KnowBe4 Wins 2025 Top Workplaces Industry Award

Posted in Commentary with tags on July 16, 2025 by itnerd

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, announced today that it is a 2025 Top Workplaces Industry winner. This recognition comes from Energage, a purpose-driven organization that develops solutions to build and brand Top Workplaces. The Top Workplaces program has a 17-year history of surveying and celebrating organizations nationally and across 60 regional markets. Top Workplaces Industry awards celebrate organizations that have built people-first workplace cultures within their sector. 

The award marks the winners as an employer of choice for those seeking employment in the industry. Top Workplaces awards are based on feedback from a research-backed employee engagement survey. Details about how KnowBe4 builds a great workplace culture are available on Top Workplaces.

To see open positions at KnowBe4, visit www.knowbe4.com/careers

Leave a comment »

Salt Typhoon Hacked National Guard for Nearly a Year…. WTF??

Posted in Commentary with tags on July 16, 2025 by itnerd

It is being reported that Salt Typhoon, an elite Chinese cyberspy group, hacked at least one US state’s National Guard network for nearly a year, the Department of Defense has found. Rather than quote anything, click the link and read for yourself. It will blow your mind.

Ensar Seker, CISO at SOCRadar:

“The revelation that Salt Typhoon maintained access to a U.S. National Guard network for nearly a year is a serious escalation in the cyber domain. This isn’t just an opportunistic intrusion. It reflects deliberate, long-term espionage designed to quietly extract strategic intelligence. The group’s sustained presence suggests they were gathering more than just files, they were likely mapping infrastructure, monitoring communication flows, and identifying exploitable weak points for future use. What’s deeply concerning is that this activity went undetected for so long in a military environment. It raises questions about visibility gaps, segmentation policies, and detection capabilities in hybrid federal-state defense networks. It’s another reminder that advanced persistent threat actors like Salt Typhoon are not only targeting federal agencies but also state-level components where the security posture might be more varied.”

Erich Kron, Security Awareness Advocate at KnowBe4

“In a time where we are often fooled into thinking cybercrime means somebody telling us that we missed jury duty, or convincing our loved ones of a long-distance romantic relationship, we sometimes miss the fact that this is more than a game and is played at the nation state level. Cybercrime has real dangers for real people and real governments as well.”

“The Typhoon groups, several different alleged Chinese-backed cybercrime groups that carry the ‘Typhoon’ moniker as part of their name, have been known to be very stealthy and very effective. This is just another example of the trouble they can cause and danger that they pose. While this was at the state level with the National Guard, it still goes to demonstrate that even our military forces are at risk from these cybercrime groups. As we’ve seen in several recent conflicts, cyberattacks play a critical role in military actions, often being coordinated with boots-on-the-ground actions as well.”

“These criminal groups must be taken seriously, which means that everyone from senior government leadership to the average citizen, needs to be at least somewhat aware of the threats, how to spot them, and who to report them to. Whether it’s stealing money from individuals to fund other operations, or trying to cripple infrastructure through cyberattacks, these bad actors are a clear and present danger

The fact that this group was able to basically stroll into this environment, pitch a tent, start a campfire and stay there for an entire year is crazy. It really shows that organizations seriously need to try harder to keep the bad guys out. Because who knows what these threat actors were able to do with the access that they had.

Leave a comment »

Sage and Stripe help small businesses get paid faster with Tap to Pay

Posted in Commentary with tags on July 16, 2025 by itnerd

Sage has today announced the launch of Tap to Pay in Sage Accounting. The new feature, powered by Stripe, is available to Canadian customers and enables small businesses and sole traders to take in-person payments using only their mobile phone, via the Sage Accounting app.

Tap to Pay removes friction from how businesses get paid. It forms part of a smarter, connected experience in Sage Accounting, where tasks like creating invoices, taking payments, reconciling accounts and tracking cashflow happen more seamlessly. Combined with Sage Copilot, it helps business owners stay on top of their cashflow with less effort and more confidence. Tap to Pay brings together Stripe’s trusted payments infrastructure with Sage’s deep understanding of how small businesses work to solve a real and everyday challenge: slow and inconsistent cashflow.

Research from Good Business Pays highlights that businesses in the last year are reporting a 20% increase in average payment times – now exceeding 80 days. The knock-on impact can be significant. With Tap to Pay, payment is automatically applied to the invoice and reconciled in the customer’s accounts, removing the need for manual input, hardware like card readers and chasing for invoices.

What Tap to Pay means for Sage Accounting customers

With support across the two main mobile operating systems, small businesses now have the flexibility to take payments in the moment, using the devices they already own.

The new feature supports mobile businesses and sole traders by making it easier to get paid at the point of service. From independent tradespeople and fitness instructors to market stallholders and consultants, customers can now take payment on the spot, without having to follow up later.

It means that customers can:

  • Take payments anywhere using a mobile device
  • Accept contactless cards and digital wallets
  • Automatically reconcile payments in Sage Accounting
  • No need for additional card readers or payment terminals
  • Secure and compliant processing, powered by Stripe

Strengthening Sage’s partnership with Stripe

This marks the latest step in Sage’s partnership with Stripe, following last year’s announcement to embed payment capabilities across its small business solutions. With Tap to Pay, small businesses and sole traders can now accept contactless payments from cards or digital wallets directly via the Sage Accounting app.

To find out more about Sage Accounting and Tap to Pay visit here: https://www.sage.com/en-ca/sage-business-cloud/accounting/

Leave a comment »

Flashpoint releases “The Flashpoint Method for Threat-Informed Vulnerability Prioritization

Posted in Commentary with tags on July 16, 2025 by itnerd

This morning, minutes ago, threat intelligence firm Flashpoint released a new report titled “The Flashpoint Method for Threat-Informed Vulnerability Prioritization.”  

The guide provides security teams with the following: 

  1. A clear framework for assessing which vulnerabilities demand immediate attention and why.
  2. A checklist of key prioritization criteria based on real-world exploitation, business impact, and threat intelligence.
  3. Insights into how Flashpoint’s vulnerability intelligence platform and analyst expertise can help put threat-informed vulnerability management into action, at scale.

As organizations expand their digital footprints, the number of vulnerabilities discovered each year climbs, growing faster than the ability of most security teams to respond effectively. With more than 31% of vulnerabilities rated high or critical using CVSSv3, and exploit code publicly available for nearly 42% of all disclosures, teams that rely solely on severity scores realize that it is no longer enough. 

This guide offers a smarter, data-driven approach that helps security teams focus on the vulnerabilities that pose the greatest real-world risk to their specific organizations. Backed by Flashpoint’s proprietary intelligence, this method moves beyond static scoring to incorporate exploit activity, threat actor behavior, business context, and more – so you can cut through the noise and take decisive action faster. 

There will be a two-part blog series as part of the release with the first blog post live at this link.

Leave a comment »

iOS Fitness app Fitify exposes 138K user private photos 

Posted in Commentary with tags on July 16, 2025 by itnerd

The Cybernews research team has uncovered data leak involving Fitify, a popular fitness app with over 25 million installs globally. Researchers discovered that 373,000 sensitive user files — including 138,000 progress photos — were stored in a publicly accessible Google Cloud bucket — with no password protection or encryption at rest, meaning anyone could access them.

Among the leaked files were:

  • 206,000 user profile photos
  • 138,000 progress pictures uploaded by users to track fitness changes
  • 13,000 AI coach message attachments, which may include images or text
  • 6,000 body scan files, including photos and AI-generated metadata (e.g., lean mass, body fat, posture)

Key research highlights 

  • Many of the exposed photos were semi-nude body scans, captured by users trying to document weight loss or muscle growth.
  • Fitify promises encryption in transit, but the lack of basic access controls poses serious privacy risks.
  • Researchers also found hardcoded secrets embedded in the app’s code — including Google API and Client IDs, Firebase database URLs, Facebook tokens, and even an Algolia API key, which wasn’t disclosed in the privacy policy.
  • These exposed credentials could let attackers access backend infrastructure, impersonate users, or inject malicious content.

To read the full research report and see samples of screenshots, please click here.

Leave a comment »

EnGenius Announces Affordable ECW520 Access Point

Posted in Commentary with tags on July 16, 2025 by itnerd

EnGenius Technologies is pleased to announce the release of the ECW520, the latest addition to its Wi-Fi 7 portfolio. Engineered to provide enterprise-grade wireless performance at a highly cost-effective price point, the ECW520 is designed to empower small and medium-sized businesses (SMBs) with next-generation connectivity—without the traditional enterprise cost.

EnGenius ECW520: High-Performance Wi-Fi 7, Optimized for SMBs

Powered by the Qualcomm® Networking Pro 1220 Wi-Fi 7 platform, the ECW520 delivers robust tri-band 2x2x2 performance with combined throughput capabilities of up to 10.8 Gbps. At an MSRP of $189, the ECW520 redefines value in the wireless networking space, offering a professional-grade solution for IT professionals, managed service providers (MSPs), and integrators seeking high-capacity, reliable connectivity for SMB deployments.

The ECW520 is equipped with essential features including:

  • License-free EnGenius Cloud management for centralized visibility and control.
  • Mobile-first provisioning via the EnGenius Cloud To-Go app.
  • Advanced security protocols with WPA3 Enterprise support.
  • An industry-leading 5-year warranty that underscores long-term reliability.

Strategic Affordability Meets Technical Excellence

ECW520 incorporates the latest Wi-Fi 7 innovations, including:

  • 320 MHz and 240 MHz channel widths4096-QAM, and Multi-Link Operation (MLO) to enhance throughput, reduce latency, and improve spectrum efficiency.
  • Multi-RU puncturing to optimize channel utilization in congested environments.
  • 2.5 Gigabit Ethernet interface with PoE+ support and a maximum power consumption of just 21W, ensuring compatibility with existing infrastructure.
  • Backward compatibility with legacy Wi-Fi standards, simplifying transitions from older networks.

This combination of technical sophistication and affordability makes the ECW520 an ideal solution for high-density environments such as multi-family, educational institutions, hospitality, and professional office settings.

Operational Efficiency Through Cloud-Driven Simplicity

Through integration with the EnGenius Cloud platform, the ECW520 enables IT teams to monitor, configure, and troubleshoot networks remotely and at scale—without ongoing licensing fees. Its zero-touch provisioning and intuitive interface significantly reduce deployment time and operational complexity.

Key Benefits at a Glance

  • Cost-Effective Enterprise Performance: Brings Wi-Fi 7 to SMBs at a disruptive price point.
  • Comprehensive Cloud Management: Remote visibility, control, and automation from anywhere.
  • Streamlined Deployment: Quick setup via Cloud To-Go app in under five minutes.
  • Secure and Scalable: WPA3 Enterprise Encryption, multi-AP cloud scalability.
  • Installation Flexibility: Includes click-and-twist mounting system and Kensington lock slot.
  • Extended Product Assurance: Backed by a limited 5-year warranty.

Availability

The ECW520 will be available from EnGenius authorized resellers and distribution partners by the end of July. For additional product specifications and purchasing information, visit:
https://www.engeniustech.com/high-performance-wifi7.html

Leave a comment »

A New And Dangerous #Scam That Uses The Names Of Rogers & The CRTC To Further The Scam Is Making The Rounds

Posted in Commentary with tags , on July 16, 2025 by itnerd

It appears that a new scam involving Rogers is making the rounds. And it uses the CRTC to get you to fall for the scam. Here’s the scam:

  • You get a phone call from a number that starts with 416-935-xxxx
  • When you pick up the phone, the scammer will claim to be someone from Rogers calling on behalf of the CRTC.
  • They will have some basic information about you or a relative, and claim that a suspicious SIM activation has been traced back to you or a relative.

Now the person who got this call hung up as they clued in that it was a scam. Thus I do not know what their endgame was. But here’s some random thoughts based on what was told to me.

First of all, the CRTC has nothing to do with investigating “suspicious” SIM activations. In fact they don’t really investigate much at all. If you want to see what the mandate of the CRTC is, click this link. But what the scammers are counting on is that you don’t know what the CRTC actually does and fall for the scam.

Second, the scammers are spoofing a phone number that starts with 416-935-xxxx. Why is that important? Using a random number may result in someone either not answering the call, or hanging up very quickly. But by using 416-935-xxxx make the call appear to come from Rogers because that is the local phone number of Rogers HQ in downtown Toronto. And more importantly it will appear in a Google search. Meaning that they are counting on the fact that at worst, you will Google the number, see that it comes back to Rogers, and be more likely to fall for the scam. Assuming that you don’t recognize the number immediately and just get sucked into the scam as a result.

Third, the fact that the scammers have some basic information about you implies that that this is a targeted attack via customer data belonging to Rogers making its way into the hands of scammers. I’ve personally experienced something like this before. And what it tells me is that Rogers really needs to investigate the handling of their customer data as this is the second time that I have seen scammers utilize Rogers customer data to try and scam their customers.

This is really dangerous as I can see people easily falling for this scam. As I said earlier, I don’t know what the endgame of these scammers is, but it can’t be good for you. Thus if you get a call that fits this description, your best course of action is to hang up and move on with your life.

Leave a comment »

Today Is AI Appreciation Day

Posted in Commentary on July 16, 2025 by itnerd

AI Appreciation Day, celebrated every July 16, is kind of like a love letter to the invisible magic shaping our daily lives. From the playlists that somehow know our moods to the voice assistants helping us juggle busy mornings, AI is everywhere, often quietly working behind the scenes to make things a little smoother, a little smarter. But this day isn’t just about the tech; it’s about the people behind it, the dreamers, coders, scientists, and ethicists who pour their energy into building systems that (hopefully) make the world better. Whether you’re marveling at a new breakthrough or just grateful your email spam filter didn’t let chaos in, AI Appreciation Day is our chance to step back and say: wow, look how far we’ve come, and let’s keep going… thoughtfully.

Executives from Deepgram, DH2i, Foxit, Leaseweb USA, and Leaseweb Canada have offered commentary on AI Appreication Day:

Natalie Rutgers, VP of Product, Deepgram

“Artificial Intelligence Appreciation Day is an easy day to celebrate given the pace of innovation we’re witnessing across the AI landscape — from generative art to predictive analytics to robotics. Nonetheless, among all the buzzy advancements, voice AI continues to emerge as the most exciting and impactful, particularly for enterprises.

We are now witnessing voice AI quickly reframe how entire sectors operate. This is especially true across industries like quick-service restaurants (QSRs), hospitals, banks, and really any business that depends on natural conversation, a help desk, or contact center to help ensure a positive customer experience (CX). Of course not only customers benefit. Voice AI is making conversations faster, more natural, and less frustrating for everyone involved – including employees. Voice is how we connect as humans, and now, it’s becoming one of the most critical factors in how businesses connect, too. 

So, on AI Appreciation Day and all year long, if you’re trying to figure out which AI trends are worth watching, voice should be at the top of your list.”

Don Boxley, CEO and Co-Founder, DH2i

“I feel like lately, every day is Artificial Intelligence Appreciation Day. You can find new headlines daily that talk about the transformative impact of AI. The appreciation shouldn’t stop with the frontend applications and their capabilities though. The industry needs to maintain a realistic understanding of what it takes for an AI application to succeed with longevity. The truth is, unless your AI tech is built on a rock-solid foundation focused on uptime, resiliency, and security, all that AI potential goes out the window. Think about it like trying to win a race with a Ferrari… except the car has bald tires and no brakes.

The companies that are going to win the AI race aren’t the ones that are only throwing money at the flashiest models. They are equally focused on investing in uptime, resilience, and robust security for the underlying platforms and infrastructure powering their AI applications. Yep – the unsexy stuff, but it’s what really makes the difference between AI that impresses in a demo, and AI that actually delivers in the real world.” 

DeeDee Kato, VP of Corporate Marketing, Foxit:

“AI Appreciation Day is more than a nod to clever algorithms – it’s a recognition that we’ve crossed a line. AI isn’t just something happening ‘out there’ anymore. It’s in our everyday workflows, our inboxes, our documents – and the businesses leaning into it are starting to pull ahead. You can feel the shift: the companies still managing documents manually are beginning to look like they’re moving in slow motion.

AI is giving knowledge workers a real advantage. It’s summarizing, redacting, translating, and understanding in seconds, instead of spending countless hours painfully combing through contracts, reports, or research papers. But, it’s about working smarter, with fewer mistakes and more confidence, not just working faster. In our space, the companies that are quietly embedding AI into the way people handle documents aren’t just future-proofing, they’re setting the new standard.”

Richard Copeland, CEO, Leaseweb USA

“Artificial Intelligence Appreciation Day is a reminder of just how quickly innovation can change the landscape of entire industries. However, despite the breakthroughs in large language models, computer vision, and real-time analytics, one foundational truth remains: none of it works without robust infrastructure. Too often, organizations get stuck investing time and capital into building physical environments when their real competitive edge lies in algorithm development and application design. For the most forward-thinking teams, I’m seeing a shift in mindset. They recognize that offloading the burden of physical infrastructure is critical in order to stay focused on what truly moves the needle: the models, the insights, and the end-user experience.

This approach does more than save time, it unlocks speed, agility, and experimentation. When AI teams can access scalable compute and storage exactly when needed without being hindered by procurement delays or legacy systems, they’re able to iterate faster and deploy smarter. A much shorter path from proof of concept to production is the result. Of course, in a competitive AI landscape, that agility is often the difference between a promising idea and a market-defining product. We’re entering an era where infrastructure is no longer a blocker. It’s a launchpad.”

Roger Brulotte, CEO, Leaseweb Canada:

“Artificial Intelligence Appreciation Day gives us a moment to pause and recognize not just the dazzling pace of AI innovation, but the quiet, powerful infrastructure that makes it all possible. As AI moves from curiosity to a critical business tool, we’ve watched the demands behind the scenes skyrocket. What once powered research labs now drives customer service, diagnostics, logistics, and more. Of course, progress at this pace presents significant challenges. Take the constant push to scale, meet regulatory demands, manage budgets, and deliver results. Add to that, an environment that never slows down. This is forcing organizations to take a moment to step back and ask a more thoughtful question: How do we grow in a way that’s not just fast, but smart, sustainable, and aligned with what we actually need?

This is where the real shift is happening… Forward-thinking teams are stepping back to focus on what really matters. In other words, they aren’t trying to wedge their workloads into inflexible systems. They’re seeking infrastructure that meets them where they are and grows with them. For some, that might look like adding more compute power right now. Still for others, it’s about tightening security or being ready to scale globally when the time comes. Bottom line, business and technology leaders are done chasing technical specs for their own sake. It’s time now to build environments that leave room to adapt, grow, and evolve with purpose. In an AI-powered world, that kind of flexibility is everything.”

1 Comment »

Hackers Impersonate CNN, BBC Sites to Promote Investment Scams

Posted in Commentary with tags , on July 16, 2025 by itnerd

Researchers from Malwarebytes have uncovered a large campaign impersonating news websites, such as those from CNN, BBC, CNBC, News24, and ABC News to promote investment scam:

Here’s how the scam works:

  1. The scammers buy ads on Google and Facebook, which follow a similar pattern along the lines of “Shocking: [Local Celebrity] backs new passive income stream for citizens!”
  2. If you click the link, you’ll be taken to a website that look like one of the major news outlets, and which will tell you about a breakthrough investment strategy.
  3. The article will encourage you to sign up for a program that will earn you money without having to lift a finger. You sign up by providing your name, email address, and phone number.
  4. A friendly advisor (scammer) calls you about the opportunity, referencing the article and explaining how it all works.
  5. You’ll be told that to start off you’ll have to make a small deposit (around $240) and then you will see your investment grow (on the fake trading platform).
  6. Your friendly advisor urges you to invest more to increase your return. And it keeps on growing, until you want to cash in when you’ll find there’s extra fees to pay, problems with account verifications, and all sorts of delays.
  7. When it dawns on you that you’ve been had, your entire investment and all the fees you paid are gone. Also gone is your friendly advisor who has sold your details to another scammer, to squeeze the last dollars out of the ordeal.

Erich Kron, Security Awareness Advocate at KnowBe4, commented:

“Trust is a big factor when deciding where to invest your hard-earned money, so bad actors work hard to find ways to trick us into believing what they offer is legitimate. The use of well-known and trusted national or global brands to promote their schemes is certainly a part of this, but they are also able to mimic local celebrities and then, using the targeted power of advertising on places like social media or Google, can really change the game.

“The advancement of tools such as AI for doing automated research into trusted people in local communities, then creating deepfakes using their likeness has really made this a serious threat. They will commonly fake investment sites that show huge returns on investments that you have made through them but are in reality just designed to get you to keep pumping money into these fictitious investments. A person may test the waters with $100, see that they’ve made $1000 from that, and be convinced into putting thousands more into the investment, only realizing it’s gone south when they try to get their money.

“It’s important for people to do research on any investments they are considering, and to carefully check the URLs of any websites they may consider investing with, and doing some research related to the investments they are pushing. Education is critical for people to avoid falling victim to these very crafty attackers.”

I tell people who ask me about how to avoid scams to treat everything and everyone with suspicion. That’s because scams have become so dangerous, you need a certain amount of paranoia to stay safe. And as Andy Grove wrote, just because you’re paranoid doesn’t mean that they’re not chasing you.

Leave a comment »

Guest Post: Uncovering Chinese Dark Web Syndicates and Money Mule Pipeline to Indian Banks

Posted in Commentary with tags on July 16, 2025 by itnerd

CloudSEK has released a groundbreaking whitepaper uncovering a sophisticated network of Chinese-operated illegal payment gateways exploiting India’s digital banking infrastructure. 

The report, titled Chinese-Operated Illegal Payment Gateways Exploiting & Laundering in the Indian Financial Network, reveals how transnational criminal syndicates are orchestrating a multi-billion-dollar shadow economy, laundering funds through illicit gateways that facilitate illegal gambling, Ponzi schemes, predatory lending, and digital fraud.

A Parallel Financial Ecosystem Threatening India’s Economy

India’s rapid digital transformation, powered by the Unified Payments Interface (UPI), has revolutionized financial access but also created vulnerabilities. CloudSEK’s research exposes how Chinese-led syndicates are exploiting these gaps, operating illegal payment gateways that bypass Reserve Bank of India (RBI) regulations. 

These gateways serve as the financial backbone for illicit operations, facilitating the movement of tainted money through a web of “mule” bank accounts to obscure its origins before exfiltrating it via cryptocurrency or hawala networks. (For More Information, Download Full Report)

Key findings include:

  • Massive Scale of Operations: A single fraudulent app analyzed by CloudSEK facilitated ₹166 crore in transactions across 398,675 transactions, involving 34,299 unique mule accounts in just 12 months. Extrapolating to an estimated 25 similar apps, the total laundered amount could reach ₹4,000–5,000 crore annually, with a daily volume of ₹10–15 crore.
  • Sophisticated Mule Recruitment: Criminals target vulnerable Indians—unemployed youth, students, and rural communities—through fraudulent apps, face-to-face agents, and “work-from-home” OTP-sharing scams to harvest bank accounts. These accounts are then integrated into advanced dashboards for large-scale money laundering.
  • Global Reach, Local Impact: 40+ countries involved in the illegal payment gateway network. The syndicates operate from Southeast Asia and the Mekong region, using mule accounts from India, Pakistan, Bangladesh, and beyond. Funds are laundered through dynamic UPI IDs, cryptocurrency (primarily USDT-Tether), and fake international trade, draining India’s economy and evading taxes.
  • Diverse Illicit Clients: The gateways serve illegal gambling platforms (e.g., Aviator crash games), Ponzi schemes, predatory lending apps, fake stock trading platforms, and digital arrest scams, charging transaction fees of 3–10% based on the risk level of the funds.
  • Tech-Enabled Deception: Over 100 Telegram channels promote these gateways, while YouTube tutorials with 37,200+ views guide fraudsters on integrating APIs. Shell companies pose as legitimate fintechs, using paid ads on Google, Facebook, and Instagram to whitewash their operations. (For More Information, Download Full Report)

Three-Tier Exploitation Model Uncovered

CloudSEK’s research identified three distinct categories of illegal payment gateway clients, each charged different fees based on risk levels:

  1. Gaming & Gambling Platforms (5% deposit, 3% withdrawal fees) – Including illegal casinos and betting apps like crash games
  2. Ponzi & Investment Schemes (7-8% deposit, 4-5% withdrawal fees) – Fake investment platforms promising unrealistic returns
  3. Mixed Scam Operations (10% deposit, 10% withdrawal fees) – Multi-source fraud including loan scams and crypto doubling schemes

The syndicates employ multiple recruitment strategies to acquire Indian bank accounts, including fraudulent mobile applications that request banking credentials and intercept OTP messages, face-to-face agents who target vulnerable populations with cash payments, and “work-from-home” schemes where individuals unknowingly serve as human OTP relays.

Technical Sophistication Rivals Legitimate Services

The illegal gateways operate with remarkable technical sophistication, featuring dynamic UPI infrastructure that generates unique QR codes for each transaction, full API integration allowing automated fund collection, global wallet access enabling multi-currency transactions, and comprehensive monitoring dashboards for real-time transaction management.

Once funds are collected, they undergo a complex layering process across 7-10 different mule accounts within minutes, making detection and tracing extremely difficult. The final stage involves exfiltrating laundered funds from India through cryptocurrency purchases, traditional hawala networks, or trade-based money laundering schemes.

Real-World Consequences for India

The implications of these findings are profound:

  • Economic Drain: The shadow economy siphons billions of rupees annually, weakening the Indian Rupee and depriving the government of tax revenue.
  • Financial System Integrity: The volume of fraudulent transactions overwhelms bank fraud detection systems, eroding public trust in digital payments.
  • Social Harm: Indian citizens are doubly victimized—first as targets of scams and then as unwitting money mules facing frozen accounts or legal repercussions.
  • National Security Risks: The infrastructure could fund activities against India’s interests, while massive data collection by fraudulent apps poses espionage risks.

Law enforcement actions validate CloudSEK’s findings: 

  • Hyderabad Police (2022): Uncovered ₹700+ crore money laundering operation with Chinese nationals operating from Dubai
  • Enforcement Directorate (2022-2023): Froze hundreds of crores across multiple investigations into predatory loan and gambling apps
  • Odisha EOW (2023): Revealed over 1,000 mule accounts used to launder ₹1,000+ crore from cyber-scams

The shadow banking system poses significant threats to India’s economic sovereignty, financial system integrity, and national security while victimizing countless citizens who become unwitting money mules.

We have already reported a total of ~47,000 mule accounts to both Public and Private sector banks since we began extracting and analyzing data from illicit mobile applications. These accounts collectively represent a transaction volume of around ₹250 crore. (For More Information, Download Full Report)

A Call to Action

CloudSEK urges immediate, coordinated action to dismantle these networks:

  • Banks and Fintechs: Deploy AI-powered monitoring to detect mule account patterns and strengthen KYC for corporate accounts.
  • Regulators: Enforce stricter fintech oversight and issue clear guidelines on mule account liability.
  • Law Enforcement: Build specialized cyber-financial crime units and pursue international cooperation to target syndicate leaders.
  • Tech Platforms: Enhance app vetting on Google and Apple stores to block fraudulent apps.
  • Public Awareness: Launch nationwide campaigns to educate citizens about the risks of sharing OTPs or “renting” bank accounts, emphasizing that acting as a money mule is a serious crime.

CloudSEK’s Commitment to Cybersecurity

“These illegal payment gateways are not just financial crimes; they’re a direct attack on India’s digital economy and citizen trust, Our research arms stakeholders with actionable intelligence to disrupt these networks and protect India’s financial sovereignty,” said Mayank Sahariya, Cyber Threat Analyst at CloudSEK.

“Financial institutions, regulators, and law enforcement agencies must move beyond reactive measures to proactive, intelligence-driven strategies. The window for action is narrowing as these networks continue to expand and sophisticate their operations,” Mayank Sahariya added.

CloudSEK continues to monitor these criminal networks and provide actionable intelligence to help financial institutions, regulators, and law enforcement agencies protect India’s digital economy and financial sovereignty.

Leave a comment »

« Older Entries
Newer Entries »