8,788 complaints traced to 869 mule accounts as Karnataka shifts from reactive investigations to AI-led prevention, cybersecurity audits, and ‘cyber commandos’

Between December 2025 and February 2026, the Cyber Command registered 60 FIRs, in which these 869 accounts were found to be connected apart from the 8,788 NCRP complaints. The accused had allegedly collected personal information from laypeople and opened bank accounts in the names of relatives, operating them in a business-like manner to facilitate fraud.

Investigators said the cybercrimes linked to these accounts were reported from multiple states across the country, with funds routed through the 869 mule accounts opened in Karnataka before being withdrawn in cash or converted into cryptocurrency and transferred further, often to handlers operating from outside India.

This intensified crackdown from December to February involved the simultaneous arrest of 68 alleged mule herders and account operators during coordinated searches at 35 locations across Karnataka. Police teams conducted operations in multiple districts, seizing 80 mobile phones, 37 passbooks, 35 ATM cards, 28 cheque books, six PAN cards, and other incriminating materials.

Officials indicated that there was no single geographic pattern to the mule account holders. Instead of being concentrated in one region, the accounts were spread across different parts of Karnataka, suggesting a decentralised but coordinated network.

The Karnataka Cyber Command Unit has identified the banking sector and the tackling of mule accounts as being a key factor in stopping the exponential growth in cyber crimes.

Last year, a ‘Study on the use of money mules in Cyber Crimes’ conducted by the Karnataka CID’s Centre for Cybercrime Investigation Training and Research called for better monitoring of accounts by the banking sector to identify the creation and usage of mule accounts, which tend to be dormant or new accounts opened with fictitious details of identity and location.

Quoting data from the NCRP for the year 2024, the study said that a total of Rs 2,915 crore was lost in 6.11 lakh cyber crimes in Karnataka – Rs 1,860 crore from private banks (3.02 lakh cases) and Rs 948 crore from public banks (2.55 lakh cases). The losses reported in 2024 were a fourfold increase from the Rs 660 crore reported in 2023.

Since the Cyber Command began its focused drive, investigators have also come across instances where a mule account holder himself filed a complaint, alleging that his bank account had been illegally taken over and misused. In one instance in Bengaluru, a 26-year-old man from Rajajinagar filed a complaint after the police traced suspected cyber fraud funds to his bank account during another investigation. He alleged that a woman known to him had sought access to his account and SIM card for transactions and later misused them without his knowledge.

The case is now being examined as an example of how mule accounts are created and operated, sometimes with the account holder claiming ignorance once the transactions come under scrutiny.

Dr Pronab Mohanty, Director General of Police, Karnataka Cyber Command, said the special drive had disrupted a large network of mule accounts exploited for multiple cybercrimes, helping protect citizens from financial fraud.

“At one level, we are registering cases and arresting people. But at another level, we are trying to stop crimes before they happen,” Mohanty said. “Whenever there is a breach – whether it is hacking, ransomware, or data theft – it ultimately turns into a police case. The real question we are asking is: why wait for a breach to occur? Why not secure the systems in advance and prevent the crime altogether?” he added.

For the state police, the numbers – 8,788 NCRP complaints, 60 FIRs, and 869 identified mule accounts – indicate that the new centralised cybercrime structure is beginning to show tangible results.

Nature of cybercrimes

Karnataka has seen a significant number of cyber fraud cases in recent years, with more than 22,000 FIRs registered across Karnataka in 2024 alone, nearly 17,000 of them originating from Bengaluru. Authorities also recorded thousands of related complaints on the National Cyber Crime Reporting Portal, highlighting the scale of fraud operations in the state.

Cybercrime in Karnataka falls into three broad categories. The first and most prominent is cyber fraud, which includes internet-enabled cheating schemes that often rely on mule accounts to transfer stolen money. Fraudsters use these accounts as intermediaries, making it harder for authorities to trace the flow of funds. Officials say that with increasing public awareness and the systematic disruption of mule account networks, these crimes are expected to gradually decline.

The second category includes other cyber offences such as hacking, ransomware attacks, data theft, identity theft, skimming, and spoofing. These crimes target individuals, businesses, and government institutions, often resulting in financial loss or disruption of digital services.

The third category covers crimes against women and children, including the circulation of Child Sexual Abuse Material (CSAM) and other forms of online exploitation. Such cases are particularly sensitive, requiring specialised investigation and rapid intervention to protect vulnerable victims.

Shift from policing to prevention

Set up in April 2025 and headquartered in Bengaluru, the Cyber Command brings nearly 45 cybercrime police stations across Karnataka under a single reporting structure. Earlier, cases were handled in a fragmented manner at the district level. Now, central monitoring of investigations, prosecutions, and major raids allows officers to track repeat offenders, connect financial trails, and avoid duplicating efforts.

Last year, the Karnataka High Court also appreciated the necessity for the creation of a Cyber Command Centre (CCC) in Karnataka. “The jurisdictional police stations are sometimes ill-equipped to investigate cyber crimes. Therefore, the CCC is envisaged. It is necessary that there should be integration of the system of jurisdictional police stations and the CCC for every offence i.e., a cyber crime to be brought under the umbrella of the Command Centre,” the Karnataka HC noted in a September 2025 order where the court addressed the issue of the exponential growth of cyber crime cases.

The new Cyber Command Centre in Karnataka operates through four major pillars: cybercrime investigation, cybersecurity, monitoring online misinformation and disinformation, and training and outreach.

The first pillar, cybercrime investigation, forms the policing arm. It integrates district cyber police stations along with CID Cyber Crime Police Stations and city cyber wings under one chain of command. Every cyber offence in the state is monitored centrally, from the FIR stage to prosecution, while complex cases are handled by specialised units under central oversight.

The second pillar, cybersecurity, reflects the Command’s shift toward prevention. Government departments are undergoing audits to identify vulnerabilities in portals, databases, and internal communication systems. Information Security Officers coordinate closely with the state’s Chief Information Security Officer to close gaps before they are exploited, marking a move from reactive policing to proactive system security.

The third pillar involves tracking online misinformation and disinformation, which has become increasingly important as digital content spreads rapidly. Monitoring misleading or harmful content helps maintain public order and prevents panic or social disruption. The fourth pillar focuses on training and outreach, ensuring officers remain updated on emerging cyber threats while raising public awareness on online safety and fraud prevention.

While cybercrime investigation remains heavily focused on policing, officials say the emphasis is now shifting toward cybersecurity. The policing aspect continues to be critical, but authorities are questioning why action often comes only after a breach or fraud has occurred, when many incidents could be prevented. The focus is increasingly on strengthening digital systems and closing vulnerabilities before they are exploited, moving from reactive policing to a preventive approach that addresses cyber threats at their source.

Rather than responding solely after crimes happen, the Cyber Command Centre is working proactively with government departments to identify weaknesses in databases, portals, and communication systems. Information Security Officers coordinate with the state’s Chief Information Security Officer to reinforce safeguards and prevent breaches from escalating into criminal cases.

AI-driven policing and cyber commandos

Looking ahead, the CCC is focusing on two major areas: AI-driven policing and the deployment of specially trained rapid-response teams known as ‘cyber commandos’. The state is setting up K-CERT, a Computer Emergency Response Team made up of these officers. They are trained to respond immediately to ransomware attacks, database breaches, and hacking attempts targeting government systems. Officials say their role is to contain damage, secure affected systems, and support investigations. “We want our cyber commandos to respond swiftly, isolate the system, stop the spread of the attack, and restore services at the earliest,” an official said. “Speed is critical in cyber incidents.”

The focus of the CCC is shifting from merely registering cases and making arrests to preventing crimes before they occur. While the earlier emphasis was largely on detection and prosecution, the approach is now preventive.

Information Security Officers work closely with the state’s Chief Information Security Officer to plug gaps before they can be exploited.

Artificial Intelligence and Machine Learning tools are also being introduced at the Command Centre. These systems detect unusual transaction patterns, flag suspicious activity, and identify potential fraud networks. AI helps analyse large volumes of data much faster than manual monitoring, enabling early alerts and proactive interventions.

Cyber fraud – particularly internet-enabled cheating that relies on mule accounts – remains a major concern. However, officials say focused action against mule account networks is beginning to show results. The recent special drive targeted organised networks that procure and operate mule accounts used to move fraudulent money. By tracing account suppliers, intermediaries, and linked beneficiaries, the CCC aims to break the financial backbone of these scams. “With awareness increasing and mule account networks being identified and disrupted, we expect these frauds to come down,” officials said.

By combining centralised monitoring, targeted drives against fraud networks, preventive cybersecurity audits, AI-based detection, and quick-response cyber commandos, the CCC is moving toward a model that aims to prevent breaches and frauds rather than only respond after damage has been done.