“Beta, I haven’t logged into my account for weeks… but my shares are gone.”
That’s what the 63-year-old woman told her son, confused and worried.
A retired schoolteacher, she had put aside her life’s savings in the stock market, all managed by a trusted name: Motilal Oswal.
For someone who barely checked her portfolio more than once a month, waking up to a drained Demat account was nothing short of a nightmare.
This wasn’t a case of phishing or some fake Telegram group. This was something worse, a betrayal from someone inside the very institution she trusted with her life savings.
The scam was quiet, calculated, and came from someone no one suspected, a Motilal Oswal employee, working from their Chennai branch.
Not a fraudster from some shady call center. Not a fake app. This time, the threat came from within.
A Dormant Account and a Criminal Opportunity
The woman’s Demat account had been dormant since July 2023 due to minimal activity. Like many senior citizens, she wasn’t chasing daily trades or fancy derivatives.
Her portfolio had been built over the years, brick by brick, with the idea of long-term safety.
But dormant accounts, as it turns out, are exactly the kind of soft targets scamsters love.
Sometime in August 2024, a Motilal Oswal employee named Gaurang Mandalia allegedly accessed her dormant account and reactivated it using forged documents.
As per the police complaint, he forged her signature to update KYC details, allowing himself to operate the account freely without raising any suspicion.
From that moment, the gates were open.
Between August 2024 and January 2025, Mandalia allegedly began selling shares from her portfolio, discreetly, steadily.
No dramatic moves. No large dumps. Just quiet siphoning.
Every time a sale happened, the money didn’t go to the woman’s registered bank account. It went into Mandalia’s personal bank account.
Total damage? ₹1.58 crore worth of shares, gone.
“She Wouldn’t Even Know How to Update Her Details…”
Her son later told investigators, “My mother doesn’t even know how to open her Motilal Oswal app. She’s never submitted any updated KYC forms. She doesn’t do online trading. So how on earth were her details changed?”
That’s the bone-chilling part.
This wasn’t a clever phishing link or a password leak. This was someone inside the system, with full access, faking documents, altering data, and conducting trades as if he owned the account.
It wasn’t just theft. It was a complete hijack of identity and control.
How Did It Go Undetected for Five Months?
That’s the question burning on every investor’s mind.
How did ₹1.58 crore worth of trades go unnoticed in a dormant account?
Where were the alerts? The red flags? The internal checks?
It appears that Mandalia may have been smart about timing and quantities, selling just enough to avoid suspicion and spacing out trades.
He knew how the system worked. And he used it with surgical precision.
By January 2025, when the family finally pieced together what had happened, it was too late.
The shares were gone. The money was withdrawn. The damage done.
The Fallout and The Case
Motilal Oswal has reportedly taken action and filed a complaint.
Mandalia has been booked under IPC sections related to forgery, criminal breach of trust, identity theft, and cheating. The case is now under police investigation.
The company, for its part, says it’s cooperating fully and conducting an internal audit. But for the victim, those words don’t mean much anymore.
“She asks me every other day if the shares will come back,” her son says.
“I don’t have the heart to tell her the truth—that they’re gone.”
A Stark Reminder: No System Is Foolproof
We often assume that because our accounts are with well-known firms, they’re safe by default.
But this case shows just how vulnerable even dormant accounts can be, especially when the threat is from someone inside the system.
This scam wasn’t sophisticated in tech. It didn’t need AI, hacking, or deepfake voices. All it needed was a trusted employee, a printer, and a signature.
Final Thoughts
This story isn’t just about one victim or one rogue employee. It’s about a hole in the system, one that any unscrupulous insider can exploit if the controls are weak and audits are lazy.
So if you’ve got accounts you don’t check often, check them.
If your parents or grandparents have portfolios lying untouched, review them.
And if anything feels even slightly off, act fast.
Because by the time you receive that one letter, or statement, or alert…it might already be too late.
