A bank account can look ordinary until stolen money lands in it. That is the machinery behind a mule account. Cyber gangs use accounts belonging to students, job seekers, workers, shell firms and sometimes willing accomplices to receive fraud proceeds, move them quickly and break the trail before investigators can freeze the funds.
The issue is trending after a 13 July 2026 report said ₹21.05 crore stolen in an online trading scam was routed through 20,507 mule accounts and 12 transaction layers. Days earlier, the Financial Intelligence Unit–India disclosed a separate network involving about ₹868 crore, more than 5,000 mule accounts, and cross-border cryptocurrency transfers. These cases show why one scam may touch thousands of accounts despite beginning with one victim.
What Is a Mule Account and How Does It Work?
A mule account is a bank account used to receive, transfer, or withdraw money obtained through fraud. The holder may knowingly rent or sell access, or may be tricked through a fake job, loan, scholarship, gaming, or investment offer. Scammers may request the account number, UPI ID, ATM card, SIM, net-banking credentials, or a newly opened current account.
The Reserve Bank of India has warned that money mules may be recruited through emails, job advertisements, social networks, instant messages, and newspaper advertisements. Once money arrives, the mule transfers it onward after keeping a commission. The account can be frozen, and the holder may face questioning, financial loss, and legal action.
A typical movement may look like this:
- A victim sends money to the first beneficiary account.
- The amount is split across several Layer 1 mule accounts.
- Smaller transfers move through additional accounts, wallets or shell companies.
- Overseas wallet top-ups, cash withdrawals or cryptocurrency conversions blur the trail.
- Operators abandon the accounts and recruit replacements.
Why Do Cyber Scammers Need Thousands of Bank Accounts?
Speed and confusion are the main reasons. A fraudster who keeps ₹50 lakh in one account creates an obvious target. Splitting it into hundreds of transfers makes every branch of the trail slower to examine. Each additional account introduces another bank, holder, district and police jurisdiction.
This process is called layering. Funds may move from savings accounts to current accounts, payment wallets, merchant accounts, shell companies and crypto platforms within hours. Some accounts receive money from several victims, while others exist only to pass it onward. The final controller may never directly touch the victim’s transfer.
The latest Madhya Pradesh case illustrates the scale. Investigators reportedly traced 76 accounts in the first layer, 493 in the second, 12,720 in the third and 7,218 in the fourth. Separately, I4C stated that 27.37 lakh Layer 1 mule accounts had been shared with participating entities of its Suspect Registry by 31 January 2026, while transactions worth more than ₹9,518 crore had been declined.
Which Recent Mule Account Cases Are Driving Attention?
The July 2026 FIU-IND case is a striking recent example. Financial analysis uncovered approximately ₹868 crore in suspected cyber-fraud proceeds, over 5,000 mule accounts and cryptocurrency transactions across several jurisdictions. Enforcement action included searches, cash and USDT seizures, asset attachments and prosecution complaints.
CBI investigations have exposed similar routes. In March 2026, the agency described fraud proceeds moving through multiple mule accounts, offshore ATM withdrawals, overseas fintech wallets and cryptocurrency. It said one suspected branch had moved about ₹900 crore during the previous year. In April, the CBI arrested three people, including an assistant bank manager, in a digital-arrest case where money was allegedly routed through a fraudulently opened company account and layered further.
The government is also turning to automated detection. On 12 May 2026, I4C and the Reserve Bank Innovation Hub signed an agreement to share suspect identifiers and strengthen AI-led tools such as MuleHunter.ai. An official X post by Union Home Minister Amit Shah described mule accounts as a major hurdle in curbing cybercrime.
How Can People Avoid Becoming a Money Mule and Report Fraud?
Never rent, lend or sell a bank account, SIM, ATM card, cheque book, UPI ID or company documents. A person offering commission for “payment processing” is not providing harmless work. Refuse requests to receive money and forward it elsewhere, even when the sender claims to represent an overseas employer, trading company or gaming operator.
Check suspicious bank accounts, UPI IDs, phone numbers and social profiles through I4C’s Suspect Repository before sending money. When fraud occurs, call 1930 immediately, inform the bank, and file a complaint on the National Cyber Crime Reporting Portal. Fast reporting can help banks place a hold before the money travels through more layers.
Frequently Asked Questions
Is a mule account always opened with fake documents?
No. Genuine accounts are often rented, sold, controlled or misused after deceptive recruitment by cybercriminals.
Can an innocent account holder face investigation?
Yes. Police may question the holder, while banks may freeze linked accounts during an investigation.
Why do scammers pay commission for bank accounts?
They create distance from stolen funds and shift legal risk directly towards the account holder.
Can UPI IDs and wallets act as mule channels?
Yes. Fraud proceeds may pass through UPI, wallets, merchant accounts, shell companies and cryptocurrency platforms.
What should someone do after sharing account access?
Contact the bank, block access, preserve messages and report the incident immediately through helpline 1930.


