Cross-Border Cybercrime Raid Nabs Scam Call Centers Exposed By OCCRP

Published: 15 November 2022

Cyberpolice Ukraine

Ukrainian cyberpolice posted photos online showing one of the call centers they had shut down. (Photo: CyberpoliceUA/Twitter, License)

By Antonio Baquero, Julia Wallace, Lindita Cela, and Anna Babinec

European authorities this month launched a coordinated action against hundreds of suspects accused of running a massive investment fraud network that was exposed by OCCRP in a 2020 investigation, Eurojust and Europol announced.

Police and prosecutors from Albania, Bulgaria, Finland, Georgia, Germany, Latvia, North Macedonia, Spain, Sweden, and Ukraine worked together on an “unprecedented” cross-border investigation that culminated in the arrests of five suspects and confiscation of hundreds of thousands of euros’ worth of cash, as well as cryptocurrency wallets, properties, and bank accounts, according to Eurojust.

The joint team, which Eurojust, the EU agency for judicial cooperation, coordinated and funded, raided 15 call centers in Albania, Bulgaria, Georgia, North Macedonia, and Ukraine on November 8 and 9.

One of these centers was the Kyiv office of a company formerly known as “Milton Group,” which OCCRP and its partner, Swedish newspaper Dagens Nyheter, exposed as part of the joint “Fraud Factory” investigation in 2020.

The series showed how a network of criminals in Ukraine, Albania, and Georgia were scamming elderly and vulnerable people around the world, luring them into making fake investments in cryptocurrency and other trendy financial instruments. Some victims lost their entire life savings and became destitute.

Eurojust did not connect the recent bust to “Fraud Factory,” but a Ukrainian police source told OCCRP that the Milton Group was among those raided. It changed its name to “Brain Pro LLC” after being exposed in the media, Ukrainian corporate records show.

Catalonian police involved in the raid also confirmed to OCCRP that the operation had targeted the company formerly known as Milton Group. The Mossos d’Esquadra  got involved because over 17,000 Spanish victims lost money to the scammers. Hundreds of thousands of others were affected in countries across Europe, they said.

“There was a great manipulation of vulnerable victims,” said Joan Carles Granja, head of the force’s criminal investigation division.

His description of how the scam groups operated — through fake online brokerages that lured naive investors through promises of sky-high returns — echoed OCCRP’s and Dagens Nyheter’s findings from 2020.

“They offered a very high profitability and there they made that first capture,” said Manuel Fernández, another Mossos d'Esquadra investigator who specializes in cybercrime. “When these people were lured in, they had access to an individualized panel where they could see their earnings, their supposed earnings. From behind [the scenes], the computer programmers manipulated these supposed gains to earn their trust.”

OCCRP found that in many cases, victims were harassed and berated by the scammers after they made their first investment, and badgered into continuing to send money.

In Albania, OCCRP had reported that a scam center linked to Milton Group had been run by an adviser to the Defense Ministry with ties to the prime minister’s family. Six call centers in the country were searched during the raid and four people were arrested. Court documents named them as Adrian Korriku, Iris Puce, Berlando Saraçaj and Erindi Pysqyli, and said that Saraçaj and Pysqyli would be extradited to Spain.

Six other Albanians considered to be higher-level organizers of the criminal group are still wanted for arrest. The head of the Albanian Special Prosecution Office Against Organized Crime, Xuljeta Krasta, said she could not provide their names or any further details.

Albanian police also said they had confiscated 300 computer devices from the centers, as well as 90,000 euros in cash, cryptocurrency wallets worth around $15,000, and identity documents belonging to Georgian and Lithuanian citizens.

Fernández said that even as a seasoned investigator he had been shocked by the extent of the fraud. The group was creating so many fake investment companies — a dozen a week at one point — that they could barely name them fast enough.

“There came a point where they did not even have the capacity to generate new names for these websites and they had to turn to automatic name generators,” Fernández said.

He added that the group had been so successful in preying on its victims because it did two things very well: “On the one hand very powerful social engineering … and that’s combined with computer engineering of the highest level.”