A Jamtara connection, hacking diploma, DJB warning: How 3 youngsters sold people’s personal and banking data in Delhi

The syndicate came under police scrutiny after a victim lodged a complaint at the Cyber Police Station, West District, reporting a loss of Rs 2 lakh after receiving a fraudulent WhatsApp message threatening to disconnect his DJB connection.

Tracking money trail and technical leads

According to the police, the victim received a message warning about water supply disconnection, and was prompted to download a malicious APK file named “दिल्ली जल बोर्ड V4.apk.”

“Once the victim installed the application and entered his banking credentials, Rs 2 lakh was siphoned off through a DriveTrack Plus Card of Hindustan Petroleum,” said Darade Sharad Bhaskar, Deputy Commissioner of Police, West District.

The police constituted a special team under Inspector Vikas Buldak, Station House Officer, Cyber West. Technical analysis revealed the fraudsters operated from Jamtara, Jharkhand, using compromised WhatsApp accounts to impersonate officials from DJB, banks, and BSES.

During their investigation, the police traced the stolen funds to a DriveTrack Plus Card created through Infibeam Payment Gateway, which was subsequently used at petrol pumps in Nuh, Haryana.

“The money trail and technical leads pointed to a larger operation. We discovered that the main accused was running a Telegram bot called ‘Baba Kismatwale’ since 2024, selling personal and banking data of citizens to cyber criminals across India,” DCP Bhaskar said.

BTech graduate, school dropout, minor

The kingpin was identified as Niwash Kumar Mandal, a 28-year-old BTech graduate in Computer Science with a Certified Ethical Hacker (CEH) diploma. Mandal allegedly used his skills to build a criminal enterprise that supplied critical data to fraudsters operating in West Bengal, Jharkhand, Uttar Pradesh, and Rajasthan.

On October 30, Mandal was arrested in Narayanpur in North 24 Parganas, West Bengal, though his permanent address is in Jhiluwa village, Jamtara district. The police recovered nine mobile phones, Rs 47,800 in cash, five ATM and credit cards, three cheque books, one Apple MacBook, and one Apple iPad from his possession.

“Mandal was previously involved in four cybercrime cases, including two in Delhi. His technical knowledge allowed him to create sophisticated systems for data theft and distribution,” a senior officer said.

Subsequently, a raid was conducted in Mohanpur village, Jamtara, leading to the arrest of Pradhumn Kumar Mandal, 24, an absconding accused, a school dropout who was previously involved in three cybercrime cases registered in Kolkata, Lucknow, and Delhi.

The police also apprehended the minor from Jamtara, who allegedly played a crucial role in the operation by calling victims and convincing them to install fraudulent applications while impersonating DJB and bank officials.

According to the Delhi Police, the syndicate operated through a well-defined structure in which Mandal’s Telegram channel served as a data marketplace for cybercriminals. The fraudsters would obtain personal and banking information through this channel, then execute targeted attacks by impersonating legitimate organisations.

“The accused specialised in sending malicious APK files disguised as official applications. These files, once installed, gave fraudsters complete access to victims’ banking credentials and OTPs,” the investigating officer said.

The stolen funds were systematically laundered through prepaid fuel cards, making conventional banking trails difficult to trace. The use of DriveTrack Plus Cards allowed the criminals to convert digital theft into liquid assets at petrol pumps across states.