96 ‘mule accounts’ in one Delhi bank branch: Inside a cybercrime trail | Delhi News | #cybercrime | #infosec


The first clue that something was unusual was not a cyber fraud complaint, but a bank branch.

During Delhi Police’s Cyber Hawk operation in April, investigators identified 96 suspected mule accounts linked to a single private bank branch in Northeast Delhi, making it one of the biggest concentrations of suspected money-laundering accounts uncovered during the city’s crackdown on organised cybercrime.

Every cyber fraud needs somewhere for the money to go. Before it reaches overseas operators or cryptocurrency wallets, it usually passes through several “mule accounts” belonging to ordinary people who have either rented out their accounts for a commission or surrendered control of them without understanding how they would be used.

This Northeast Delhi branch became one such concentration point. And one of those 96 accounts belonged to a 30-year-old unemployed resident of northeast Delhi.

A ‘chance meeting’ at GTB Hospital

In March, while visiting his uncle, undergoing treatment for tuberculosis at GTB Hospital, the 30-year-old was approached by a stranger in his 40s who introduced himself as ‘Shiva’. Claiming that his mother was ill and that he urgently needed cash but could not withdraw money from his own account, the man requested help.

Trusting him, the 30-year-old allowed around Rs 30,000 to be transferred into his account. He withdrew Rs 25,000 from a nearby ATM — the maximum withdrawal limit — handed it over to the stranger, and added another Rs 5,000 from his own pocket.

Two days later, Shiva contacted him again, saying another Rs 24,000 had been transferred to his account “by mistake”. The man initially refused to return it if such transfers continued, but later met Shiva again at GTB Hospital and handed over the money.

Story continues below this ad

Weeks later, his bank account was frozen and he was detained after police said he was linked to two cyber fraud complaints from outside Delhi involving Rs 30,000 and Rs 24,000 — the same amounts that had passed through his account.

Police said the man later admitted he had accepted Rs 2,500 as commission for allowing the transactions, although he maintained he did not know the money was linked to cyber fraud.

After completing legal formalities, he was bound down and released.

The man lives in Northeast Delhi with his wife and their two-and-a-half-year-old son. He studied up to Class X and earlier sold mobile phone chargers in Chandni Chowk until the Covid-19 pandemic disrupted his livelihood. He later drove a battery-operated rickshaw and has now been surviving on occasional daily-wage work.

Story continues below this ad

How vulnerable people are recruited

Investigators said his experience matches a pattern they have repeatedly seen.

Police said cyber financial fraud typically operates in two parts — one that cheats victims and another that manages and launders the stolen money.

A key role is played by facilitators — several of them are unemployed — recruited through platforms such as Telegram, Signal and Instagram.

Police said they provide bank accounts to cyber criminals and help launder the proceeds through hawala channels: The money is withdrawn from the banking system, handed over to hawala operators in cash, and ultimately settled through cryptocurrency transactions, particularly using USDT.

Story continues below this ad

To set up ‘mule accounts’, facilitators identify unemployed youth, daily wage labourers and financially distressed individuals in their localities and persuade them to let their bank accounts be used.

Some account holders knowingly rent out their accounts for a commission of 2-3% of the money routed through them. They hand over their SIM cards, banking credentials and account access altogether in exchange for a fixed monthly payment, allowing the accounts to be operated remotely.

Others are falsely told the transactions relate to online gaming or investment activities.

In this case, police said the facilitator. ‘Shiva’, allegedly paid the 30-year-old Rs 2,500 for allowing Rs 54,000 of suspected fraud proceeds to pass through his account.

Story continues below this ad

How police traced the branch

Meanwhile, a probe was launched into the bank’s activities.

Deputy Commissioner of Police (Northeast) Rahul Alwal constituted a special team led by Inspector Rahul Kumar of the Cyber Police Station and Inspector Vijay Kumar to investigate the network under Cyber Hawk.

Using complaint data from the National Cyber Crime Reporting Portal (NCRP), transaction analysis and other digital intelligence, investigators identified 96 suspected mule accounts linked to the private bank branch.

They also found two complaints from outside Delhi linked to the 30-year-old’s account and discovered that the digital credentials used to access it originated from Tamil Nadu. Teams sent there found linked bank accounts that had allegedly been opened using fake Aadhaar cards.

Story continues below this ad

Investigators also found several accounts opened using fake addresses and forged documents. A case has been registered under Sections 112(2) and 318(4) of the Bharatiya Nyaya Sanhita.

Why did one branch have so many mule accounts?

The concentration of suspected mule accounts in a single branch raised immediate questions for investigators.

Police said bank officials claimed the branch was authorised to open accounts online, a facility available at select branches nationwide, allowing customers to open accounts remotely without visiting the branch.

Investigators then looked at whether insiders had knowingly facilitated account openings, whether the online onboarding process had weakened customer verification, or whether fake Know Your Customer (KYC) documents had bypassed checks.

Story continues below this ad

However, no evidence has yet emerged establishing the involvement of any bank official, police said, adding that the investigation is ongoing.

Delhi Police has now written to the bank, recommending changes in its online account-opening process and seeking mandatory physical verification of customers.

The trail doesn’t end with ‘Shiva’

Police have so far been unable to identify or locate the man who introduced himself as ‘Shiva’.

“We tried to identify the person who transferred the money to the 30-year-old, but the mobile number used had been obtained using fake documents. Our team is still working to trace the chain. He identified himself as ‘Shiva’, though that name could also be fake,” the officer said.

Story continues below this ad

The only clue they have? The 30-year-old told police that Shiva’s accent sounded South Indian.





Click Here For The Original Source.

——————————————————–

..........

.

.

National Cyber Security

FREE
VIEW