah, from Chroma.
So Big Basket, just to tell you,
last three deliveries that I got from them were six hours delayed. And they were booked for a 24-hour
slot, not even quick commerce. So big buzzer, it is just not reaching. The big basket is, I think,
far away. And if you look at what valuation they got where they sold to Tata is actually a clear
proof as well, you know, as to. So the blinkets, etc. are getting far, far superior valuation,
in my opinion, vis-a-vis what their business model is and what their profitability can be. I don't
think they can ever meet the profitability that Demart is delivering.
But that's, sorry, that's the nub of the argument, right?
Because the game that we've been like, you know, or at least DeMart and legacy retailers
have been playing is that, hey, the only thing that matters is profits.
You're a business.
You exist to make profits.
And investors and markets will look at how fast you're growing and how much profits you're
generating and they'll value you based on that.
In comes this quick commerce trend where suddenly that's no longer.
or the objective and its valuations, right?
So now, you know, the choice that is, you know, I mean, I can imagine DEMAT is faced with
is that how do you, is this a passing storm?
Like, can we just hope and close our eyes and hope that in three years or four years,
most of this will burn away because everyone will realize.
But if you do that, how much of your business do you have to sacrifice in the short term
because of these VC-funded giants,
which, I mean, many of them are now,
I mean, Zomato is listed, Swiggy is listed,
will continue to, or one is backed by Tata,
will continue to chop away or like, you know, take away your, you know, customers.
And so you lose on valuation.
So, I mean, I was just thinking there's a very famous saying, right?
Like, you know, in the context of stock markets,
that markets can remain irrational.
longer than you can remain solvent.
Right?
So in some senses,
this is like the large company retailer version of it, right?
Yeah.
That, you know, the, what do you call?
Venture funded valuation bubbles can remain inflated
longer than you can hope to run a sustainable and profitable business.
And therefore, what does it do?
So, I think pre-quick-comers, I think the choices were very clear.
They were binary for DMART, right?
Just focus on brick-and-mortar.
retail make a lot of money or do e-commerce and lose money because that was no one no e-tailer
was profitable then amazon flip card they still aren't and big basket which was the one big
grocery only retailer big basket wasn't making money either but now you can't make the same argument
because blinket is on the verge of breaking even and instamart swiggy will also break even enough
in a few quarters right i don't know about zepto so and this is partly because they are
charging customers 30 bucks, 15 bucks, 30 bucks, right?
So you can no longer make that argument to analysts and investors.
We won't do this because we are a very frugal company.
We want to make money, right?
You can't say that anymore.
But it's not in your DNA to do quick commerce the way we understand quick commerce.
You just listened to was a small part of the discussion that Rohan and Praveen
had on the Ken's premium podcast, 2 by 2, which was also
handpicked as one of their favorite podcasts of the year by Apple Podcasts.
You can listen to the full episode with a premium subscription to the Ken or on Apple Podcasts
with a standalone subscription to just 2 by 2.
And if you're still not ready to take the leap yet, you will find a shorter version of
the podcast on any podcast platform.
Just look for 2x2 wherever you get your podcast, Apple or Spotify.
Daybreak is produced from the New York.
Newsroom of the Ken, India's first subscriber-focused business news platform.
What you're listening to is just a small sample of our subscriber-only offerings.
A full subscription unlocks daily long-form feature stories, newsletters and podcast extras.
Head to the Ken.com and click on the red subscribe button on the top of the Ken website.
Today's episode was hosted and produced by Rahal Philipos and I, Sinkda Sharma,
and it was edited by Rajiv Sien.