Key Points
- Bureau mapped 256 fraud clusters across 45,000 accounts analysed
- Around 9,000 devices linked to coordinated suspicious marketplace activity
- Only 0.95% users drove disproportionate share of anomalous behaviour
The organised fraud networks are increasingly targeting e-commerce marketplaces, with misuse of cashback offers, referral incentives, return policies and cash-on-delivery models becoming more structured and automated, according to a latest study.
The findings are based on an analysis of 70 million e-commerce users over a 10-day period conducted by online risk management firm Bureau.
EVENT
VeeamON 2026 Tour India – Mumbai
A VeeamON 2026 India Leadership Series Mumbai for senior public sector and government technology leaders.
Register Now →
EVENT
Cyber Surakshit Uttar Pradesh
Find out strategies, frameworks and solutions for building a resilient and secure digital ecosystem across Uttar Pradesh.
Register Now →
EVENT
VeeamON 2026 Tour India – Bengaluru
A VeeamON 2026 India Leadership Series Bengaluru for senior public sector and government technology leaders.
Register Now →
EVENT
VeeamON 2026 Tour India – Delhi
A VeeamON 2026 India Leadership Series Delhi for senior public sector and government technology leaders.
Register Now →
EVENT
Infosec Reimagined
Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.
Register Now →
EVENT
Digital Senate
Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.
Register Now →
EVENT
CIO Prism
CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.
Register Now →
According to the study, one in six risky devices was linked to more than 10 accounts, a pattern the company said could indicate device farms used to run multiple fake or coordinated accounts.
Bureau said it mapped 256 clusters comprising around 45,000 accounts operating across about 9,000 devices during the review period.
The company described device farms as an operational backbone for fraud networks, allowing multiple phones or devices to be controlled together to switch rapidly between accounts.
This infrastructure is used for promo and referral abuse through repeated creation of accounts to claim incentives, and also to identify accounts with stored payment instruments or linked wallets for potential financial fraud, it said.
The study also flagged behavioural anomalies. In one instance, an account logged in from Gujarat and Bengaluru within 30 minutes, while another was active across 70 locations, patterns the company said were consistent with automated activity.
“Promo abuse isn’t petty theft. It’s industrialised,” Bureau founder and CEO Ranjan Reddy said, adding that fraud operations were increasingly cross-platform in nature.
Advertisement
The report said such activity was concentrated in Delhi, Bengaluru and Noida, where some platforms recorded up to 15 times the typical share of users operating multiple accounts.
It also pointed to return abuse, where fraudsters allegedly order high-value goods and return counterfeit items, empty packages or reject deliveries.
According to Bureau, only 0.95 per cent of users showed anomalous behaviour, but this segment accounted for a disproportionate share of suspicious activity.
The company said its intelligence network covers more than 100 enterprises across banking, fintech, e-commerce, insurance and gaming, monitoring nearly 300 million devices daily.
