Security agencies have uncovered an expanding network of so-called “mule accounts” in Jammu and Kashmir that investigators believe serves as a crucial financial channel for international cybercrime syndicates. Officials fear that funds routed through these accounts may ultimately be diverted toward separatist or anti-national activities, according to reports citing law enforcement sources.
Over the past three years, authorities have identified and frozen more than 8,000 suspected mule accounts across the region, exposing what investigators describe as a sophisticated system designed to launder illicit money. These accounts are considered a critical link in the cybercrime chain because they enable fraudsters to move stolen funds quickly and convert them into harder-to-trace digital assets, including cryptocurrency.
Investigators view mule accounts as both the weakest and most essential component of online financial fraud operations. Without access to such accounts, criminals would struggle to transfer proceeds from scams or obscure the money trail before converting it into digital currencies. Recognising the growing threat, central security agencies have instructed Jammu and Kashmir Police and other enforcement bodies to work closely with banks to detect and prevent the creation and misuse of such accounts.
Authorities are also focusing on identifying intermediaries known as “mulers,” individuals who organise and manage networks of mule accounts. Officials say that after a 2017 crackdown by the National Investigation Agency (NIA) disrupted traditional illegal funding channels into the region, hostile networks appear to have shifted toward what investigators describe as a “digital hawala” model. In this system, commissions earned through fraudulent transactions are allegedly redirected toward activities considered harmful to national security.
Mulers typically operate behind the scenes and do not directly communicate with scam victims. Instead, their role involves recruiting individuals willing to provide access to their bank accounts and maintaining a steady supply of accounts that cybercriminals can use to receive and distribute stolen money. By routing funds through multiple accounts in rapid succession, these facilitators help conceal the origin and destination of illicit transactions.
Many mule account holders are ordinary individuals lured by promises of easy income and reassured that participation carries little risk. They are often persuaded to hand over full control of their accounts—including online banking credentials—under the claim that their accounts will temporarily serve as “parking accounts.” In practice, the accounts become conduits for laundering proceeds generated from cyber fraud.
Investigations suggest that a single scam operator may simultaneously control between 10 and 30 mule accounts. In some cases, accounts are opened under shell companies, allowing large transactions—sometimes reaching ₹40 lakh in a single day—to pass through without immediately triggering suspicion. Funds are deliberately fragmented into smaller transfers and rapidly circulated across multiple accounts to evade banking surveillance systems.
Security officials emphasise that even if mule account holders are not directly involved in contacting victims or designing scams, they remain legally accountable for facilitating money laundering. By knowingly sharing credentials and accepting commissions, they provide the infrastructure that enables large-scale cybercrime operations to function. One senior official noted that without these accounts, fraud schemes would collapse at the initial stage because criminals would have no viable destination for stolen funds.
A broader investigation by central agencies has also revealed alleged links to foreign operatives in countries such as China, Malaysia, Myanmar, and Cambodia, who are suspected of directing recruits in the region to establish private cryptocurrency wallets. These wallets are often created using Virtual Private Networks (VPNs) to hide digital identities and frequently bypass Know Your Customer (KYC) verification requirements, making financial tracking more difficult.
In response, authorities have tightened monitoring measures and restricted VPN usage in parts of the region, citing concerns that such tools are being exploited by criminal networks as well as extremist elements seeking to evade detection. Investigations remain ongoing as enforcement agencies attempt to dismantle the financial infrastructure underpinning cyber fraud and prevent further misuse of banking systems.
