India’s digital economy has seen unprecedented growth, reaching even the remotest towns and small cities. But this rapid expansion has also opened new avenues for cybercriminals. A disturbing trend gaining momentum is the use of “mule accounts” — bank accounts in Tier-2 and Tier-3 cities exploited to launder money from online scams, frauds, and illegal activities.

This article delves into how mule accounts from India’s smaller towns are fueling cyber fraud and money laundering, the operational tactics used by criminals, and the growing efforts by banks, law enforcement, and technology players to tackle this emerging threat.

Definition

A mule account is a bank or payment account used to receive and transfer illicit funds on behalf of cybercriminals. In India, the RBI defines these as accounts “used by criminals to launder illicit funds, often set up by unsuspecting individuals lured by promises of easy money or coerced into participation”. Victims may rent out their bank credentials or have their identity documents (Aadhaar, PAN) misused to open accounts without their knowledge. The money collected from fraud victims – via phishing, fake investment or loan scams, social engineering and so on – is first routed into these mule accounts, then rapidly layered and moved abroad (often via bulk payouts, cheques/ATMs or cryptocurrency) to hide the trail.

Scale in India

Authorities report an explosive rise in mule accounts. In 2023–24 India’s cybercrime coordination centre (I4C) flagged around 4.5–4.6 lakh bank accounts as suspected mules. For example, over 450,000 mule accounts were frozen in 2023, from prominent pubic and private sector banks. Cybercrime complaints have surged alongside this trend: since January 2023 the National Cybercrime Portal logged over 100,000 complaints and an estimated ₹17,000 crore in fraud losses. NCRB data show that online financial frauds now account for 67.8% of all cybercrime complaints – underscoring how deeply mule accounts are embedded in India’s fraud ecosystem.

Social Engineering & Recruitment

Criminal gangs actively recruit money mules via social media and local networks. Investigations reveal that perpetrators target less-sophisticated customers – often in small towns – to open accounts. They promise easy commission for “letting us use your account,” perform double KYC on roadside or slum customers, or sell them bogus SIM/ID packages. For example, Uttar Pradesh police recently arrested a ring in Varanasi (a Tier-2 city) that tricked slum-dwellers into buying fake SIM cards and bank accounts for cybercriminals. In one raid, three arrested men admitted recruiting a bank employee and a SIM agent to create mule accounts “in the names of labourers,” then sold the account/SIM details to fraudsters in Delhi and elsewhere.

The modus operandi is classic: once a mule account is active (often only 1–2 days), fraud proceeds are deposited and immediately transferred out. As a J&K police officer explained, “These mule accounts have become a primary channel for laundering money obtained through cyber fraud… They are opened on commission and used to obscure financial trails”.

The Tier-2 and Tier-3 Connection

Rapid Digital Adoption vs. Low Awareness

India’s digital payments have penetrated fast into Tier-2/3 towns and rural areas, but fraud awareness hasn’t kept pace. In these smaller centers, customers often use apps in local dialects and may trust unfamiliar callers or messages too readily. A recent analysis notes that fraudsters “speak in regional dialects, use fake official logos, and create urgency with false claims” when targeting Tier-2/3 populations. Consistent with this, a survey of over 11,000 Indians found 35% of online fraud victims came from Tier-2 cities and 26% from Tier-3/rural areas. Nearly 4 in 10 respondents said someone in their household had suffered financial fraud in the past three years. These numbers suggest that smaller-city customers – many digitally-first and often semi-literate – are especially vulnerable to scams that ensnare them as mule-account recruits or victims.

Case Study – Tier-2 Recruitment

In Varanasi, police say criminal gangs exploited exactly this dynamic. They ran SIM/POS shops offering cheap SIM activation, did quick Aadhaar/PAN verifications for unsuspecting villagers, then couriered the SIM+account details to syndicates in Delhi or Chhattisgarh. Victims were often poor and unbanked, unaware their accounts were being used as money mules. The reliance on such low-grade KYC and trust gaps in Tier-2 towns allows criminals to scale up operations outside of big cities.

Rural Call Centers and Overseas Schemes

Even international fraud rings capitalize on Tier-2 hubs. For instance, Chhattisgarh police uncovered a syndicate whose leaders were running call centers in Cambodia, defrauding Indians via romance/fake-job schemes. The defrauded money – over ₹10 crore in two years – was funneled into 30–50 mule accounts in India, managed by locals, and rapidly shipped to the ring’s overseas handlers through cryptocurrency and hawala. One accused admitted buying dozens of Indian bank accounts from associates in a small Chhattisgarh district to channel these funds. Such cases underscore how even remote workers in Tier-2/3 areas become cogs in transnational scams, converting rural proceeds into global money flows.

Modus Operandi of Mule Networks

Cybercrime rings use established methods to recruit and control mule accounts:

Layering and Rapid Withdrawal:

Once fraud proceeds hit a mule account, money is immediately “layered” into other accounts or converted. Government alerts note that mule accounts are kept active only briefly – often a day or two – with funds transferred out via bulk payout facilities, cheques, ATMs or UPI at once. This quick churn makes detection and recovery very hard. In the J&K case, police found mule accounts were “controlled remotely from overseas” and funds were almost instantly re-routed as soon as they were received.

Illegal Payment Gateways:

Some networks create fake payment gateways using mule accounts. The MHA and police have found transnational gangs in Gujarat and Andhra Pradesh operating gateways (e.g. “PeacePay, RTX Pay, PoccoPay, RPPay”) that accept deposits for offshore betting, fake trading apps or investment scams. These gateways are essentially “laundering-as-a-service” platforms: they funnel stolen money through a chain of mule accounts to mix illicit funds into the system.

Case Examples

Varanasi, UP (May 2025)

In this Tier-2 city, police arrested three men who ran a SIM-fraud racket. They duped slum-dwellers into SIM-porting and KYC, then opened bank accounts in their names. These “innocent” labourers’ accounts were sold for use in crimes. One accused, a bank employee, helped create the accounts and SIMs; the gang packaged each set of credentials and shipped them to syndicates in Delhi and Chhattisgarh. This illustrates how locals in smaller cities become proxy operators for faraway criminals.

Jammu & Kashmir (2025)

Under “Operation Sindoor,” J&K police uncovered 7,200 mule accounts in one year. Most cases were in Srinagar and Jammu. Cops estimated tens of thousands more could exist. The accounts were often registered to local shell companies or individuals but controlled from abroad. Most were active only briefly: cyber police noted they were used for a day or two before being closed. Once crores of crime-proceeds arrived, money was quickly transferred to other accounts or to cryptocurrency. The J&K SSP warned that these mule accounts are now “a primary channel for laundering money obtained through cyber fraud”.

Rajnandgaon, Chhattisgarh (Feb 2025)

Police busted an international syndicate tied to a Cambodia call center. Four men (three from Rajnandgaon, one from Gujarat) provided dozens of Indian mule accounts to the ring. Victim funds were routed into 50 mule accounts, then withdrawn immediately by cash/cheque/UPI and converted to crypto or sent via hawala to the Cambodian masterminds. In total over ₹10 crore was moved out in two years. One suspect explained he charged ~7–9% commission on the funds he collected, then funneled the remainder overseas. This case starkly shows Tier-3 nationals colluding with foreign scammers, leveraging mule accounts to make large-scale fraud look “legitimate” on paper.

Nationwide Crackdowns

In mid-2025, police operations targeting syndicated fraud rings have repeatedly exposed mule-account networks. For example, Tamil Nadu cyber police’s “Operation Hydra” led to arrests in Uttarakhand, Jharkhand and Assam of suspects managing mule accounts for matrimonial and loan scams. In another raid, Delhi’s ED seized 322 passbooks of mule accounts (opened in labourers’ names) tied to a multi-crore classroom construction scam. Across states, law enforcement notes a recurring pattern: fraudulent call centers and online frauds funnel proceeds into arrays of small-time local accounts.

Vulnerabilities in Tier-2/3 Areas

Several factors make smaller cities fertile ground for mule-account schemes:

Low Digital Literacy: Many first-generation internet users in Tier-2/3 lack awareness of banking fraud. An alarmingly large share of rural and small-town victims fall prey to phishing or fake-app scams because they “have never been taught digital skepticism”. In the LocalCircles survey, 70% of those reporting fraud never recovered their money, reflecting how unprepared many are to fight back. .
Easy Digital Onboarding: India’s push for financial inclusion means bank accounts and SIM cards can be opened with minimal paperwork. Criminals exploit this by intercepting KYC or forging IDs. A lack of in-person verification at every branch has enabled “slew of accounts [to be opened] using fake KYC”. Telecom operators and banks have begun checking the I4C registry, but until recently nearly anyone could get an Aadhaar-based SIM and account remotely.
Economic Pressures: In many non-metro towns, unemployed youth view “renting” bank accounts as easy money. Fraudsters entice them with small fees for large transactions. This social engineering – exploiting economic need – is harder to detect. ICICI Bank’s anti-fraud lead notes that banks seldom educate new customers not to lend or rent their accounts, missing a chance to deter such collusion.
Enforcement Gaps: Smaller towns often lack cyber-police expertise. Local branches may not scrutinize suspicious activity closely. Moreover, until recently, banks could not freeze suspect accounts on their own without court orders; they had to rely on police intervention, causing delays. This allowed many mule-account scams to flourish before detection.

Responses by Banks, Regulators and Law Enforcement

Faced with this rise, Indian authorities and banks have taken multiple steps:

Account Freezes & Monitoring: The I4C (Ministry of Home Affairs) has instructed banks to proactively freeze mule accounts. As noted, about 450,000 accounts have been blocked in 2023–24, including 40k in SBI alone. Experts say banks today routinely block an account the moment mule activity is suspected before launching investigations. Some fintechs also integrate real-time screening: Airtel Payments Bank, for instance, directly ties into the I4C registry to deny account opening to known mule operators.
AI and Analytics: Regulators are pushing tech solutions. The RBI Innovation Hub and IDRBT have developed MuleHunter.AI, an AI/ML system that can identify mule accounts by behavioral patterns before large transactions occur. Early pilots with major banks were “encouraging,” with detection times dropping from weeks to minutes. RBIH CEO Rajesh Bansal notes MuleHunter uses 19 distinct patterns to spot risky accounts in real time. Similarly, banks are deploying proprietary machine-learning models to flag accounts exhibiting telltale “sleeper” behavior. However, experts warn this is an arms race: as one put it, “AI and ML will learn from every [fraud] transaction… It’s the fraudsters who will teach us how to catch them”.
Customer Education: Industry leaders agree prevention requires user awareness. ICICI’s Nilesh Deshpande urges banks to educate customers at account opening – explicitly warning them not to loan out accounts and about the legal risks of mule activity. Cybersecurity experts stress public campaigns in regional languages. The I4C has issued advisories telling citizens not to sell or rent their bank accounts or company papers, highlighting that doing so can lead to arrest. In practice, many small branches and payment agents are now required to counsel new customers on safe banking practices.
Regulatory Measures: The RBI has tightened KYC norms (e.g. stricter Aadhaar verification, limited e-KYC quotas) and run “zero fraud” hackathons focused on mule detection. Banks have requested permission to freeze suspect accounts immediately; the RBI’s amended circulars now allow institutions to freeze without legal permission under certain AML guidelines. Payment aggregators and gateways are also being put under scrutiny: MHA has issued repeated warnings against unlicensed payment platforms built on mule accounts.
Law Enforcement Crackdowns: State and federal agencies are aggressively pursuing mule-account networks. Under MHA guidance, police wings have arrested hundreds of mule-provider agents. In J&K (2025), 19 people were detained for running thousands of mule accounts. In Uttar Pradesh and Tamil Nadu, cyber cells have broken rings that both recruited mules and executed frauds, seizing SIM farms and fraud proceeds. The ED (anti-money-laundering agency) has also targeted mule chains linked to high-value scams (e.g. the Delhi classroom scam yielded 322 mule account passbooks). Crucially, state governments are now directed to consider even bank branch officials’ roles in opening suspicious accounts.

Expert Perspectives

Cybersecurity and financial-crime experts underscore the urgency:

Outdated Detection: RBI Innovation Hub CEO Rajesh Bansal reports that a study of 10 banks found 8 still rely on simple rule-based systems to flag mule accounts. He emphasizes the need to adopt the new AI tools. Similarly, EY partner Krishna Sastry observes that with 208 billion digital transactions in 2024, tracing fraud by manual rule-based methods is near-impossible.
Customer Awareness: ICICI’s Nilesh Deshpande warns: “Banks do not educate customers when they open accounts… they aren’t explicitly told that they cannot lend or rent their accounts to anyone”. He notes that at the branch level, staff must now inform customers that renting their account for a commission is illegal.
Scope of the Problem: Industry analysts point out the large scale: as one expert noted, “approximately 0.7% of all accounts in India are involved in mule transactions”. BCT Digital’s Jaya Vaidhyanathan comments that big banks report ₹400–500 crore of mule-enabled fraud every month, underscoring the systemic threat.
Technology Adoption: V. Radha of IDRBT argues that legacy systems are insufficient: “AI will help in detecting mule accounts and can solve false positives” that rule-based systems miss. She believes only advanced behavioral analytics can keep pace with fraudsters’ evolving tactics.

Explore our Risk App Ecosystem →

Conclusion

Mule accounts have become the “hidden railroads” of India’s cyber-fraud ecosystem. Criminal networks – domestic and international – exploit gaps in digital literacy and onboarding to recruit millions of unsuspecting rural and small-town citizens as mule operators. In response, banks, the RBI and law enforcement are ramping up technology, inter-agency coordination and public education. But experts warn that such exploitation will continue to evolve unless awareness and safeguards do too. For now, the trend is clear: mule-account fraud is surging beyond India’s big cities, and addressing it will require a broad-based effort from regulators, banks, and communities alike.

Sources

Cyber crimes: 4.5 lakh ‘mule’ accounts frozen, many in public sector banks” – Indian Express

Centre freezes 450,000 ‘mule’ bank accounts used in cyber fraud schemes” – Business Standard

How RBI is leveraging AI to crack down on ‘mule bank accounts’” – Indian Express

3 arrested for creating ‘mule’ accounts, selling fake SIMs to cyber criminals” – Hindustan Times (Varanasi)

PIB MHA / I4C advisory on illegal payment gateways via mule accounts

Online racket selling fake number‑plates busted … used mule accounts” – TOI

Gang laundering money via illegal crypto trading … mule bank accounts” – TOI (Lucknow unit)

Cyber gangs now hiring ‘mules’ at paan shops to dodge police radar” – TOI (Vadodara)

CBI arrests Kalyan man for supplying pre‑activated SIM cards to fraudsters” – TOI

Additional Sources

timesofindia.indiatimes.com