In two days last week, Indian police rounded up more than 8,300 people linked to cybercrime. By the time investigators finished processing them, 1,429 had been arrested. This is what they found.

Operation CyHawk 4.0 β€” the fourth iteration of Delhi Police’s coordinated national cybercrime enforcement campaign β€” ran on April 6 and 7, 2026, executing simultaneous operations across 20 Indian states. It is the largest single coordinated cyber fraud crackdown in Indian law enforcement history.

The numbers:

  • 8,371 individuals rounded up for questioning and verification
  • 1,429 arrested or bound over after investigators established financial or technical links to fraud
  • 499 FIRs (First Information Reports) registered against identified fraudsters
  • β‚Ή519 crore ($62 million USD) in defrauded money traced to bank accounts linked to organized criminal networks

Why This Operation Is Different

India has run cybercrime enforcement actions before. What makes CyHawk 4.0 significant is the focus on financial architecture rather than individual scammers.

Previous operations often arrested the people actually making the calls or sending the messages β€” the most visible, and often most replaceable, layer of the criminal organization. CyHawk 4.0 targeted the money:

  • Mule bank accounts β€” accounts opened by recruited individuals and handed over to criminal networks to receive and route scam proceeds
  • Cash withdrawal agents β€” people who physically extract cash from ATMs and banks to remove it from traceable digital channels
  • Account brokers β€” operators who recruit, organize, and sell access to networks of mule accounts
  • Call centre operators β€” facilities running organized scam operations using scripts, technology, and recruited workers

By mapping the financial flows β€” tracing where victim money actually goes after it’s stolen β€” investigators built a picture of the organized networks behind apparently independent scams.

The Scam Types Behind β‚Ή519 Crore in Losses

CyHawk 4.0’s intelligence revealed the fraud typologies most responsible for losses traced in the operation:

Digital Arrest Scams The fastest-growing scam category in India. Criminals impersonate CBI, ED, customs, or police officials β€” increasingly using deepfake video and AI voice cloning β€” to create fake law enforcement contacts. Victims are told they’re under investigation for serious crimes and held in extended video call β€œdetentions” until they pay fabricated fines or bail.

Fake Job and Investment Fraud Victims are recruited through social media or messaging apps with offers of lucrative remote work or investment opportunities. Initial β€œearnings” may actually be paid out to build trust β€” before a larger deposit is requested, lost, and unrecoverable.

Telemarketing and Customer Care Impersonation Operators impersonate bank representatives, insurance companies, telecom providers, or government services. Victims are told their account has been compromised, their policy is expiring, or their SIM card is being deactivated β€” then walked through steps that result in credential theft or direct fund transfers.

KYC Update Scams A specifically Indian variant: victims receive calls claiming their bank KYC (Know Your Customer) documentation is expired and must be updated immediately to avoid account suspension. The β€œupdate” process extracts account credentials, OTPs, and in some cases, remote access to devices.

Online Trading Fraud Fake cryptocurrency and stock trading platforms promise high returns. Victims see β€œprofits” accumulating in their accounts β€” but when they try to withdraw, they’re told to pay taxes, fees, or verification charges. The platform ultimately disappears with all deposited funds.

The Mule Account Problem

One of CyHawk 4.0’s most important findings is the scale of the mule account ecosystem that enables cyber fraud in India.

Mule accounts are ordinary bank accounts β€” opened by real people using legitimate identification β€” that are then handed over to criminal networks for a fee. The criminal deposits stolen money into these accounts, extracts it quickly via ATM withdrawals or transfers, and moves on. The account holder is left holding potential criminal liability.

People recruited as mule account providers are often:

  • Young people offered cash payments to β€œrent” their accounts
  • Small business owners convinced to allow β€œbusiness transactions” through their accounts
  • Students promised easy income for minimal effort

What they frequently don’t understand is that their accounts are being used to handle stolen funds β€” making them potential accomplices to fraud, subject to account freezing and criminal charges.

The scale uncovered by CyHawk 4.0 β€” hundreds of mule accounts traced across 20 states β€” illustrates how extensive this recruitment network has become. The criminals running the operations are rarely the ones whose names appear on the accounts.

The Technology Behind the Operations

What distinguishes organized cybercrime from individual scammers is technological sophistication. CyHawk 4.0 found operations running:

VoIP spoofing infrastructure β€” Systems that make outgoing calls appear to come from legitimate bank, government, or police phone numbers, defeating caller ID verification.

Bulk messaging platforms β€” Tools that send millions of targeted SMS or WhatsApp messages simultaneously, personalizing the apparent sender and content based on victim data profiles.

Script libraries and training β€” Written scripts tailored to specific scam types, with handling instructions for common victim objections and escalation procedures for when victims try to hang up.

Deepfake and AI voice toolkits β€” Particularly for digital arrest scams, operations were found using AI tools to generate convincing government official personas for video calls.

Multi-layer money movement systems β€” Structured networks of mule accounts, cash withdrawal agents, and cryptocurrency conversion points designed to move stolen funds beyond traceable reach within hours of a successful fraud.

What This Means for India’s Cyber Fraud Epidemic

India’s cybercrime problem is structural. The country has:

  • A massive population of digitally connected but cyber-awareness-limited potential victims
  • A large supply of economically vulnerable people who can be recruited as mule account holders or call centre workers
  • Geographic clusters β€” parts of Jharkhand, Rajasthan, and other states β€” where cybercrime has become a significant local economic activity
  • Rapid smartphone and UPI (Unified Payments Interface) adoption that has expanded the attack surface dramatically

CyHawk 4.0 is a significant enforcement action. But investigators and analysts are clear-eyed: arrests alone don’t dismantle the ecosystem. As long as the underlying economic incentives exist β€” for the criminal organizers, for the mule account providers, for the call centre workers β€” new operators will fill the space left by arrested ones.

The longer-term solutions are a combination of sustained enforcement (making the business riskier), financial system interventions (making mule account detection faster), public awareness (reducing victim susceptibility), and international cooperation (since many of the criminal organizers operate from outside India).

Protection for International Victims

While CyHawk 4.0 focused on India, many of the scam types it targeted have global reach. Investment fraud operations, digital arrest scams, and fake job fraud target victims worldwide β€” including in the United States, UK, Canada, and Australia.

If you’ve been contacted by someone:

  • Claiming to be law enforcement demanding payment to avoid arrest
  • Offering high-return investments through an app or platform you discovered through social media
  • Asking you to update your banking KYC by clicking a link or calling a number
  • Recruiting you for remote β€œtask-based” work that involves sending money or using your bank account

Stop all contact immediately. These are active scam operations. Report to ic3.gov (US), actionfraud.police.uk (UK), or your country’s cyber crime reporting authority.

Operation CyHawk 4.0 shows that global law enforcement is getting better at mapping these networks. But the most effective protection remains the same: know what the scams look like before they reach you.