The recent ₹22-crore cyber fraud has exposed a critical vulnerability in India’s financial inclusion framework, with Pradhan Mantri Jan Dhan Yojana accounts allegedly used as a structured mule network to layer and disperse stolen funds. Investigators found that instead of routing the money through a single account, the proceeds were split across multiple low-activity accounts, creating a complex transaction chain that has made recovery difficult.
The victim, an 85-year-old retired industrial consultant, was first digitally manipulated and then persuaded to transfer funds in phases. The fraudsters avoided large one-time transfers, opting instead for smaller tranches to prevent automated banking alerts and maintain the appearance of routine transactions.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
Why Jan Dhan accounts became easy conduits
According to investigators, the selection of Jan Dhan accounts was deliberate. These accounts often show minimal transaction history, many remain dormant, and account holders typically belong to economically vulnerable groups. The accused allegedly lured individuals with small commissions to open accounts or hand over control of their ATM cards, passbooks and registered mobile numbers. Operational control thus shifted to mule handlers while the accounts remained in the names of the original holders.
Three-tier structure of the mule network
The probe revealed a clearly layered hierarchy. At the base were mule account holders, whose identities were used to route funds. Above them were mule handlers, who distributed incoming amounts across multiple accounts, coordinated ATM withdrawals and initiated onward transfers. At the top were core operators, who managed digital communications, scripted fraudulent calls, masked IP activity and timed fund movements.
Technical pattern of layering
Investigators mapped a consistent fund-flow model. Money transferred from the victim’s account was immediately divided among three to five mule accounts. A portion was withdrawn in cash within hours, while the remaining funds were moved via RTGS and IMPS to accounts in other states. In the final stage, the money was broken into smaller amounts and settled into beneficiary accounts, extending the transaction chain and obscuring the origin.
Physical link confirms coordinated operation
A visiting card recovered from one accused that belonged to another suspect established direct operational links within the network, indicating a planned and coordinated structure rather than isolated activity. Digital devices, call data records and banking logs are now being forensically analysed to build a comprehensive fund-flow map and identify the masterminds.
Questions over KYC and monitoring
The case has also raised concerns about banking oversight. Several accounts showed sudden spikes in activity, cross-state access patterns and unusual ATM withdrawals, yet effective risk flags were either delayed or absent. Investigators are examining whether risk-based monitoring systems and periodic reviews of dormant accounts were adequately implemented.
A growing national pattern
Cybercrime experts note that the use of Jan Dhan or inactive accounts as money mule networks has become an established laundering method. By simulating legitimate retail transactions, fraud proceeds are disguised and investigative tracing becomes more complex. Such networks often operate across states, with accounts opened in one region, cash withdrawals in another and final beneficiaries located elsewhere.
Recovery challenges and ongoing probe
While some residual balances have been frozen, rapid cash withdrawals and multi-layer transfers have significantly reduced the chances of full recovery. Eight arrests have been made so far, and interstate raids are underway to locate core operators. Authorities are working with financial intelligence units and banks to trace ultimate beneficiaries and dismantle the broader network.
The case underscores the need for real-time transaction monitoring, active review of dormant inclusion accounts and public awareness about mule account risks. Without these safeguards, financial inclusion instruments risk being repurposed as efficient layering tools for organised cybercrime.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
