The Enforcement Directorate (ED) has uncovered a sprawling cybercrime syndicate with international links that used social media to defraud Indian citizens of Rs 159 crores.
On October 10, the financial probe agency filed a prosecution complaint with the Special Court (PMLA) in Bengaluru against eight arrested individuals and 24 shell companies linked to the operation. The court took cognisance of the prosecution complaint on October 29, 2024.
Investigation have revealed that key members of the syndicate based in Hong Kong and Thailand played a crucial role in orchestrating and facilitating the cyber fraud activities, coordinating the setting up of shell companies in India and assisted in laundering the proceeds through complex cross-border transactions. The ED finding revealed that the funds generated from these cybercriminals activities were layered through multiple accounts and subsequently converted into cryptocurrency, exploiting its anonymity to obscure their origins and facilitate transfers abroad.
This cyber syndicate network exploited social media platforms like Facebook, Instagram, WhatsApp, and Telegram, ensnaring victims with promises of high returns on fake stock market investments and Initial Public Offerings (IPOs). Furthermore, some victims were manipulated under the guise of a fake arrest by Customs and the CBI, ultimately making them transfer huge funds to various shell companies under a fake “fund regularization process”.
According to the ED's prosecution complaint (PC), the investigation revealed a sophisticated cyber fraud operation that relied on fake advertisements and fabricated success stories to convince victims they were investing in legitimate financial opportunities. Known as “pig-butchering” scams, these frauds encouraged victims to invest in non-existent stock market schemes, lured by promises of substantial returns.
Scammers increasingly employed sophisticated tactics to deceive individuals via social media. Once a victim showed interest, they were added to WhatsApp or Telegram groups filled with fake members who shared fabricated success stories to create an illusion of legitimacy. They allegedly used names that mimicked established financial institutions such as ICICI Securities, GFSL Securities, SMG Global Securities, Blackrock Capital, JP Morgan to further enhance their credibility.
As per ED's prosecution complaint (PC), as trust grew, victims were instructed to download fraudulent investment apps, usually shared via direct messages. These apps mimicked legitimate platforms, showcasing well-known stocks and fake IPOs. Initial interactions might yield fake returns displayed on the app, encouraging victims to invest large sums. However, when victims attempted to withdraw their funds, they encountered demands for fictitious taxes or brokerage fees, part of a ploy to extract even more money. Eventually, scammers severed all communication, leaving victims stranded and unable to recover their investments.
According to the ED's PC, in addition to investment scams, the network employed the “digital arrest” tactic, where scammers impersonated Customs or CBI officials, using intimidation to coerce victims into paying large sums. These impostors threatened victims with fabricated arrest scenarios, claiming prosecution unless they paid to “regularize” their funds. This manipulation forced individuals to surrender their savings out of fear of legal repercussions.
The ED’s investigation uncovered a sophisticated scheme where fraudsters used hundreds of illegally obtained SIM cards to defraud victims and launder illicit funds. These SIMs, often linked to shell company bank accounts or used to create WhatsApp accounts, allowed scammers to maintain anonymity and evade immediate detection. Fraudsters sourced SIM cards from contacts across India through Telegram groups, activating them before shipping abroad to support their cyber fraud operations.
The ED’s prosecution complaint revealed that the fraudsters had incorporated 24 shell companies across India, particularly in Tamil Nadu and Karnataka, to handle and layer proceeds from these scams. Registered primarily in coworking spaces with no genuine business activity, these companies served as fronts for laundering illicit funds. Fake bank statements and fabricated documents were submitted in company filings, creating an elaborate façade of legitimacy. Some directors involved were unaware of their roles, effectively serving as figureheads for the cyber syndicate. The proceeds of crime were routed through mule accounts and converted into cryptocurrency for transfer abroad, making them difficult to trace.
The PC reveals that the investigation uncovered links to individuals outside India who coordinated with Indian operatives to establish shell companies, appoint dummy directors, and open bank accounts with fraudulent documents shared over WhatsApp. Among the arrested, Charan Raj C, now in judicial custody, was a primary recruiter, securing directorships and bank accounts essential to the syndicate's operations. Shashi Kumar M was instrumental in setting up shell companies to route illicit funds, while Sachin M managed multiple shell entities and recruited dummy directors using fake credentials.
Mohammad Azharuddin Appears Before Enforcement Directorate In Connection With Money Laundering Case
Funds were moved from victims' accounts through various intermediary accounts, including rented mule accounts, to layer the proceeds of crime. This involved numerous transactions between accounts to obscure the original source of the funds. Small transaction amounts (under Rs 5 lakhs) were used to avoid triggering alerts for suspicious activity. Most of the illicit funds were converted into cryptocurrency, a deliberate strategy to further obscure the origins of the money and facilitate its transfer out of India.
ED officials conducted 17 searches under the Prevention of Money Laundering Act (PMLA), 2002, across various locations, seizing mobile phones, cheque books, company stamps, debit cards, and other digital evidence. During searches in September 2024 at Charan Raj C’s Bangalore residence, ED officials seized numerous documents and items linked to the cyber fraud operation, including company stamps, bank documents, handwritten notes, identification documents, and mobile phones, which provided crucial evidence. Incriminating WhatsApp conversations revealed the coordination of banking transactions to launder money through these shell companies.
Enforcement Directorate Leads India’s Inclusion In Key Asia-Pacific Asset Recovery Initiative, Strengthening Global Financial Crime Combat
The eight accused, including Charan Raj C, Kiran S K, Shashi Kumar M, and Sachin M, are currently in judicial custody. In a decisive move, the ED froze RS 2.81 crore in accounts belonging to Cyber forest Technology Private Limited, a key entity in the cyber fraud syndicate.
Further investigations are ongoing as the ED continues to examine the complex web of transactions and uncover additional international links to the broader syndicate.