Evolving Mule Tactics in the META Region Banking Sector

This report analyzes an evolving, multi-stage mule-fraud campaign against retail banks in the META region, documenting stages from simple IP masking to advanced techniques such as roaming eSIMs, Starlink obfuscation, GPS spoofing, SIM removal, credential handoffs, and physical shipment of preconfigured devices; it also provides detection indicators (GPS/IP/SIM mismatches, behavioral biometric shifts, device reuse) and a set of pragmatic, layered defenses including device telemetry fusion, ML-based behavioral biometrics, enhanced KYC, and threat intelligence sharing.