INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency’s ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from scams.
The effort is part of an international law enforcement operation that involved 72 countries and territories. It also led to the arrest of 94 people, with another 110 individuals still under investigation. A total of 212 electronic devices and servers were seized during raids at various key locations.
One such operation in Bangladesh saw 40 suspects arrested and 134 electronic devices confiscated pertaining to a wide range of cybercrime offences, including loan and job scams, identity theft, and credit card fraud.
In Togo, authorities apprehended 10 suspects accused of running a fraud ring from a residential area. While some were involved in hacking into social media accounts, others conducted social engineering schemes, including romance scams and sextortion.
The fraudsters, after gaining unauthorized access to a victim’s account, reached out to their online contacts, impersonating the account holder to engage in fake romantic relationships and deceive friends and family members. The ultimate objective of the scam was to trick the secondary victims into making money transfers.
Lastly, Macau law enforcement officials identified more than 33,000 phishing and fraudulent websites related to fake casinos and critical infrastructure, such as banks, governments, and payment services. These websites were set up to defraud victims by instructing them to top up their balances or enter personal information.
The cybercrime crackdown marks the third phase of Operation Synergia, which took place between July 18, 2025, and January 31, 2026. The previous two phases took place in 2023 and 2024, identifying thousands of malicious servers and scores of arrests.
India’s CBI Targets Transnational Fraud Case
The disclosure comes as India’s Central Bureau of Investigation (CBI) said it conducted coordinated searches at 15 locations across Delhi, Rajasthan, Uttar Pradesh, and Punjab as part of a large-scale organized online investment and part-time job fraud primarily involving a Dubai-based fintech platform called Pyypl.
“It was alleged that thousands of unsuspecting Indian citizens were cheated of crores of rupees through deceptive online schemes operated by an organized transnational fraud syndicate,” the CBI said.
The criminal network is said to have leveraged social media platforms, mobile applications, and encrypted messaging services to lure victims with promises of high returns from online investments and part-time job opportunities.
As highlighted by Proofpoint in October 2024, these scams aim to gain victims’ trust by convincing them to deposit small amounts and show fictitious profits on fake sites, after which they are persuaded to invest larger sums of money.
As soon as the funds are deposited, they are quickly transferred through multiple mule bank accounts to cover up the money trail and then cashed out through offshore ATM withdrawals using debit cards enabled for international transactions and via wallet top-ups on overseas fintech platforms like Pyypl using Visa and Mastercard payment networks.
These withdrawals, per the CBI, appeared as point-of-sale (PoS) transactions in banking systems to fly under the radar. Some of the stolen money has also been converted to cryptocurrency, and consolidated into accounts linked to 15 shell companies and routed through two entities.
“These entities converted the proceeds into USDT through India-based virtual asset exchanges and transferred the cryptocurrency to their white-listed wallets,” the CBI added.
The crime investigating agency has identified Ashok Kumar Sharma and other unnamed co-conspirators as key members of the syndicate. Sharma has been taken into custody. It also said various bank accounts used by the entities have been frozen, and incriminating documents and digital evidence related to the syndicate’s day-to-day operations have been seized.
