In a significant crackdown on cyber-enabled financial crime, Delhi Police have uncovered an alleged network that used shell companies and forged rental agreements to provide banking infrastructure to cybercriminals. Four individuals have been arrested for allegedly helping fraudsters move and disguise money generated through various cyber scams.
According to investigators, the network created shell firms and opened commercial current accounts in their names. These accounts were allegedly used to receive, transfer, and layer funds obtained through investment frauds, fake job scams, digital arrest schemes, and other cybercrime operations.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
The Current Account Fabrications Pipeline
The arrested accused have been identified as Sanjay, Kuldeep Goley, Nirdosh Bidlan, and Deepak Bishnoi. Police allege that they were part of a sophisticated mule-account network that facilitated the movement of illicit funds through multiple banking channels, making it difficult for authorities to trace the original source of the money. Acting on specific intelligence inputs, police conducted a targeted raid at a hotel in Paharganj and detained the suspects.
The fraudulent infrastructure pipeline operated via a highly strategic allocation cycle. The network began with corporate front creation, where the accused established partnership firms using forged rental agreements and fabricated identity documents. Following this setup, the process transitioned to financial tool extraction, using these fake entities to secure commercial current account banking kits, physical cheque books, and corporate net-banking credentials. The pipeline concluded with syndicate routing, where the entire operational setup was leased out to active cybercriminals running transnational phishing operations in exchange for a percentage-based commission on every fraudulent deposit.
Obscuring Trails with Merchant Terminals
During interrogation, investigators found that the network aggressively deployed Point-of-Sale (POS) machines and merchant UPI QR codes to make cyber fraud proceeds appear as legitimate business transactions. By routing the illicit siphoned funds through formal retail payment gateways rather than simple peer-to-peer transfers, the suspects effectively masked the source of funds and complicated real-time financial tracking efforts by bank compliance systems.
Technical analysis of the seized bank accounts has already revealed direct links to dozens of active cyber fraud complaints registered across Karnataka, Maharashtra, and several other states. Investigators are thoroughly analyzing digital devices, seized mobile phones, and multi-state transaction ledgers to map the full extent of the operation and identify the larger criminal networks using these accounts.
Renowned cyber crime expert and former IPS officer Prof. Triveni Singh stated that modern cybercriminals are heavily shifting their focus to exploit procedural gaps in banking documentation rather than just technical firewalls. He emphasized that mule networks and shell firms form the backbone of the modern cybercrime ecosystem, allowing fraudsters to park money safely. He urged banking institutions to adopt real-time data verification mechanisms and strict field checks for commercial address registration to block these accounts at the root.
