INTERPOL has dismantled 45,000 malicious IP addresses and servers tied to phishing, malware, and ransomware campaigns, following a coordinated sweep across 72 countries and territories.
The operation, the third phase of Operation Synergia, ran between July 18, 2025, and January 31, 2026. It resulted in 94 arrests, 110 individuals still under investigation, and the seizure of 212 electronic devices and servers.
Country-level results varied sharply. In Bangladesh, 40 suspects were arrested and 134 electronic devices confiscated across offences including loan scams, job fraud, identity theft, and credit card fraud. Authorities in Togo apprehended 10 suspects running a fraud ring from a residential address — some hacking social media accounts, others running romance scams and sextortion schemes. Once inside a victim’s account, the group impersonated the account holder to build fake romantic relationships with the victim’s contacts, then used that trust to solicit money transfers.
Macau law enforcement identified more than 33,000 phishing and fraudulent websites, according to the announcement. Targets included fake casinos, banks, government portals, and payment services. Victims were directed to top up balances or surrender personal information.
India’s CBI Raids Target Dubai-Linked Investment Fraud
Separately, India’s Central Bureau of Investigation conducted raids across 15 locations in Delhi, Rajasthan, Uttar Pradesh, and Punjab, targeting an organized investment and part-time job fraud network linked to a Dubai-based fintech platform called Pyypl.
“Thousands of unsuspecting Indian citizens were cheated of crores of rupees through deceptive online schemes operated by an organized transnational fraud syndicate,” the CBI said.
More Read
The syndicate used social media, mobile apps, and encrypted messaging services to lure victims with promises of high investment returns. Victims were first shown small fictitious profits on fake platforms, then persuaded to deposit larger sums — a method consistent with what Proofpoint documented in October 2024. Once funds arrived, they moved quickly through multiple mule bank accounts before being cashed out via offshore ATM withdrawals and wallet top-ups on overseas platforms using Visa and Mastercard networks. Those withdrawals were structured to appear as point-of-sale transactions in banking records.
A portion of stolen funds was converted to USDT through India-based virtual asset exchanges, then transferred to white-listed wallets via 15 shell companies and two additional entities. The CBI has identified Ashok Kumar Sharma as a key member of the syndicate. Sharma is in custody. Bank accounts linked to the operation have been frozen and digital evidence seized.
Operation Synergia’s first two phases ran in 2023 and 2024, each identifying thousands of malicious servers and producing additional arrests.
Photo by Pixabay
This article is a curated summary based on third-party sources. Source: Read the original article
