Operation Mule Hunt 2.0: How Ordinary Bank Accounts Became India's Biggest Cybercrime Weapon
Introduction
The recent investigation of Patan Cyber Crime Police as part of Operation Mule Hunt 2.0 reveals the sheer scale and intricacy of India's burgeoning cyber fraud economy. Police found that a total of 13 current accounts were being operated at a cooperative bank in the Patan district of Gujarat and used for siphoning 398.43 crore of cyber fraud transaction data on 228 cybercrime cases across states. Further investigations against 14 current account holders and intermediaries show the indispensability of mule accounts in laundering criminal money. The recent incident cannot be taken as isolated; the story points at a formalised and industrialised fraud economy with a robust banking infrastructure, a growing payment gateway, and complex networks.
What Is a Mule Account and Why Should You Care?
The term "mule account" is benign but plays a critical role in modern cybercrime networks. The Reserve Bank of India defines a mule account as a bank account that serves as a vehicle to transfer money proceeds from unlawful transactions and can be operated by people coerced by the prospect of high earnings or by way of inducement.
This mechanism can be witnessed through the investigation of the Patan cybercrime incident, where an investor can be defrauded by a fake investment website, employment fraud, or a digital arrest scheme. After transactions from the victim account, funds would quickly flow into the mule account, which would be held by a legitimate KYC customer. These transactions would then be passed on, between 1 lakh and 5 lakh transactions within hours, to multiple accounts as alleged by the Indian Cyber Crime Coordination Centre (I4C) before they get difficult to trace by being passed through informal channels or converted to cryptocurrency.
In the Patan case, it is alleged that the middlemen enticed locals and offered commissions to open firms and current accounts at Harij Nagrik Sahakari Bank and subsequently gave up their ATM cards, checkbooks, SIMs, and net banking facilities to the operators of the account. It is estimated that such accounts channeled an amount of 398.43 crore to 228 Indian cybercrime cases.
The Scale of India's Mule Account Crisis
The scale of the mule account ecosystem is reflected in India's rapidly worsening cybercrime statistics. As of data from the National Cyber Crime Reporting Portal (NCCRP), a total of 22.68 lakh complaints were registered in 2024, a jump by 42% from 2023. This was not even half the rate of financial loss, which jumped by 206% in 2023 (22,845 crore) and stood at 22,495 crore in 2025 (complaints jumped to 28.15 lakh). The increase in fraudulent transactions therefore outweighs the stability in financial losses significantly.
Mule accounts are the backbone of this crime network. To curb this phenomenon, the Indian Cyber Crime Coordination Centre (I4C) launched a Suspect Registry along with Indian banks and financial institutions in September 2024. 24.67 lakh accounts of suspected mules were identified in this, preventing over 8,031 crore in fraudulent transactions. Despite these efforts, a recent statement from the ED found over 12,000 crore being routed via mule accounts, shell firms, and cryptocurrency.
This isn't isolated to certain banks. 2024 alone saw over 65,000 mule accounts detected in Karnataka. By analyzing the Citizen Financial Cyber Frauds Reporting and Management System, about 40,000 such accounts were detected in SBI branches, and thousands more were detected across the PNB, Canara Bank, Kotak Mahindra Bank, and Airtel Payments Bank. The Patan case also clearly highlights that cooperative banks' lack of compliance and lower levels of transaction-monitoring systems contribute to easily creating and using mule accounts.
Operation Mule Hunt: Gujarat's Coordinated Offensive
This bust in Patan is just one manifestation of a much wider coordinated effort by the state government. Operation Mule Hunt 1.0, which ran from November to December 2025 across the state of Gujarat, was a month-long campaign by Gujarat Police's Cyber Centre of Excellence (CCOE) that unearthed 2,289 crore of fraudulent transactions, led to the registration of 565 FIRs, arrest of 638 accused, and impounding of 913 mule accounts with connections to over 4,000 cases of cybercrime nationwide.
This was followed up with the second installment of the operation, which was kicked off in all districts of Gujarat in 2026. The two-week campaign, which began across the state on January 8 this year, resulted in the Surat City Police alone arresting 77 people and uncovering close to 23.85 crore in fraudulent transactions. In what looks like one of the single largest single-district bust-ups in the operation, the Patan incident itself, with a staggering 398.43 crore routed through only 13 accounts, is remarkable.
The extraordinary nature of the operation is seen in the intelligence capabilities that drove it. It wasn't that police accidentally stumbled upon the Patan network; they worked back on it. After using data from the union government’s inter-agency platform, SAMANVAYA, a coordination platform for data on cybercrimes and the NCCRP, they traced suspicious clusters of transactions in the Harij Nagrik Sahakari Bank accounts to build a chain of evidence connecting the accountholders to the middlemen and, from the middlemen, to the whole ring of fraud. Twenty accused have been chargesheeted under the Bharatiya Nyaya Sanhita (BNS), and fourteen have been arrested, while six are still absconding.
The Human Cost Nobody Talks About
Behind every crore of scam money lies a real person who actually lost the real money. Of the 75%+ fraud losses incurred in 2025, 75% are from investment scams alone. Victims of stock trading scams lost ₹4,636 crore, spread across 2.28 lakh complaints filed in 2024. "Digital arrest" scams, in which fraudsters posing as law enforcement officials psychologically blackmail the victims to transfer money, claimed ₹2,576 crore between 2022 and the first quarter of 2025.
For the victims it's never about the money: it's the retired teacher's lifetime savings from Chhattisgarh, the small trader's capital from Rajkot, the emergency money of the Bhopal family, or just savings from an ordinary person. And the mule accounts' networks are why most of it is never retrieved. Once the money is thrown into the layering chain, it's exponentially more difficult to trace it after every jump.
Then there's another category of victims that often gets overlooked, and they are the mule account holders themselves, many being semi-literate people from semi-urban or rural backgrounds approached with ₹10,000 in commission and with no awareness about the legalities of lending their bank details. With the BNS now they stand to get convicted for grave crimes, but the awareness of this trap is very low.
Recommendations and Suggestions
This isn't something India is facing passively. I4C, along with RBI, has developed Mule Account Hunter software. This software can be used by banks for the detection of suspect accounts through the use of behavioral analysis, device intel, and transaction pattern recognition. The Union Home Minister has directly asked all cooperative banks across the country to adopt this software at the earliest. Failure to do so, he warned, would make consumer safety from cyber fraud incomplete.
Apart from technology, three other areas need to go hand in hand: stringent KYC enforcement for cooperative and small finance banks; the prime locations of the mule recruitment network; greater awareness for the masses regarding the criminal liability one takes up when lending their accounts; and efficient inter-agency coordination so that the intelligence gathered on platforms like SAMANVAYA is converted into arrests before the accounts are dumped and the network reforms in another location.
Operation Mule Hunt 2.0 proves that this is feasible. 13 accounts in a small district of Gujarat. 398 crore. 228 victims. 14 arrested. The pipeline did exist, and it has been broken.
Yet, even as one network is broken, another is forming, somewhere right now. The accounts will appear legitimate. The holders of these accounts may not even realize what they have got into. That is the true danger of the mule accounts and work that cannot stop.
Conclusion
The Patan investigation has clearly shown that mule accounts have now moved from being a subsidiary tool of financial crime to becoming the infrastructure that underpins the economy of cyber-fraud in India. Every financial fraud, including investment fraud, digital arrest fraud, and phishing scams, is backed by a string of real bank accounts where the proceeds of crime are transferred and the trail is obscured. Though attempts such as the I4C Suspect Registry have made attempts to break down this network, it remains an overwhelming task. Robust KYC norms, real-time monitoring of transactions, and coordination between banks, police, and regulators are the key in preventing further industrialisation of cyber financial fraud in India.
References
- https://timesofindia.indiatimes.com/city/ahmedabad/operation-mule-hunt-2-0-gujarat-
- police-bust-rs-398-43-crore-cyber-fraud-14-held/articleshow/131594240.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst
- https://the420.in/india-cybercrime-2024-42-percent-spike-sims-imei-mule-accounts/
- https://www.thehansindia.com/news/national/ed-explains-how-mule-accounts-and-crypto-networks-enabled-12000-crore-cyber-fraud-1047606
- https://www.zigram.tech/article/mule-accounts-tier-1-tier-2-cities-india/
- https://risk.lexisnexis.com/global/en/insights-resources/article/stopping-money-mules-in-india
- https://timesofindia.indiatimes.com/city/ahmedabad/operation-mule-hunt-2-0-gujarat-police-bust-rs-398-43-crore-cyber-fraud-14-held/articleshow/131594240.cms
Related Blogs
![Securing Digital Banking: RBI Mandates Migration to [.]bank[.]in Domains](https://cdn.prod.website-files.com/64b94adadbfa4c824629b337/6818602cfbcc953fcae859a1_POLICY%20TEAM%20COVER%20PAGES%20-21%20(1).webp)
Introduction
The Reserve Bank of India (RBI) has mandated banks to switch their digital banking domains to 'Bank.in' by October 31, 2025, as part of a strategy to modernise the sector and maintain consumer confidence. The move is expected to provide a consistent and secure interface for online banking, as a response to the increasing threats posed by cybercriminals who exploit vulnerabilities in online platforms. The RBI's directive is seen as a proactive measure to address the growing concerns over cybersecurity in the banking sector.
RBI Circular - Migration to '.bank.in' domain
The official circular released by the RBI dated April 22, 2025, read as follows:
“It has now been decided to operationalise the ‘. bank.in’ domain for banks through the Institute for Development and Research in Banking Technology (IDRBT), which has been authorised by National Internet Exchange of India (NIXI), under the aegis of the Ministry of Electronics and Information Technology (MeitY), to serve as the exclusive registrar for this domain. Banks may contact IDRBT at sahyog@idrbt.ac.in to initiate the registration process. IDRBT shall guide the banks on various aspects related to application process and migration to new domain.”
“All banks are advised to commence the migration of their existing domains to the ‘.bank.in’ domain and complete the process at the earliest and in any case, not later than October 31, 2025.”
CyberPeace Outlook
The Reserve Bank of India's directive mandating banks to shift to the 'Bank.in' domain by October 31, 2025, represents a strategic and forward-looking measure to modernise the nation’s digital banking infrastructure. With this initiative, the RBI is setting a new benchmark in cybersecurity by creating a trusted, exclusive domain that banks must adopt. This move will drastically reduce cyber threats, phishing attacks, and fake banking websites, which have been major sources of financial fraud. This fixed domain will simplify verification for consumers and tech platforms to more easily identify legitimate banking websites and apps. Furthermore, a strong drop in online financial fraud will have a long-term effect by this order. Since phishing and domain spoofing are two of the most prevalent forms of cybercrime, a shift to a strictly regulated domain name system will remove the potential for lookalike URLs and fraudulent websites that mimic banks. As India’s digital economy grows, RBI’s move is timely, essential, and future-ready.
References
.webp)
Introduction
The Indian government has introduced initiatives to enhance data sharing between law enforcement and stakeholders to combat cybercrime. Union Home Minister Amit Shah has launched the Central Suspect Registry, Cyber Fraud Mitigation Center, Samanvay Platform and Cyber Commandos programme on the Indian Cyber Crime Coordination Centre (I4C) Foundation Day celebration took place on the 10th September 2024 at Vigyan Bhawan, New Delhi. The ‘Central Suspect Registry’ will serve as a central-level database with consolidated data on cybercrime suspects nationwide. The Indian Cyber Crime Coordinating Center will share a list of all repeat offenders on their servers. Shri Shah added that the Suspect Registry at the central level and connecting the states with it will help in the prevention of cybercrime.
Key Highlights of Central Suspect Registry
The Indian Cyber Crime Coordination Centre (I4C) has established the suspect registry in collaboration with banks and financial intermediaries to enhance fraud risk management in the financial ecosystem. The registry will serve as a central-level database with consolidated data on cybercrime suspects. Using data from the National Cybercrime Reporting Portal (NCRP), the registry makes it possible to identify cybercriminals as potential threats.
Central Suspect Registry Need of the Hour
The Union Home Minister of India, Shri Shah, has emphasized the need for a national Cyber Suspect Registry to combat cybercrime. He argued that having separate registries for each state would not be effective, as cybercriminals have no boundaries. He emphasized the importance of connecting states to this platform, stating it would significantly help prevent future cyber crimes.
CyberPeace Outlook
There has been an alarming uptick in cybercrimes in the country highlighting the need for proactive approaches to counter the emerging threats. The recently launched initiatives under the umbrella of the Indian Cyber Crime Coordination Centre will serve as significant steps taken by the centre to improve coordination between law enforcement agencies, strengthen user awareness, and offer technical capabilities to target cyber criminals and overall aim to combat the growing rate of cybercrime in the country.
References:
.webp)
Introduction
India's broadcasting sector has undergone significant changes in recent years with technological advancements such as the introduction of new platforms like Direct-to-Home (DTH), Internet Protocol television (IPTV), Over-The-Top (OTT), and integrated models. Platform changes, emerging technologies and advancements in the advertising space have all necessitated the need for new governing laws that take these developments into account.
The Union Government and concerned ministry have realised there is a pressing need to develop a robust regulatory framework for the Indian broadcasting sector in the country and consequently, a draft Broadcasting Services (Regulation) Bill, 2023, was released in November 2023 and the Union Ministry of Information and Broadcasting (MIB) had invited feedback and comments from different stakeholders. The draft Bill aims to establish a unified framework for regulating broadcasting services in the country, replacing the current Cable Television Networks (Regulation) Act, 1995 and other policy guidelines governing broadcasting.
Recently a new draft of an updated ‘Broadcasting Services (Regulation) Bill, 2024,’ was shared with selected broadcasters, associations, streaming services, and tech firms, each marked with their identifier to prevent leaks.
Key Highlights of the Updated Broadcasting Bill
As per the recent draft of the Broadcasting Services (Regulation) Bill, 2024, social media accounts could be identified as ‘Digital News Broadcasters’ and can be classified within the ambit of the regulation. Some of the major aspects of the new bill were first reported by Hindustan Times.
The new draft of the Broadcasting Services (Regulation) Bill, 2024, proposes that individuals who regularly upload videos to social media, make podcasts, or write about current affairs online could be classified as Digital News Broadcasters. This entails that YouTubers and Instagrammers who receive a share of advertising revenue or monetize their social media presence through affiliate activities will be regulated as Digital News Broadcasters. This includes channels, podcasts, and blogs that cover news and utilise Google AdSense. They must comply with a Programme Code and Advertising Code.
Online content creators who do not provide news or current affairs but provide programming and curated programs beyond a certain threshold will be treated as OTT broadcasters in case they provide content licensed or live through a website or social media platform.
The new version also introduces new obligations for intermediaries and social media intermediaries related to streaming services and digital news broadcasters, and, in contrast to the last version circulated in 2023, the latest also carries provisions targeting online advertising. In the context of streaming services, OTT broadcasting services are no longer a part of the definition of "internet broadcasting services." The definition of OTT broadcasting service has also been revised, allowing content creators who regularly upload their content to social media to be considered as OTT broadcasting services.
The new definition of an 'intermediary' includes social media intermediaries, advertisement intermediaries, internet service providers, online search engines, and online marketplaces.
The new Bill allows the government to prescribe different due diligence guidelines for social media platforms and online advertisement intermediaries and requires all intermediaries to provide appropriate information, including information pertaining to the OTT broadcasters and Digital News Broadcasters on their platform, to the central government to ensure compliance with the act. This entails the liability provisions for social media intermediaries which do not provide information “pertaining to OTT Broadcasters and Digital News Broadcasters” on its platforms for compliance. This suggests that when information is sought about a YouTube, Instagram or X/Twitter user, the platform will need to provide this information to the Indian government.
A new draft bill contains specific provisions governing ‘Online Advertising’ and to do so it creates the category of 'advertising intermediaries'. These intermediaries enable the buying or selling of advertisement space on the internet or placing advertisements on online platforms without endorsing the advertisement.
Final Words
The Indian Ministry of Information and Broadcasting (MIB) is making efforts to propose robust regulatory changes to the country's new-age broadcast sector, which would cover the specific provisions for Digital News Broadcasters, OTT Broadcasters and Intermediaries. The proposed bill defining the scope and obligation of each.
However, these changes will have significant implications for press and creative freedom. The changes in the new version of the updated bill from its previous draft expanded the applicability of the bill to a larger number of key actors, this move brought ‘content creators’ under the definition of OTT or digital news broadcasters, which raises concerns about overly rigid provisions and might face criticism from media representative perspectives.
According to recent media reports, the Broadcasting Services (Regulation) Bill, 2024 version has been withdrawn by the I&B ministry facing criticism from relevant stakeholders.
The ministry must take due consideration and feedback from concerned stakeholders and place reliance on balancing individual rights while promoting a healthy regulated landscape considering the needs of the new-age broadcasting sector.
References:
- https://www.medianama.com/2024/07/223-india-broadcast-bill-online-creators/#:~:text=Online%20content%20creators%20that%20do,or%20a%20social%20media%20platform.
- https://www.hindustantimes.com/india-news/new-draft-of-broadcasting-bill-news-influencers-may-be-classified-as-broadcasters-101721961764666.html
- https://www.hindustantimes.com/india-news/broadcasting-bill-still-in-drafting-stage-mib-tells-rs-101722058753083.html
- https://www.newslaundry.com/2024/07/29/indias-new-broadcast-bill-now-has-compliance-requirements-for-youtubers-and-instagrammers
- https://m.thewire.in/article/media/social-media-videos-text-digital-news-broadcasting-bill
- https://mib.gov.in/sites/default/files/Public%20Notice_07.12.2023.pdf
- https://news.abplive.com/news/india/centre-withdraws-draft-of-broadcasting-services-regulation-bill-1709770
