European Law Enforcement Takedowns of Phishing and Investment-Fraud Networks
European law enforcement reported multiple cyber-enabled fraud disruptions, including a Eurojust-supported operation that dismantled a fraudulent call-centre network operating from three offices in Dnipro. Authorities from Latvia, Lithuania, and Ukraine arrested 11 suspects, seized more than €400,000 in cash, and collected electronic evidence (computers, SIM cards, documents) during searches at 32 locations. The group allegedly ran a fake cryptocurrency investment platform and used remote access software to gain access to victims’ online banking and move funds to accounts and crypto wallets under their control.
Separately, Poland’s Central Bureau for Combating Cybercrime (CBZC) dismantled an organized group operating in Poland and Germany that used phishing to hijack Facebook accounts and extract BLIK payment codes. Investigators identified 11 group members, placed six in pretrial detention, and seized over 100,000 stolen Facebook credentials; prosecutors filed 400+ charges including unauthorized access, online fraud, and money laundering. A South Korean case involving the breach of Seoul’s bike-hire service Ttareungyi (4.62 million users affected) is a distinct incident and not part of the European takedown actions described above.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
International operation dismantles Dnipro-based fraud call centres
In a coordinated law-enforcement action supported by Eurojust, authorities dismantled a fraudulent call-centre operation based in Dnipro. The operation led to 11 arrests, searches at 32 locations, and the seizure of more than €400,000 in cash as well as electronic equipment and other evidence.
Investigators identify Latvian and Lithuanian victims in call-centre scam
During the investigation, authorities identified victims in Latvia and Lithuania who together lost more than €160,000, with additional victims suspected. The case involved cooperation among authorities in Latvia, Lithuania, and Ukraine, supported by Eurojust.
Fraudulent call-centre network targets victims via fake crypto platform
A fraud network operating from three offices in Dnipro used a fake cryptocurrency investment platform to lure victims across Europe, then pressured them into additional payments for supposed legal recovery services. Victims were also convinced to install remote-access software, allowing the group to access online banking and transfer funds to criminal-controlled accounts and wallets.
Polish cybercrime police dismantle Facebook phishing gang
Poland’s Central Bureau for Combating Cybercrime dismantled the organized group, identified 11 members, and seized more than 100,000 stolen Facebook logins and passwords. Six suspects were placed in pretrial detention and prosecutors brought more than 400 charges, including organized crime participation, unlawful account access, online fraud, and money laundering.
Polish Facebook phishing operation ends after two years
The phishing group that had operated since May 2022 continued its activity until May 2024, targeting users in Poland and Germany. By the end of the operation, authorities had linked the group to large-scale credential theft and financial fraud.
Facebook phishing ring begins operating in Poland and Germany
An organized criminal group started a phishing campaign in May 2022 that used fake websites imitating well-known news portals to steal Facebook credentials and take over victims' accounts. The stolen access was then used to obtain BLIK payment codes and commit fraud.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Major International Law Enforcement Actions Against Cybercrime and Financial Fraud Networks
Law enforcement agencies across multiple countries have conducted significant operations targeting cybercriminal groups responsible for large-scale financial fraud, data breaches, and cryptocurrency theft. In Spain, police arrested a 19-year-old hacker accused of stealing and attempting to sell 64 million personal data records from nine companies, while Ukrainian authorities apprehended a separate data broker who used custom malware to compromise accounts and sell access on hacker forums. In California, a member of the so-called "Social Engineering Enterprise" pleaded guilty to laundering millions in cryptocurrency stolen through sophisticated social engineering attacks, with the group responsible for a $263 million heist and extravagant spending of the proceeds. Meanwhile, Russian police dismantled a gang that used NFCGate-based malware to steal millions from bank customers by tricking victims into installing fake banking apps and harvesting card credentials for remote theft. A major international operation led by Europol and Eurojust dismantled a €700 million cryptocurrency scam network in Europe that used deepfake videos and aggressive marketing to lure victims into fake investment schemes. The network operated numerous fraudulent platforms, laundered funds through complex channels, and was taken down in coordinated raids across several countries, resulting in arrests and the seizure of cash, cryptocurrencies, and luxury items. These actions highlight the growing sophistication of cyber-enabled financial crime and the increasing collaboration between law enforcement agencies to disrupt such operations on a global scale.
Mar 21, 2026
European Law Enforcement Dismantles Ukrainian Call Center Fraud Network
European law enforcement agencies, supported by Eurojust, have dismantled a large-scale fraud network operating multiple call centers in Ukraine that targeted victims across Europe. Authorities from Ukraine, the Czech Republic, Latvia, and Lithuania arrested 12 suspects and identified 45 individuals involved in the operation, which defrauded over 400 victims of more than 10 million euros. The criminal group used various schemes, including impersonating police officers and bank employees, convincing victims their accounts were compromised, and instructing them to transfer funds to "safe" accounts controlled by the network. In some cases, victims were persuaded to install remote access software, allowing the criminals to hijack their bank accounts, and some fraudsters even met victims in person to collect cash using stolen card details. The call centers, located in Dnipro, Ivano-Frankivsk, and Kyiv, employed around 100 people recruited from several European countries. Employees were paid commissions of up to 7% of the stolen funds and were promised bonuses such as cash, cars, or apartments for exceeding certain fraud targets, though these rewards were never distributed. During coordinated raids on December 9, 2025, authorities conducted 72 searches, seizing vehicles, weapons, computers, cash, and forged identification documents. The operation highlights the transnational nature of organized fraud and the effectiveness of coordinated law enforcement action across European borders.
Mar 21, 2026
European and U.S. Law Enforcement Actions Against Cyber-Enabled Crime
Multiple law-enforcement actions were reported across Europe and the U.S. targeting **cyber-enabled criminal activity**, including online intimidation, financial malware operations, and crypto/NFT theft. In Hungary, police working with Romanian authorities detained four young suspects accused of **swatting** and **doxing** tied to disputes initiated via *Discord*, including false bomb and violence threats that triggered significant emergency response deployments. Separately, U.S. authorities convicted two Venezuelan nationals for a multi-state **ATM jackpotting** operation in which they physically accessed older ATMs, connected a laptop, and deployed **malware** to force cash dispensing, resulting in hundreds of thousands of dollars in losses and restitution orders. In Romania, two suspects were investigated at the request of UK authorities over an alleged **hitman-for-hire** marketplace designed to conceal identities and payments via **cryptocurrency escrow**, with police seizing storage devices, crypto valued around **$650,000**, and significant cash. In the Netherlands, Zeeland police arrested four suspects linked to the theft of **169 NFTs** valued at roughly **€1.4 million**, seizing data carriers, cash, vehicles, and a house during raids as the investigation continued.
Mar 21, 2026