Dormant e commerce accounts are emerging as a fresh target for digital fraud, with experts warning that inactive user profiles on platforms such as Amazon and Flipkart can be quietly exploited for unauthorised purchases, loyalty point abuse, refund fraud and mule account activity without drawing immediate attention.
Why Inactive Accounts Are Easy Targets
Unlike financial transactions, which usually leave a visible trail and trigger alerts through messages or banking notifications, suspicious activity through e commerce accounts often goes unnoticed. That relative invisibility makes such accounts easier targets for fraudsters, especially when users have stopped checking them regularly.
Experts said e commerce profiles often continue to store card details or other payment methods. Once compromised, these accounts can be used for unauthorised transactions without the sort of immediate suspicion that typically follows direct bank fraud. Venkat Srinivasan, chief analytics and risk officer at Bureau, said that unlike UPI, which is linked to a SIM, e commerce platforms do not operate in the same way and can be used even without the app being present on the user’s phone.
The warning reflects a wider shift in cyber fraud, where attackers are moving beyond direct banking scams and increasingly targeting digital accounts that still hold payment value but attract less scrutiny from their owners.
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
Leaked Passwords and Device Farming Fuel Access
Experts said fraudsters typically gain access to dormant accounts through leaked passwords, phishing attacks, malware or SIM swap techniques. Capt Praveen Dahiya, founder and managing director of InQuest Global, said these remain among the most common entry points into such compromised profiles.
A SIM swap, according to the explanation cited from SentinelOne, allows cybercriminals to take control of a victim’s phone number by convincing a mobile carrier to transfer that number to a SIM card under their control. That access can then be used to intercept SMS based authentication codes and reset passwords.
The fraud is also being carried out at scale through what experts described as device farming. This involves the large scale use of mobile devices, SIM cards and automation tools to mimic genuine consumer activity online. Experts said the method allows fraudsters to control dozens, and sometimes hundreds, of accounts at the same time, switching between them at speeds no individual user could match. Dormant accounts are seen as especially vulnerable in such operations because their owners are less likely to detect unusual activity quickly.
Platforms Urged to Tighten Security Controls
Experts said e commerce companies need to introduce stronger safeguards for inactive accounts, including periodic password resets and wider use of multi factor authentication. Sachin Yadav, partner at Deloitte India, said platforms should build mechanisms that require users of dormant accounts to reset passwords every few months in order to reduce the risk of account takeover.
He also said companies should develop systems to alert users to unusual buying activity and disable default payment methods where necessary. Such steps, experts argue, are becoming more urgent as online commerce expands and fraud methods grow more sophisticated.
Amazon, Flipkart and Meesho declined to comment on the issue, according to the report. But the warning from analysts is clear: as digital commerce deepens its reach, inactive consumer accounts may become one of the most quietly vulnerable points in the broader fraud landscape.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
