Gandhinagar: The Cyber Centre of Excellence under CID Crime, Gujarat Police, has uncovered a Cybercrime-as-a-Service racket that quietly powered multiple online frauds across the country.
Two young men from Gwalior, Madhya Pradesh, have been arrested for running backend operations that supplied crucial digital tools to cybercriminals, helping them carry out scams, phishing attacks, and threatening calls without directly contacting victims.
How Cybercrime-as-a-Service Works
Investigators say the case highlights a growing trend where cybercrime operates like an outsourced business model. Under Cybercrime-as-a-Service, operators do not scam victims themselves. Instead, they sell access and tools that make fraud possible. In this case, the accused supplied virtual mobile numbers and One-Time Passwords, or OTPs, which are commonly used to verify logins and transactions on digital platforms.
Fraudsters used these OTPs to bypass security systems, create fake accounts, and gain unauthorised access to e-commerce and online service platforms. Each successful OTP helped criminals move one step closer to financial fraud, while the service providers earned money in the background. This raises a critical question: how many scams succeed not because of a single fraudster, but because of hidden enablers working behind the scenes?
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
Websites and Telegram Channels Under Scanner
The Gujarat CID found that the accused created and operated two websites, OTPBUY.COM and OTPCHINA.SOLUTION. These platforms openly sold virtual numbers and OTP services. The business was promoted and managed through Telegram channels named @otpbuycom and @otpbuysupport, which acted as direct communication hubs with buyers.
According to police records, OTPs were sold for amounts ranging from Rs 15 to Rs 25 per transaction. Though small individually, the volume of transactions allowed the accused to earn substantial sums. The services were used to target users across several e-commerce and digital platforms, turning basic security features into weak points.
Money Trail Reveals Scale of Operation
The financial investigation revealed that the operation was far from small. Police traced bank transactions worth Rs 17,54,265 linked to the accused. In parallel, cryptocurrency activity showed the use of USDT worth Rs 20,00,000, with USDT being a dollar-pegged stablecoin commonly used to move funds discreetly.
Investigators also found that the accused operated through 11 UPI IDs and maintained two cryptocurrency wallets. To further complicate tracking, seven websites linked to the operation were hosted on foreign servers. Officers say this combination of local payments, crypto transfers, and overseas hosting is increasingly common in organised cybercrime.
Arrests and Seizures
The action followed sustained technical surveillance and financial analysis under the guidance of senior CID Crime leadership and the Director General of Police. The operation was actively supervised by Police Superintendent Dr Rajdeepsinh Jhala, along with senior officers Sanjay Keshavla and Vivek Bheda. A specialised team led by Dy PI J S Patel, Dy PI P D Makwana, Wireless PI V M Jotania, Wireless PI M S Vegda, and PSI D R Patel carried out intelligence-driven tracking that ultimately led investigators to Gwalior.
During coordinated action in Gwalior, police arrested Abdesh s/o Mehtab Singh Rawat, aged 23, and Shivam s/o Captain Singh Rawat, aged 18. Both are residents of Balaji Puram Colony, Gooda Goodi na Naku, Gwalior, Madhya Pradesh.
Police seized four mobile phones from the accused. These devices are believed to contain access credentials, communication records, OTP logs, and payment details connected to the illegal services. Officers say the phones effectively served as control centres for managing fraud support operations.
Links to Other Accused Under Probe
Investigators stated that the arrested men were not working alone. They allegedly acted in collusion with other suspects, including individuals known as Biku and Sonu alias Jatin Tripathi. Efforts are ongoing to identify and apprehend all members involved in the network, as well as those who purchased and used these services to commit fraud.
A New Face of Organised Cybercrime
Police describe the case as an example of organised cyber-enabled crime where roles are clearly divided. One group builds and sells access tools, another group commits the fraud, and money flows through layered digital channels. This separation reduces direct exposure for service providers while allowing scams to scale rapidly.
Officers involved in the probe say such models pose serious challenges for law enforcement, as victims often remain unaware of the technical enablers behind fraud. The case signals a shift from lone cyber offenders to structured networks operating like digital service businesses.
Advisory Issued for Citizens
Following the arrests, Gujarat Police issued a public advisory urging citizens to remain cautious. Authorities warned people not to share bank account details, SIM cards, or personal information with anyone, even if offered money or incentives. Renting or selling bank accounts or SIM cards can make individuals legally liable for crimes committed using those resources.
Police also cautioned against investing in social media advertisements that promise high returns in short periods, especially on platforms such as Facebook, Instagram, WhatsApp, or Telegram. Citizens were advised to verify whether companies are registered with regulators like SEBI or RBI and to check official websites, addresses, and public reviews.
In case of cyber fraud, victims were urged to contact the cyber helpline 1930 immediately. Reporting within the first hour, known as the Golden Hour, can significantly increase the chances of freezing transactions and recovering funds, sometimes by up to 50 percent.
Team Behind the Operation
The operation involved officers and staff including PC Hiteshbhai, PC Vipulbhai, PC Pruthvirajsinh, PC Yuvarajsinh, PC Pravin sinh, PC Meghrajbhai, PC Ajitbhai, PC Satishbhai, and Maulikbhai Patel. Technical support was provided by experts Vishal Shah, Ashutosh Patel, Rakesh Solanki, and Raj Gohil, whose analysis played a key role in mapping digital and financial trails.
The investigation remains open as authorities work to identify beneficiaries of the illegal services and trace wider links across platforms and regions. Officials indicated that further arrests are likely as the network is dismantled layer by layer.
