A new cybercrime investigation from Group-IB reveals how stolen money is being routed through verified fintech accounts in France, turning legitimate digital banking tools into large-scale money laundering infrastructure.
Platforms popular with freelancers and small businesses—such as Revolut, Wise, and N26—are now being exploited by organized fraud groups to move illicit funds across Europe with speed and legitimacy.
At the center of this scheme is a growing problem:
Verified fintech accounts being used as mule accounts for cybercrime operations.
What Are Mule Accounts?
A mule account is a bank or fintech account used to:
- Receive stolen funds
- Move money across borders
- Obscure the origin of illegal transactions
In this new scheme, attackers are no longer relying on random stolen accounts.
Instead, they are using:
👉 Fully verified freelancer and micro-business fintech accounts
Why Fintech Accounts Are Being Targeted
Modern fintech platforms offer:
- Fast remote onboarding
- Cross-border payments (SEPA transfers)
- Business invoicing tools
- Digital identity verification
These features make them ideal for legitimate users—but also highly attractive for criminals.
The key problem:
A freelancer account often appears:
✔ Legitimate
✔ Verified
✔ Business-grade
✔ Low-risk to banks
👉 Making it perfect for laundering stolen funds.
How the Cybercrime Scheme Works
Multi-Stage Fraud Pipeline
Data Theft → Identity Fraud → Fintech Account Creation → Money Laundering → Cross-Border Cashout
Step 1: Data Theft via Phishing
Criminals first collect victim data using fake websites.
Example tactics include:
- Fake mortgage advisory pages
- Fake financial service portals
- Social engineering forms
Victims unknowingly provide:
- Names
- Addresses
- Identity documents
- Contact details
Step 2: Account Creation Using Stolen Identities
Using stolen data, criminals open:
- Freelancer fintech accounts
- Micro-business accounts
- Verified digital banking profiles
These accounts pass basic KYC checks due to:
- Real identity data
- Plausible business profiles
- Automated onboarding systems
Step 3: Money Laundering Through Fintech Rails
Once active, these accounts:
- Receive stolen funds
- Transfer money across borders instantly
- Split transactions to avoid detection
Step 4: Rapid Cash-Out
Funds are:
- Routed through multiple accounts
- Converted or withdrawn quickly
- Dispersed across jurisdictions
👉 Recovery becomes extremely difficult due to speed and fragmentation.
The Dark Web Marketplace Behind It
Group-IB reports that verified mule accounts are being sold for:
💰 $300–$700 per account
These listings often include:
- Replacement guarantees
- Escrow protection
- Regular stock updates
The Scale of the Problem
The financial impact is already significant.
Key statistics:
- €2.5 billion lost to credit transfer fraud in 2024 (EEA)
- 24% year-over-year increase
- 85% of losses borne directly by end users
Even more alarming:
👉 Nearly 1 in 7 fintech business account sign-ups in France was flagged as fraudulent in analysis.
Criminal Ecosystem Behind the Scheme
One actor linked to the operation:
- Uses aliases on cybercrime forums
- Tied to the ASGARD Network
- Specializes in European verified accounts
This is not random fraud—it is a structured criminal service economy.
Why This Fraud Model Works So Well
1. Trust in Fintech Platforms
Users and banks trust verified fintech onboarding systems.
2. Fast Payment Infrastructure
Instant transfers leave little time for intervention.
3. Cross-Border Complexity
Funds move across multiple EU jurisdictions rapidly.
4. Identity Reuse
Stolen identities can pass KYC checks easily.
Real-World Impact
This scheme leads to:
- Stolen savings and business funds
- Compromised identity records
- Cross-border financial tracing complexity
- Increased fraud investigation costs
Common Misconceptions
❌ “Fintech platforms are unsafe”
Fintech platforms are not insecure—but they are highly abused due to speed and accessibility.
❌ “KYC prevents fraud”
KYC reduces risk but cannot fully stop identity-based account fraud.
❌ “Only banks are targeted”
Fintech platforms are now primary laundering infrastructure, not secondary tools.
Mitigation Strategies
1. Strengthen Identity Verification
- Enhanced biometric checks
- Document validation improvements
- Fraud pattern detection
2. Monitor Account Behavior
Flag:
- Rapid fund movement
- High-frequency cross-border transfers
- Unusual transaction patterns
3. Device and Network Fingerprinting
Detect:
- Multiple accounts from same device
- VPN or proxy abuse
- Suspicious onboarding clusters
4. Transaction Velocity Controls
- Limit instant outbound transfers for new accounts
- Introduce cooling periods for high-risk activity
5. Dark Web Monitoring
Track:
- Mule account marketplaces
- Fraud group activity
- Account resale patterns
Expert Insight: Fintech Is the New Laundering Layer
This trend highlights a major shift in cybercrime:
Fraud is no longer about breaking into banks—it’s about abusing legitimate financial infrastructure at scale
Criminal groups now treat fintech platforms as:
- Identity verification engines
- Payment routing networks
- Money laundering pipelines
FAQs
What is a mule account?
A mule account is used to receive and transfer stolen money for criminals.
Why are fintech accounts targeted?
They are fast, easy to open, and support cross-border payments.
How are accounts created?
Using stolen identity data obtained via phishing and fraud.
What is the financial impact?
Billions of euros in annual fraud losses across Europe.
Can fintech fraud be prevented?
It can be reduced with stronger KYC, monitoring, and behavioral analytics.
Is this limited to France?
No, but France is a major focus in this specific campaign.
Conclusion: Fraud Is Now a Financial System Exploit
The French fintech mule account scheme shows how cybercriminals are evolving:
They are no longer just stealing money—they are weaponizing financial infrastructure itself
Key Takeaways:
- Verified fintech accounts are being used as mule infrastructure
- Identity theft fuels large-scale laundering operations
- Speed of fintech payments increases fraud impact
- Detection gaps are being exploited at scale
