Three men posing as stock market gurus from a Netflix-inspired crime syndicate were arrested in Delhi on November 6, 2025, for running a ₹150 crore online investment scam that fooled over 300 victims across India. The trio—Arpit Mishra, a 25-year-old advocate from Jaipur, Prabhat Vajpayee, a 22-year-old tech operator, and Mohammad Abas Khan, a 24-year-old field agent from Manipur—used fake WhatsApp groups, luxury hotel hideouts, and stolen identities to mimic the tactics of the popular series Money Heist. What began as a single complaint from a Delhi resident, Rohit, who lost ₹22 lakh after being lured by fake trading profits, snowballed into one of the most audacious digital frauds ever uncovered in North India.
How the 'Money Heist' Scam Worked
The gang didn’t just copy the show’s aesthetic—they replicated its structure. Arpit Mishra, dubbed 'Professor' by his team, was the mastermind who designed the scam’s flow. Prabhat Vajpayee, alias 'Amanda', built and maintained five fake trading platforms that showed fake gains in real time. Mohammad Abas Khan, 'Freddy', managed over 150 bank accounts opened under stolen IDs, moving money through layered transfers to avoid detection. Victims were recruited via Instagram and Facebook ads promising 30-50% monthly returns on "guaranteed" stock trades. Once they deposited money—often ₹5 lakh or more—their accounts showed rising balances. But when they tried to withdraw, the platforms froze. Calls went unanswered. WhatsApp groups vanished overnight.
Here’s the twist: the gang didn’t just operate from backrooms. They checked into five-star hotels in Noida, Lucknow, and Siliguri, using high-speed Wi-Fi and burner phones to coordinate. "They wanted to look legitimate," said Deputy Commissioner of Police (Northeast) Ashish Mishra. "Staying in luxury hotels gave them credibility. They’d even wear suits when meeting victims in person under false pretenses. It wasn’t just fraud—it was performance art."
Trail of Digital Clues and Raids
The investigation began on October 15, 2025, after Rohit reported his loss. Delhi Police’s Cyber Crime Division traced digital footprints through bank records, IP logs, and call metadata. They found that all fake trading platforms were hosted on servers routed through Malaysia and Singapore, then bounced back to Indian SIM cards purchased under fake Aadhaar documents. By November 4, officers had pinpointed the gang’s last known location: a luxury apartment in Siliguri, West Bengal.
Raids on November 5 and 6 yielded 14 mobile phones, 20 SIM cards, 12 bank passbooks, 32 debit cards, and hundreds of screenshots of fake trading dashboards. WhatsApp chats showed the trio referring to victims as "marks," and internal messages revealed they paid ₹25,000 per month to each associate who helped open bank accounts. "They treated this like a corporate job," said Inspector Rahul Kumar of the Cyber Crime Division. "One guy even sent a birthday message to another member: 'Happy Birthday, Amanda. Hope the 12th transfer clears today.'"
Connections to Broader Cybercrime Networks
Police are now probing whether this syndicate is linked to a separate ₹23 crore digital arrest scam—where victims were falsely told they’d been arrested for money laundering and had to pay to clear their names. Forensic analysts found overlapping bank account numbers and identical phishing templates. "The same code was used in both scams," said a senior cyber investigator, speaking anonymously. "And there are signs of Chinese-speaking intermediaries handling server logistics. We’re not sure if they’re partners or just vendors."
Reports from India Today, The New Indian Express, and NDTV confirm the gang’s reach: over 300 victims from Delhi, Mumbai, Bengaluru, Kolkata, and even Guwahati. The Economic Times noted that Arpit Mishra was tracked down after his laptop’s GPS pinged near a Starbucks in Siliguri. ABP Live revealed that the gang used encrypted apps like Telegram and Signal for internal coordination, deleting messages every 12 hours. "They knew the rules," added Inspector Kumar. "They just thought they were smarter than the police."
Why This Scam Is Different
Most investment frauds rely on cold calls or mass emails. This one used social proof. Victims were invited to "exclusive" WhatsApp groups named 'Secure the Game' and 'Pintoss'—names chosen for their cryptic, cool vibe. Inside, they saw screenshots of others withdrawing money. They watched live trading sessions—pre-recorded, of course. Some victims even received gifts: a ₹5,000 Amazon voucher after their first deposit. "It wasn’t just greed," said Dr. Meena Sharma, a behavioral psychologist at Delhi University. "It was the thrill of being in the inner circle. The gang made people feel like they were part of something elite."
And the money? Over ₹150 crore vanished into shell companies, crypto wallets, and cash withdrawals across seven states. Only ₹18.7 crore has been traced so far. Authorities have frozen 47 bank accounts and seized luxury watches, designer clothing, and two high-end cars bought with scam funds.
What’s Next?
Delhi Police have issued lookout notices for five more suspects, including a woman believed to be the group’s financial analyst. They’re also working with Interpol and the National Cyber Crime Reporting Portal to identify victims outside India. The Central Bureau of Investigation has taken over the financial trail, and a special task force has been formed to monitor similar scams emerging in Assam and Odisha.
"This isn’t over," said DCP Ashish Mishra. "We’ve caught the actors. Now we’re hunting the writers."
Frequently Asked Questions
How did the scam victims get tricked into believing the fake trading platforms?
Victims were lured through Instagram and Facebook ads promising 30-50% monthly returns. Once they joined WhatsApp groups like 'Secure the Game,' they saw real-time screenshots of others withdrawing profits. The fraudsters used pre-recorded trading sessions and paid actors to post fake withdrawal confirmations. Small, early payouts—often ₹5,000 to ₹20,000—built trust before victims invested lakhs. By the time they tried to cash out, the platforms froze or vanished.
What role did luxury hotels play in the scam?
The gang used five-star hotels in Noida, Siliguri, and Lucknow to avoid suspicion. Staying in upscale locations gave them credibility when meeting victims in person under fake business titles. They used hotel Wi-Fi for encrypted communications and rented rooms for extended periods to avoid frequent address changes. Police found receipts showing they spent over ₹4.2 lakh on hotel stays in just six months.
Are there links to international cybercriminal networks?
Yes. Forensic analysis shows server infrastructure was routed through Malaysia and Singapore, with code similarities to a Chinese cybercrime group linked to a ₹23 crore digital arrest scam. Investigators found encrypted messages referencing Chinese-speaking operators handling server maintenance. While no direct membership has been proven, authorities believe the gang outsourced technical infrastructure to foreign actors, possibly through dark web marketplaces.
How many people were affected, and where are they from?
Delhi Police have confirmed over 300 victims across India, with the highest numbers in Delhi (87), Mumbai (62), Bengaluru (49), Kolkata (38), and Guwahati (21). Victims ranged from college students to small business owners. The average loss was ₹4.8 lakh, with the largest single loss recorded at ₹1.2 crore. Many victims didn’t realize they’d been scammed until their bank statements showed withdrawals they didn’t authorize.
What happened to the money they stole?
Of the ₹150 crore stolen, ₹18.7 crore has been traced and frozen in 47 bank accounts. The rest was moved through crypto wallets, shell companies in Gujarat and Telangana, and cash withdrawals at ATMs in small towns. Police recovered luxury watches, designer clothing, and two cars bought with scam funds. Investigators believe some funds were laundered through hawala networks and may have been sent overseas.
Can victims get their money back?
Recovery is possible but complicated. Authorities have started a victim verification portal where individuals can submit proof of loss. Only those with bank transaction records and WhatsApp chat logs will be eligible for compensation. The process will take months, and full recovery is unlikely—only about 12-15% of stolen funds are typically recovered in large-scale cyber fraud cases in India. Victims are advised to report to the National Cyber Crime Reporting Portal immediately.
Write a comment