J-K: CIK raids 22 locations across Kashmir over Mule accounts, terror links

Srinagar (Jammu and Kashmir) [India], January 7 : In a major crackdown on organised cybercrime and its alleged links to terror financing, Counter Intelligence Kashmir (CIK) on Wednesday carried out valley-wide raids targeting a well-entrenched syndicate involved in operating mule bank accounts to launder proceeds from cyber frauds, illegal online gaming, betting rackets and other unlawful activities.
According to an official release, acting on "credible and specific intelligence inputs", CIK registered an FIR under Sections 66(C) and 66(D) of the Information Technology Act, 2000; Sections 303, 308, 314, 316(2), 318(4), 336(3), 340(2) and 61(2) of the Bharatiya Nyaya Sanhita, 2023; and Section 13 of the Unlawful Activities (Prevention) Act, 1967 at Police Station Counter Intelligence Kashmir.
The FIR has exposed what officials described as a "sophisticated and well-entrenched financial crime syndicate" that posed a serious threat to national economic security and digital safety.
The release said investigations so far have revealed a carefully orchestrated conspiracy in which the accused, in active connivance with local and outside operatives, exploited bank accounts of innocent, vulnerable and economically weak individuals by converting them into so-called "mule accounts".
"These mule accounts were used as temporary conduits to route massive volumes of illicit money generated from cyber frauds and online scams, banned online gaming and betting platforms, and fake investment and trading applications," the release said.
Alarmingly, officials said, the illegally generated funds are suspected to have been further channelled into terror financing and other activities prejudicial to the sovereignty and integrity of the nation.
The syndicate allegedly functioned through gross violations of banking norms and abuse of Know Your Customer (KYC) procedures, including registration of non-existing business establishments on the UDHAYAM portal to open accounts, allotment of virtual account numbers, identity theft, impersonation and complex money-laundering techniques deliberately designed to mask the origin and destination of criminal proceeds.

Explaining the modus operandi, the official release stated, "A mule account is a bank or digital payment account used by criminals to receive, transfer, and camouflage illegally obtained money. The account holder, known as a money mule, may be complicit, wilfully ignorant, or completely unaware that their account is being misused."
"Mule accounts are a critical component of cyber-enabled crimes, facilitating the layering stage of money laundering by distancing the actual criminals from the victim and law-enforcement agencies," the release added, noting that such accounts are widely used in phishing and impersonation scams, online trading and investment frauds, fake loan apps, illegal payment gateways, and online gaming and betting frauds.
According to officials, criminals typically initiate fraud through phone calls, SMS, WhatsApp or Telegram messages, as well as social media and search-engine advertisements. They impersonate police officials, bank or RBI officers, loan agents, job recruiters or investment advisors.
Common scams include fake online shopping offers, bogus trading and investment apps, online gaming and betting traps, "digital arrest" threats, and fake KYC or SIM-block warnings. Victims are coerced into transferring money via UPI, net banking or cards to so-called "safe" or "verification" accounts and in many cases are tricked into sharing OTPs, PINs or passwords, allowing fraudsters to gain complete control of their accounts.
Detailing the money trail, officials said a typical cyber-fraud flow begins with the victim's account, moves to a first mule account that retains a small commission, and then enters a layering stage where funds are split and rapidly transferred through multiple mule accounts across banks and states. The money is later consolidated into shell companies or fake payment processors using bogus invoices or gambling and trading labels, before reaching its final destination through cash withdrawals, conversion into cryptocurrency or transfers to overseas accounts.
"This complex layering ensures that only disposable mule account holders surface initially, while the masterminds remain concealed," the release said.
Investigations have also revealed a systematic recruitment model targeting vulnerable sections such as students, unemployed youth, small shopkeepers, daily wage earners and villagers. These individuals are lured with offers of "work from home", "payment processing jobs", "foreign remittance handling", and "easy commission income".
The syndicate allegedly builds trust through fake websites, documents and registration numbers, assures recruits of legality, and then takes over accounts by obtaining SIM cards, ATM cards, UPI PINs and internet banking credentials, or by opening fresh accounts under its control. Small commissions are paid per transaction or monthly, and accounts are quickly abandoned and replaced once flagged by banks or authorities.
This method, officials said, creates both "witting mules", who knowingly participate for money, and "unwitting mules", who unknowingly become part of serious financial crimes.
During the preliminary investigation, 22 suspects operating within the Kashmir Division were identified. After obtaining search warrants from the Special NIA Court, Srinagar, CIK conducted simultaneous searches at 22 locations, including 17 in District Srinagar, three in District Budgam, and one location each in Districts Shopian and Kulgam.
The searches led to the seizure of substantial incriminating material, including digital devices and financial records critical to the investigation.
"So far, 22 individuals have been detained for questioning to establish their precise roles and linkages with cyber frauds, illegal online gaming, betting platforms and suspicious financial transactions," the release said.
Officials added that the investigation is at a nascent stage and the evidence collected is expected to "open floodgates" in identifying a much wider network operating both within the Union Territory of Jammu and Kashmir and across other parts of the country.