A new cyber intelligence report has found that 524,121 suspected mule accounts and digital identities were flagged across India in March 2026 alone, pointing to large-scale, coordinated fraud networks rather than isolated scams. The findings, released by fraud-detection firm mFilterIt, come as India’s digital payments ecosystem prepares for a near-threefold expansion over the rest of the decade.
Of the total flagged, 520,559 were Virtual Payment Addresses identified as being misused for fraudulent activity. Cybercriminals increasingly favour UPI VPAs because they can be created within minutes, shared instantly, and used to move fraud proceeds across accounts before banks can react.
Where the System Is Bleeding
The report’s breakdown points to specific weak points in the ecosystem. Payments banks accounted for roughly 41 percent of all suspicious VPA activity, the highest share of any category, a consequence investigators attribute to their fast, low-friction onboarding process. UPI merchant accounts made up another 11 percent of flagged activity.
Some merchant accounts, particularly those onboarded through payment aggregators, were allegedly weaponised to collect fraud proceeds disguised as legitimate commercial transactions. This blending of criminal and genuine payment flows makes detection considerably harder, since a fraudulent merchant account can look identical to a legitimate small business on transaction records alone.
A Problem Regulators Already Know Is Growing
The March figures are not an isolated data point. The Indian Cyber Crime Coordination Centre had already flagged more than 2.47 million Layer-1 mule accounts nationally as of early 2026, and authorities deactivated 1.2 million fraudulent SIM cards and froze 1.33 million mule accounts through 2025 alone.
The Reserve Bank of India has responded with its own infrastructure. Its Digital Payments Intelligence Platform, built with the National Payments Corporation of India, uses AI-driven analytics to share verified fraud signals across banks and fintechs in real time, while a separate tool called MuleHunter.AI has been deployed specifically to flag suspicious account behaviour before funds move further down the laundering chain.
The Enforcement Dilemma
Even as detection tools mature, enforcement has run into legal friction. The Andhra Pradesh High Court recently ruled that a merchant’s bank account cannot be frozen simply because a fraudster used it to receive a small UPI payment, holding that vendors cannot reasonably verify the criminal history of every customer who pays them. The court’s reasoning echoed similar findings in Kerala and Rajasthan, underscoring a broader tension between aggressive account freezes and due process.
That tension carries real consequences for recovery rates. A 2024 Parliamentary Standing Committee report found that of ₹2,294.79 crore lost to cyber fraud in 2022, a mere ₹0.57 crore was ultimately returned to victims, a gap that highlights how difficult it remains to claw back money once it has been layered through multiple mule accounts.
A System Racing Against Its Own Growth
The scale of what is at stake going forward is considerable. Digital transaction values are projected to grow from roughly ₹300 lakh crore in FY2025 to nearly ₹907 lakh crore by FY2030, with UPI transaction values alone expected to rise from ₹189 lakh crore to ₹485 lakh crore over the same period.
Prof. Triveni Singh, the former IPS officer and cybercrime specialist, said mule accounts have become one of the primary enablers of major cyber-enabled financial crimes. Fraudsters typically obtain or rent bank accounts, UPI IDs and mobile connections before rapidly transferring stolen funds through several accounts in quick succession, he said, a technique specifically designed to defeat manual tracing efforts.
He argued that banks, fintech companies, telecom operators and law enforcement agencies must deepen real-time intelligence sharing and lean further into AI-driven risk analysis to disrupt these networks before funds disappear. mFilterIt chief executive Amit Relan struck a similar note, describing mule accounts as the backbone of organised digital fraud in India, and warning that fraudsters are exploiting the very speed and accessibility that make UPI so effective globally. As transaction volumes head toward a near-tripling by 2030, the question facing regulators is whether detection and enforcement can scale at anything close to the same pace.
