India’s Central Bureau of Investigation uncovered and disrupted a large-scale cyber fraud infrastructure, which it calls a “phishing SMS factory,” that sent lakhs of smishing messages daily across the country to trick citizens into fake digital arrests, loan scams, and investment frauds.
The infrastructure that was operated by a registered company, M/s Lord Mahavira Services India Pvt. Ltd., used an online platform to control approximately 21,000 SIM cards that were obtained by violating the Department of Telecommunications rules.
The organized cyber gang operating from Northern India provided bulk SMS services to cybercriminals including foreign operators targeting Indian citizens. The CBI arrested three individuals associated to the cyber gang as part of the broader Operation Chakra-V, which is focused on breaking the backbone of cybercrime infrastructure in India.
The investigation began when CBI studied the huge volume of fake SMS messages people receive daily that often lead to serious financial fraud. Working closely with the Department of Telecommunications and using information from various sources including the highly debated Sanchar Saathi portal, investigators identified the private company allegedly running the “phishing SMS factory.
Active System Seized
CBI conducted searches at several locations of North India including Delhi, Noida, and Chandigarh, where it discovered a completely active system used for sending phishing messages. The infrastructure included servers, communication devices, USB hubs, dongles, and thousands of SIM cards operating continuously to dispatch fraud messages.
The messages offered fake loans, investment opportunities, and other financial benefits aimed at stealing personal and banking details from innocent people. The scale of operations enabled lakhs of fraud messages to be distributed every day across India.
Telecom Channel Partner Involvement
Early findings of the investigations suggested an involvement of certain channel partners of telecom companies and their employees who helped illegally arrange SIM cards for the fraudulent operations. This insider facilitation allowed the gang to obtain the massive quantity of SIM cards despite telecommunications regulations designed to prevent such accumulation.
The 21,000 SIM cards were controlled through an online platform specifically designed to send bulk messages, the CBI said.
Digital Evidence and Cryptocurrency Seized
CBI also seized important digital evidence, unaccounted cash, and cryptocurrency during the operation. The seizures provide investigators with critical data to trace financial flows, identify additional conspirators, and understand the full scope of the fraud network’s operations.
The discovery that foreign cyber criminals were using this service to cheat Indian citizens highlights the transnational nature of the operation, with domestic infrastructure being leveraged by overseas fraudsters to target vulnerable Indians.
Operation Chakra-V Targets Infrastructure
The dismantling of this phishing SMS factory demonstrates CBI’s strategy under Operation Chakra-V to attack the technical backbone of organized cybercrime rather than merely arresting individual fraudsters. By disrupting the infrastructure enabling mass fraud communications, authorities aim to prevent thousands of potential victims from receiving deceptive messages.
As part of Operation Chakra-V crackdown, on Sunday, CBI also filed charges against 17 individuals including four likely Chinese nationals and 58 companies for their alleged involvement in a transnational cyber fraud network operating across multiple Indian states.
CBI said a single cybercrime syndicate was behind this extensive digital and financial infrastructure that has already defrauded thousands of Indians worth more than ₹1,000 crore. The operators used misleading loan apps, fake investment schemes, Ponzi and MLM models, fake part-time job offers, and fraudulent online gaming platforms for carrying out the cyber fraud.
Google advertisements, bulk SMS campaigns, SIM-box based messaging systems, cloud infrastructure, fintech platforms and multiple mule bank account were all part of the modus operandi of this cybercriminal network.
Earlier last week, the CBI had filed similar charges against 30 people including two Chinese nationals who ran shell companies and siphoned money from Indian investors through fake cryptocurrency mining platforms, loan apps, and fake online job offers during the COVID-19 lockdown period.
