Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
FCC Bans Chinese Telecom Equipment From Huawei, ZTE, Others Over Security Risks
July 2, 2026
Critical JetBrains Flaws Allow Auth Bypass, Code Execution
July 2, 2026
Critical Microsoft Defender, Sysmon Flaw Lets Attackers Disable Security
July 2, 2026
Home/Threats/Europol dismantles €50M online fraud network using scam call centers
Threats

Europol dismantles €50M online fraud network using scam call centers

Key Takeaways A sophisticated online fraud network, operating corporate-style call centers, has been dismantled by Europol and national authorities. The criminal enterprise defrauded victims of over...

Marcus Rodriguez
Marcus Rodriguez
April 30, 2026 4 Min Read
42 0

Key Takeaways

  • A sophisticated online fraud network, operating corporate-style call centers, has been dismantled by Europol and national authorities.
  • The criminal enterprise defrauded victims of over EUR 50 million through fake investment platforms.
  • Ten individuals were arrested, and nearly EUR 900,000 in cash was seized during coordinated raids in Albania.
  • The network employed a deceptive “recovery scam” to re-target previous victims, extracting further funds under the guise of helping them recover losses.

International Operation Targets EUR 50 Million Online Investment Fraud

A major international law enforcement effort, spearheaded by Europol, has successfully disrupted an extensive online fraud operation responsible for illicitly gaining more than EUR 50 million from victims globally. The sophisticated criminal network, which mimicked legitimate corporate structures, utilized scam call centers to ensnare individuals in fraudulent investment schemes.

Table Of Content

  • Key Takeaways
  • International Operation Targets EUR 50 Million Online Investment Fraud
  • The Bust: Arrests and Seizures
  • Anatomy of a Corporate-Style Scam
  • Deceptive Roles and Lucrative Commissions
  • The Investment Lure and Money Laundering
  • The Investigation Timeline
  • A Second Layer of Fraud: Targeting Past Victims
  • What You Should Do

On April 17, 2026, Austrian and Albanian authorities executed a coordinated action day. This operation followed a rigorous joint investigation spanning over two years, with significant support from Europol and Eurojust.

The Bust: Arrests and Seizures

The coordinated raids in Tirana, Albania, led to the apprehension of ten individuals. Authorities simultaneously searched three call centers and nine private residences, seizing approximately EUR 900,000 in cash. Further details on the operation and seized assets are available in Europol’s official report.

Seized Assets (Source - Europol)
Seized Assets (Source – Europol)

Anatomy of a Corporate-Style Scam

The criminal enterprise operated multiple call centers from Albania’s capital, Tirana, employing up to 450 individuals across various organized departments. Europol highlighted the network’s corporate-like management as a critical enabler for its large-scale operations and its ability to project the image of a legitimate financial entity. The structure included specialized teams for customer acquisition, customer service, management, finance, IT, human resources, and back-office support.

Deceptive Roles and Lucrative Commissions

The fraud scheme involved “conversion agents” who initially lured victims, and “retention agents” who then posed as investment advisors. These retention agents meticulously managed and manipulated victims’ accounts over extended periods. Operators received a monthly salary of around EUR 800, supplemented by progressive commissions tied to the success of each fraudulent transaction.

To maximize reach and build trust, operators were organized into language-specific teams of six to eight members, covering German, English, Italian, Greek, and Spanish. This allowed them to target victims in their native languages, a tactic crucial for sustaining the elaborate deception.

The Investment Lure and Money Laundering

Victims were typically drawn into the scheme through misleading advertisements on social media platforms or search engine results, promoting fictitious investment platforms that promised unrealistic high returns. Upon registration, victims were assigned a “personal investment advisor.” These advisors would eventually use remote access software to gain full control over the victims’ computers, exerting psychological pressure to compel them into making additional deposits. None of the funds were ever invested; instead, they were siphoned off through an international money-laundering network, disappearing into the hands of the criminals.

The Investigation Timeline

The investigation commenced in June 2023, when Austrian authorities in Vienna observed a surge in fraud reports. By April 2024, Austria leveraged Europol’s framework to connect with Albanian law enforcement, providing an IP address linked to the suspected perpetrators operating from Albanian territory. Albania promptly initiated its own criminal investigation. Subsequently, Eurojust facilitated the establishment of a joint investigation team between Austria and Albania, providing essential funding, interpretation, and logistical support that culminated in the successful April 2026 raids.

During the raids, law enforcement recovered EUR 891,735 in cash, alongside 443 computers, 238 mobile phones, 6 laptops, and numerous data carriers and storage devices. Europol deployed expert teams to secure the vast amount of digital evidence, which will be shared with authorities in other affected nations, including Italy, Germany, Greece, Spain, Canada, and the United Kingdom. A Virtual Command Post was established to facilitate real-time data exchange among all participating teams, as detailed in the Europol press release.

A Second Layer of Fraud: Targeting Past Victims

One of the most insidious aspects of this scheme involved the network re-targeting previous victims. Fraudsters contacted these individuals, offering to “recover” their lost funds. Victims were instructed to open new cryptocurrency accounts and deposit EUR 500 to initiate the supposed recovery process. Operators used different usernames and pseudonyms to avoid detection, effectively perpetrating a second round of fraud on those they had already victimized.

What You Should Do

  • Verify Investment Platforms: Always verify the legitimacy of any online investment platform through an official financial regulator before committing any funds.
  • Beware of Unsolicited Offers: Exercise extreme caution with unsolicited recovery offers from unknown parties claiming to retrieve lost investments.
  • Report Suspected Fraud: Report any suspected online investment fraud or unsolicited recovery offers directly to your national law enforcement agency or a designated cybercrime reporting authority without delay.
  • Protect Personal Information: Never grant remote access to your computer to unknown individuals, especially those claiming to be investment advisors or recovery agents.
  • Educate Yourself: Stay informed about common online investment scams and phishing tactics to recognize and avoid deceptive schemes.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Critical Cursor AI Extension Bug Exposes Developer Tokens

Next Post

Critical cPanel 0-Day Authentication Bypass Vulnerability Actively Exploited

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
WinRAR 7.23 Patches Critical Heap Overflow Vulnerability CVE-2024-XXXX
July 2, 2026
Medtronic Confirms Data Breach, Corporate IT Systems Compromised
July 2, 2026
Critical ClamAV Vulnerabilities Let Attackers Trigger DoS
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Jennifer sherman
By Jennifer sherman
Threats

ErrTraffic Cybercrime Tool Automates ClickFix Attacks

January 1, 2026
David kimber
By David kimber
Threats

DarkSpectre Malware Infected 8.8M Hackers Million Chrome

January 1, 2026
David kimber
By David kimber
Threats

Threat Actors Manipulating LLMs for Automated Vulnerability Exploitation

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us