Mumbai police have uncovered a major online loan fraud network involving the arrest of former private insurance company employee Imran Khan, his associate Anjali Rani, and another accused Pulkit Sharma. The accused are alleged to have misused customers’ personal data to carry out fraud worth approximately ₹24 lakh.
Profile Exploitations and Systemic Backend Modifications
According to investigators, the main accused Imran Khan used to visit policyholders’ homes and contact them under the pretext of policy updates. During these interactions, he allegedly obtained OTPs from customers’ mobile phones and then changed their registered bank account details and mobile numbers in the company system. These changes were later used to facilitate fraudulent loan approvals.
The case came to light in September 2025 after a customer reported receiving loan-related SMS alerts for a loan he had never applied for. During the internal investigation, it was discovered that at least 15 loans had been fraudulently sanctioned in the names of different customers, with the funds diverted into mule accounts instead of reaching the actual beneficiaries.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
Alert Interceptions and Penny-Drop Verification Manipulations
Investigators further found that after changing the registered mobile numbers, the accused began receiving bank alerts and transaction notifications themselves, allowing them to conceal the fraud. The verification system reportedly involved a nominal ₹1 test transfer, which was also manipulated by the accused to validate fraudulent account changes.
Following the complaint, the company initiated an internal probe before escalating the matter to law enforcement agencies. The accused were later traced and arrested from multiple locations. Officials confirmed that the entire network operated using customer data, OTP access, and a chain of fake bank accounts designed to obscure the money trail.
Inter-State Absconding and Material Asset Seizures
Gurugram served as the base where the accused worked for a brief period at the company’s office. During this time, they allegedly gathered sensitive customer information and passed it on to a wider cyber fraud network before going absconding and switching off their mobile phones.
During operations in Panipat, police recovered mobile phones, bank passbooks, and cheque books from the accused. The investigation also revealed that multiple bank accounts were used in layers to transfer funds and hide the transaction trail.
Multi-Layer Account Tracking and Interstate Syndicate Probes
The incident has raised serious concerns about data security practices in the insurance and banking sectors. Experts note that OTP-based verification systems and mobile number update procedures remain highly vulnerable when human manipulation is involved, making them an easy target for cybercriminals.
According to specialists, customers often trust digital processes without realizing that backend changes can occur without immediate notification. Fraud networks exploit this gap to approve fake loans without detection.
Investigating agencies are now probing whether this gang is linked to a larger interstate cybercrime syndicate and how many other customers may have been affected by similar fraud.
The case highlights the evolving nature of cybercrime, where trust, personal data, and technical loopholes are exploited together to commit large-scale financial fraud. Police have stated that the investigation is ongoing, with further arrests possible in the coming days.
