In an anti-cybercrime operation conducted over 48 hours across 21 states and union territories, the Delhi police detained more than 7,000 suspects and arrested 916 people. Codenamed CyHawk 5.0, the operation targeted mule account handlers, malware distributors and fraudulent call centres, officials said.
Delhi Police called it their largest and most coordinated offensive against cyber fraud networks to date. In all, 715 raiding teams comprising 2,374 personnel were deployed.
The complaints linked to these cases involved fraud amounting to approximately Rs 700 crore.
According to the police, 7,189 people were either rounded up in simultaneous raids, while 691 others were bound down. Legal action was initiated against 4,290 individuals. The operation led to the registration of 481 fresh cases and the detection of 410 previously registered cybercrime cases.
The operation, conducted between June 16 and 18, involved all district police units in Delhi, as well as the Crime Branch, Railways, Metro and the Intelligence Fusion and Strategic Operations (IFSO) unit.
Mule accounts
The raids focused on dismantling two pillars of cybercrime — mule account networks and malicious APK distributors. Police said mule accounts continued to serve as the financial backbone of cyber fraud, with fraudsters luring individuals through fake work-from-home offers and commission-based schemes to open bank accounts and hand over access.
More than 3,600 people linked to mule account operations were rounded up, and over 2,300 cyber complaints were found connected to such accounts. The operation also targeted distributors of malicious mobile applications, which are increasingly being used to silently intercept OTPs and facilitate financial fraud.
“These apps are often disguised as utility applications such as bill payment or vehicle registration apps and are circulated by fraudsters impersonating bank officials or service providers,” an officer said.
Fraud call centres operating under the guise of legitimate businesses offering jobs, modelling assignments, insurance and astrology services were also busted, along with international tech support scam centres targeting foreign nationals.
During the operation, the police seized 760 mobile phones, 820 SIM cards, 228 ATM cards, 247 passbooks, 104 laptops and computers, 323 identity cards, and Rs 21.72 lakh in cash. A luxury SUV and 11 Point-of-Sale machines were also recovered. Two Nigerian nationals accused of involvement in cyber fraud operations were identified and have been deported, according to the police.
A malware trail
Recent cases illustrate the sophistication of such operations.
Last week, Naresh Gujral, a former Rajya Sabha MP and the son of the late Prime Minister Inder Kumar Gujral, lost Rs 7.8 crore to a sophisticated cyber fraud. Scammers impersonated him on a messaging platform and manipulated an employee’s phone records to siphon off the funds.
The Delhi Police has so far managed to freeze Rs 4 crore of the stolen amount in the case. The fraud unfolded between June 12 and 16, when, according to the police, cybercriminals created a fake account on a messaging platform using Gujral’s display picture to pose as him.
Investigators discovered that the fraudsters initially sent a malicious file to one of Gujral’s employees, compromising his mobile phone. Once they had access to the device, the accused tampered with the contact details stored within it. The scammers then replaced Gujral’s phone number in the employee’s contact list with their own number while retaining his profile picture. This meant that all incoming messages from the fake number appeared to be sent by the former MP himself.
Joint Commissioner of Police (IFSO) Rajneesh Gupta said cyber fraud cases exceeding Rs 50 lakh fall under his department’s jurisdiction, cases involving amounts between Rs 25 lakh and Rs 50 lakh are handled by the Crime Branch, while cases below Rs 25 lakh are addressed at the 15 Cyber Police Stations established across all districts.
Four key details
Gupta said victims should gather four key details before filing a complaint: their bank account number from which the money was debited, the Unique Transaction Reference (UTR) number, the exact amount transferred, and the date and time of each transaction. He added that victims did not have to mention suspect accounts or chat records when reporting fraud. Instead, they should provide their own bank details, the UTR number (12 digits for UPI, 16 for RTGS, 22 for NEFT), along with the amount, date and time of each transaction.
For credit card cases, the registered mobile number should also be provided. Multiple transactions should be listed individually in chronological order.
Complaints could be registered either through the 24/7 helpline (1930) or by visiting one of the 15 Cyber Police Stations. Regular police stations could also register such complaints as all are linked to the 1930 portal.
Complaints via the 1930 helpline generate a 14-digit Series 3 acknowledgement number starting with ‘3’, while reports on the National Cybercrime Reporting Portal were logged as Series 2. Series 2 complaints are immediately visible to police in real time on the 1930 portal. After verification, these are forwarded to banks for lien marking on the defrauded amount. Series 3 complaints, on the other hand, are automatically sent to banks.
“As they are entered by a police official, they carry a legal mandate, allowing banks to act immediately,” Gupta said.
A 67% increase
According to data presented by the Ministry of Finance in the Rajya Sabha, digital financial frauds across India amounted to Rs 4,245 crore across 24 lakh incidents during the first 10 months (April–January) of 2024–25. This was 67% higher than the Rs 2,537 crore recorded across 20 lakh cases in 2022–23.
In 2023–24, frauds totalled Rs 4,403 crore across 28 lakh incidents.
Also Read: Hydroponic marijuana a growing concern for Delhi Police
Delhi registered at least 376 high-value cybercrime cases in 2025, each involving losses of more than Rs 50 lakh. Investigators have highlighted the growing scale and sophistication of financial fraud targeting residents in the capital.
Investment scams top the list
The cases, handled by the IFSO unit, largely involved investment fraud, “digital arrest” scams, and impersonation rackets. Victims were often psychologically coerced into transferring large sums of money within hours.
Investment fraud formed the bulk of these high-value cases, with 230 reports registered. There were 57 “digital arrest” scams — these are scams where fraudsters pose as law enforcement or government officials and threaten victims with arrest. Other financial frauds comprised 29 cases, while impersonation and non-financial cyber offences accounted for 10 and 11 cases, respectively.
While the overall cybercrime figures were not disclosed, investigators said UPI-linked scams accounted for roughly 40–45% of total complaints in Delhi. This was followed by investment fraud at 30–35%, digital arrest scams at 10–15%, and internet banking fraud at 10–15%. Job frauds, impersonation, and social media scams made up the remainder.
