French Freelancer Fintech Accounts Exploited for Large-Scale Money Laundering Cybercriminals are increasingly hijacking French freelancer fintech accounts to launder stolen funds at high speed, often moving money within minutes before banks or victims detect the fraud. Platforms like Revolut, Wise, and N26 designed for fast onboarding, light-touch KYC, and instant SEPA transfers have become prime targets due to their business-level payment capabilities, despite being tied to individual users. In 2024, credit transfer fraud in the European Economic Area (EEA) reached €2.5 billion, with victims absorbing roughly 85% of losses. These accounts are more attractive to criminal networks than standard consumer accounts, as they enable cross-border transfers and payment processing under the guise of legitimate business activity. ### Industrial-Scale Mule Account Operations Fraudsters acquire verified freelancer accounts through a sophisticated, multi-stage process: - Identity Harvesting: Phishing sites and fake financial services (e.g., bogus mortgage portals) collect real French personal data. - SIM Farm Infrastructure: Criminals use SIM modem farms to generate French IP addresses and phone numbers, rotating connections to evade detection. - Social Engineering KYC: Victims are tricked into completing verification, making the process appear compliant to fintech platforms. - Account Handoff: Once verified, accounts are transferred to fraud rings via mobile apps, creating distinct device profiles in telemetry. Dark web markets, including the ASGARD network and actor @astarta_seller1, specialize in selling these accounts, with premium French freelancer profiles fetching $450–$700. France is the primary target, followed by Germany, Spain, Italy, Poland, and the UK. ### Detection Challenges & Broader Impact The fraud ecosystem exploits gaps in point-in-time checks, as each stage of the process sign-up, KYC, and login appears legitimate in isolation. Effective defense now requires linking signals across the full account lifecycle, including infrastructure, subnet continuity, and cross-account connections. The 2025 EBA/ECB Payment Fraud Report highlights the rapid growth of credit transfer fraud, driven by the abuse of instant payment rails. For risk and compliance teams, freelancer fintech accounts must be monitored as part of broader fraud networks, not just individual users.

Fraud Networks Exploit Fintech Platforms in France to Launder Stolen Funds Organized fraud networks in France are deploying a sophisticated scheme to launder stolen money through fake business accounts on freelancer fintech platforms like Revolut, Wise, and N26. These platforms, designed for fast account openings and seamless transactions, have become prime targets due to their business-grade payment infrastructure, including SEPA transfers and invoicing. The operation, tracked as "Bastardaseller" part of the larger ASGARD fraud network specializes in creating and selling verified European business accounts on dark web marketplaces for $200 to $1,000 each. These accounts, known as mule accounts, enable fraudsters to move funds rapidly via instant payment rails, often before detection. In France, nearly 1 in 5 sign-up users was identified as a mule account, with the true scale likely higher. The scheme operates in three phases: 1. Phishing for PII – Fraudsters run phishing campaigns, such as fake mortgage consultation services, to collect victims' personal data. 2. Account Registration – Stolen PII is used to open accounts, with operators masking their location using SIM modem farms to generate French IP addresses and phone numbers. 3. Operational Handover – Once KYC is completed, control shifts to the fraud network via mobile apps, with subnet continuity linking the new login to the original sign-up infrastructure. According to the EBA-ECB Joint Report on Payment Fraud, credit transfer fraud losses in the European Economic Area reached $2.5 billion in 2023, a 25% increase from the previous year, with mule accounts as the primary driver. Detection remains challenging, as the fraud only becomes visible when analyzing the full account lifecycle rather than isolated transactions. Fintech platforms are urged to monitor MVNO IP addresses, sign-up velocity patterns, and device downgrades between KYC and operational phases to disrupt these networks. The attack underscores the growing threat of structured fraud operations exploiting digital financial services.

Cybercriminals Exploit French Fintech Platforms to Launder Stolen Funds Across Europe A sophisticated cybercrime operation is leveraging freelancer-focused fintech platforms in France to create verified mule accounts, facilitating the movement of stolen money across Europe. Research from Group-IB reveals that services like Revolut, Wise, and N26 popular for their fast onboarding and business-grade tools have become prime targets for fraud networks due to their ease of use and cross-border transfer capabilities. Criminals exploit the hybrid nature of these accounts, which combine personal identity verification with business-like functionality, allowing them to appear legitimate while rapidly transferring illicit funds. Verified mule accounts are sold on dark web markets for $300 to $700 each, often with escrow guarantees and replacement policies, underscoring the professionalization of the scheme. The operation follows a multi-stage process, beginning with phishing attacks that harvest victims’ personal data. One tactic involved fake mortgage advice sites, tricking users into submitting sensitive information later used to open fintech accounts. Once established, these accounts serve as conduits for stolen funds, complicating recovery efforts due to instant payment rails. The financial impact is severe: credit transfer fraud losses in the European Economic Area (EEA) reached €2.5 billion in 2024 a 24% increase from the previous year with end users bearing 85% of the costs. Group-IB’s findings highlight the scale of the problem, estimating that nearly 1 in 7 business account sign-ups in France may be fraudulent. The scheme is linked to organized cybercrime groups, including the ASGARD Network, with one actor, @astarta_seller1, actively advertising verified European accounts on underground forums. French entrepreneur accounts are particularly prized, commanding premium prices and indicating a targeted, high-volume operation. Many mule accounts likely remain undetected, posing an ongoing threat to financial security.