Europol Busts €50M Online Fraud Network: Million Running

A significant international law enforcement operation has successfully dismantled a large-scale online fraud network, responsible for stealing over EUR 50 million from victims across Europe and beyond. This coordinated action, detailed in a recent report from Europol, targeted the sophisticated criminal enterprise. The network’s operations, which amassed more than EUR 50 million in illicit gains, impacted individuals globally.

Austrian and Albanian authorities, backed by Europol and Eurojust, carried out a coordinated action day on 17 April 2026 following a joint investigation that spanned more than two years.

The operation resulted in the arrest of ten individuals in Tirana, Albania, the search of three call centres and nine private homes, and the seizure of nearly EUR 900,000 in cash.

The criminal network operated several call centres out of Albania’s capital, Tirana, where up to 450 employees worked across organised departments.

The network was structured like a legitimate company, with clear divisions of labour including teams dedicated to customer acquisition, customer service, management, finance, IT, human resources, and back-office support.

Conversion agents handled the initial luring of victims, while retention agents posed as investment advisors to manage and manipulate their accounts over time.

Operators received a monthly salary of around EUR 800, plus progressive commissions for every successful fraud they carried out.

Europol identified the network’s use of corporate-style management as a key factor that enabled it to operate at scale while maintaining the appearance of a legitimate financial business.

Operators were organised into language-specific teams of six to eight members, covering German, English, Italian, Greek, and Spanish, allowing them to target victims across multiple countries in their native tongues.

This language-based approach gave fraudsters a direct line of trust with their victims and played a central role in sustaining the deception over long periods.

Victims first encountered the scheme through deceptive advertisements on social media or in web search results promoting fake investment platforms with the promise of high returns.

Once registered, victims were assigned retention agents who posed as personal investment advisors.

Over time, these agents used remote access software to take complete control of victims’ computers, while applying psychological pressure to push them into making more deposits. None of the money was ever invested.

The funds were routed through an international money-laundering operation and disappeared into the hands of the criminal network.

The investigation traces back to June 2023, when Austrian authorities in Vienna began receiving a high volume of fraud victim reports.

By April 2024, Austria used Europol as a bridge to contact Albanian law enforcement, sharing an IP address connected to the suspected criminals operating from Albanian territory.

Albania launched its own criminal probe shortly after, and Eurojust later coordinated the formation of a joint investigation team between the two countries, providing funding, interpretation services, and logistical support that made the April 2026 raids possible.

The raids led to the recovery of EUR 891,735 in cash, along with 443 computers, 238 mobile phones, 6 laptops, and multiple data carriers and storage devices.

Europol deployed experts to preserve large volumes of digital evidence, which will be shared with investigating authorities in other affected countries, including Italy, Germany, Greece, Spain, Canada, and the United Kingdom.

A Virtual Command Post was established to enable real-time data exchange between all participating teams.

A Second Layer of Fraud Targeting Past Victims

Perhaps the most calculated part of this scheme involved the network going back to previous victims and offering to help recover their lost funds.

Victims were told to open cryptocurrency accounts and deposit EUR 500 to start the supposed recovery process.

Operators used different usernames and pseudonyms to avoid recognition, running a second round of fraud on the same people they had already stolen from.

Individuals are advised to verify any online investment platform through an official financial regulator before committing any funds.

Unsolicited recovery offers from unknown parties claiming to retrieve lost investments should be reported directly to national law enforcement or a cybercrime reporting authority without delay.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.