Cybercrime on Inactive E-commerce Platforms
Digital Fraud Exploiting Dormant E-commerce Accounts
Digital fraud has shifted its focus from exploiting sensitive data to targeting dormant e-commerce accounts. Experts warn that inactive profiles on platforms like Amazon and Flipkart can be quietly used for unauthorized purchases, loyalty point abuse, refund fraud, and mule account activity without raising immediate suspicions.
Susceptible Profiles
E-commerce profiles often continue to store card details or other payment methods, making them attractive targets for fraudsters. When users stop checking their accounts regularly, they become vulnerable to unauthorized transactions. Unlike financial transactions, which leave a visible trail and trigger alerts, suspicious activity through e-commerce accounts often goes unnoticed due to their relative invisibility.
Methods Used by Fraudsters
- Leaked passwords
- Phishing attacks
- Malware
- SIM swap techniques
- Device farming
Experts’ Views
According to Venkat Srinivasan, Chief Analytics and Risk Officer at Bureau, unlike Unified Payments Interface (UPI), which is linked to a SIM, e-commerce platforms do not operate in the same way and can be used even without the app being present on the user’s phone.
Capt Praveen Dahiya, Founder and Managing Director of InQuest Global, states that these remain among the most common entry points into such compromised profiles.
Device Farming
Device farming involves the large-scale use of mobile devices, SIM cards, and automation tools to mimic genuine consumer activity online. This allows fraudsters to control dozens, and sometimes hundreds, of accounts at the same time, switching between them at speeds no individual user could match.
Prevention Measures
E-commerce companies need to introduce stronger safeguards for inactive accounts, including periodic password resets and wider use of multi-factor authentication. Platforms should build mechanisms that require users of dormant accounts to reset passwords every few months to reduce the risk of account takeover. They should also develop systems to alert users to unusual buying activity and disable default payment methods where necessary.
Conclusion
As online commerce expands and fraud methods grow more sophisticated, such steps are becoming increasingly urgent. Amazon, Flipkart, and Meesho declined to comment on the issue, but experts argue that digital commerce is creating new vulnerabilities, and dormant consumer accounts may become one of the most quietly vulnerable points in the broader fraud landscape.