A massive ₹138 crore mule account racket uncovered in Telangana’s Karimnagar has exposed a highly organised cybercrime network that used shell companies, remote OTP access, and SIM card control to execute large-scale illegal financial transactions across the country. With 13 more accused arrested, the investigation has widened significantly.
Fake Storefronts Fool Bank Verification
According to investigators, the syndicate created fake business entities to open corporate bank accounts. These shell firms had no real operations but were made to appear legitimate through temporary shops, signboards, and basic infrastructure. These setups were used during geo-tagging and bank verification processes to bypass regulatory checks.
Officials said multiple companies were registered at the same address within a short span, raising suspicion and eventually leading to the exposure of the wider network. The operation was carefully structured, involving local coordinators on the ground and handlers operating from abroad.
FCRF Launches Premier CISO Certification Amid Rising Demand for Cybersecurity Leadership
Goa “Loyalty Test” for Coordinators
One of the key revelations in the probe is the so-called “loyalty test” conducted by foreign handlers. A local coordinator was recently taken to Goa and held there for nearly four days. During this period, he was questioned to ensure he was not an informant. Only after clearing this verification were financial transactions resumed through his network. Authorities estimate that the individual earned over ₹1 crore in commissions in the past 18 months.
SIM Cards + Aadhaar Enable Remote OTP
The most critical component of the racket was control over SIM cards and OTP access. Investigators found that individuals in whose names bank accounts were opened were required to hand over newly issued SIM cards along with Aadhaar details. These SIM cards were kept active, enabling remote interception of One-Time Passwords (OTPs), effectively bypassing banking security layers.
30+ Account Transfers in Minutes
Using this method, funds were rapidly transferred across multiple accounts—often 30 or more in a single transaction—making it extremely difficult to trace the money trail. Eventually, the funds were routed into hawala channels or international digital wallets, further complicating detection.
The syndicate also relied heavily on recruiting local individuals. Recruits were paid around ₹50,000 upfront and promised a 2% share in transactions. While many participants may not have fully understood the scale of the operation, authorities have made it clear that all account holders involved will face legal consequences for their role in the money laundering network.
Commenting on the trend, renowned cyber crime expert and former IPS officer Prof. Triveni Singh said, “Cybercriminals today are targeting the entire financial ecosystem, not just exploiting technical loopholes. The combination of mule accounts, remote OTP access, and shell companies represents a dangerous evolution in organised cybercrime.”
Interstate, International Links Probed
Investigators are now examining the interstate and possible international links of the network. Efforts are underway to determine the total volume of funds routed through the racket and identify all individuals and entities involved.
The case highlights the rapidly evolving nature of cybercrime, which is no longer limited to simple online fraud but has grown into a complex form of organised financial crime. Experts advise individuals to never share bank account details, SIM cards, or identity documents with unknown persons or entities, as even minor negligence can lead to serious legal and financial consequences.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
