India’s online shopping boom has a new villain and it’s not the occasional scammer gaming a cashback code.
A fresh analysis by fraud prevention platform Bureau suggests that eCommerce scam has gone industrial, with organised networks borrowing a page from the playbook made infamous by Jamtara — Jharkhand’s cyber fraud hub known for organised banking scams. Only this time, the target isn’t banks, but shopping carts.
Also Read: WhatsApp to roll out SIM binding, tighten curbs on digital arrest scams
The study, which tracked 70 million users over 10 days, found that features meant to fuel growth like returns, referrals, cashback offers, and Cash-on-Delivery are increasingly being flipped into tools for abuse. What looks like harmless “coupon hunting” on the surface is often something far more coordinated underneath.
At the centre of it all is device farms. Think rows of smartphones, each running multiple accounts at once, switching identities faster than any human could. Bureau found that one in six risky devices was linked to more than 10 accounts, which if you have watched Netflix's series Jamtara would know are classic signs of such operations. In extreme cases, a single account clocked over 50 actions in an hour.
Bureau mapped 256 such clusters, spanning roughly 45,000 accounts operating out of just 9,000 devices.
These networks typically start small — spinning up fake accounts to milk referral bonuses or promo credits. But that’s just the audition. The real play comes next: cycling through accounts at high speed to identify those with saved cards or linked wallets. Those accounts are then earmarked for higher-value fraud.
If the behaviour sounds inhuman, that’s because it is. In one instance the study found that an account appeared to log in from Gujarat and Bengaluru within 30 minutes. Another popped up across 70 locations.
“Promo abuse isn’t petty theft. It’s industrialised,” said Ranjan Reddy, founder and CEO of Bureau. “Fraud has evolved beyond stolen cards into coordinated, cross-platform operations.”
According to Bureau, the activity is particularly concentrated in urban tech hubs like Delhi, Bengaluru, and Noida, where some platforms saw up to 15 times the usual number of users operating multiple accounts, suggesting that generous incentives may be inadvertently fuelling the problem.
Also Read: Mangaluru man gets call about SIM card misuse; one mistake makes him lose Rs 2,07,04,600 in a few weeks
Fraudsters are weaponising returns too by ordering high-value products and sending back counterfeits, empty boxes, or simply refusing delivery. And while this might seem like a logistics headache, Bureau says these patterns can often be detected even before a return is initiated.
Perhaps the most telling stat is that less than 1% of users — just 0.95% — are behind a disproportionate share of the abuse. But in a system designed for scale, even a tiny fraction can cause outsized damage.
The challenge for platforms is surgical precision. Crack down too hard, and you risk alienating the 99% of genuine users. Move too slow, and the farms keep growing.
A fresh analysis by fraud prevention platform Bureau suggests that eCommerce scam has gone industrial, with organised networks borrowing a page from the playbook made infamous by Jamtara — Jharkhand’s cyber fraud hub known for organised banking scams. Only this time, the target isn’t banks, but shopping carts.
Also Read: WhatsApp to roll out SIM binding, tighten curbs on digital arrest scams
The study, which tracked 70 million users over 10 days, found that features meant to fuel growth like returns, referrals, cashback offers, and Cash-on-Delivery are increasingly being flipped into tools for abuse. What looks like harmless “coupon hunting” on the surface is often something far more coordinated underneath.
At the centre of it all is device farms. Think rows of smartphones, each running multiple accounts at once, switching identities faster than any human could. Bureau found that one in six risky devices was linked to more than 10 accounts, which if you have watched Netflix's series Jamtara would know are classic signs of such operations. In extreme cases, a single account clocked over 50 actions in an hour.
Bureau mapped 256 such clusters, spanning roughly 45,000 accounts operating out of just 9,000 devices.
These networks typically start small — spinning up fake accounts to milk referral bonuses or promo credits. But that’s just the audition. The real play comes next: cycling through accounts at high speed to identify those with saved cards or linked wallets. Those accounts are then earmarked for higher-value fraud.
If the behaviour sounds inhuman, that’s because it is. In one instance the study found that an account appeared to log in from Gujarat and Bengaluru within 30 minutes. Another popped up across 70 locations.
“Promo abuse isn’t petty theft. It’s industrialised,” said Ranjan Reddy, founder and CEO of Bureau. “Fraud has evolved beyond stolen cards into coordinated, cross-platform operations.”
According to Bureau, the activity is particularly concentrated in urban tech hubs like Delhi, Bengaluru, and Noida, where some platforms saw up to 15 times the usual number of users operating multiple accounts, suggesting that generous incentives may be inadvertently fuelling the problem.
Also Read: Mangaluru man gets call about SIM card misuse; one mistake makes him lose Rs 2,07,04,600 in a few weeks
Fraudsters are weaponising returns too by ordering high-value products and sending back counterfeits, empty boxes, or simply refusing delivery. And while this might seem like a logistics headache, Bureau says these patterns can often be detected even before a return is initiated.
Perhaps the most telling stat is that less than 1% of users — just 0.95% — are behind a disproportionate share of the abuse. But in a system designed for scale, even a tiny fraction can cause outsized damage.
The challenge for platforms is surgical precision. Crack down too hard, and you risk alienating the 99% of genuine users. Move too slow, and the farms keep growing.
