Nearly €900,000 in cash and 443 computers were seized as part of a two-year European law-enforcement operation that ended with 10 arrests at suspected Albanian scam call centres accused of running a professionalized investment fraud ring that cost victims at least €50m.
Europol, Austrian and Albanian authorities: how the operation unfolded
Europol described the probe as a coordinated, multi-year effort that began in June 2023 after Austrian law enforcement identified a large number of fraud victims in Vienna. In April 2024 those authorities requested the Albanian authorities hand over an IP address suspected of being used by the perpetrators, Europol said. The investigation culminated in searches of three call centres and nine private homes in Albania and the arrest of 10 people believed to be linked to the scheme.
The criminal network’s structure and payroll
Europol portrayed the fraud ring as organised along the lines of a legitimate business. Teams of call-centre agents were grouped in six- to eight-person units focused on specific languages and target markets. Of an estimated 450 employees, “conversion agents” handled customer acquisition while “retention agents” formed the customer-service team; additional staff were assigned to management, finance, IT and HR functions. Team leaders supervised agents and a single call-centre manager coordinated overall operations. Staff reportedly received a monthly salary of €800 with promises of additional commission for recruiting new “customers.”
Modus operandi: ads, persuasion, remote access and recovery fraud
Victims were lured via misleading advertisements on social media and search engines and told to open cryptocurrency accounts with an initial deposit of €500. Once registered, each victim was assigned a dedicated “retention agent” who impersonated an investment advisor and applied psychological pressure to encourage further deposits. Europol said agents used local language skills to build trust and feigned confidence in the scheme; those who suffered losses were re-contacted with recovery fraud offers falsely promising to retrieve stolen funds.
Europol further reported that, on some occasions, operators obtained full remote control over victims’ machines using remote access software, though the agency did not specify the precise purposes for which remote control was then used. As with most investment-fraud schemes described in the announcement, the money was never invested or returned and instead was laundered internationally, Europol said.
Scope of harm and related international actions
Europol estimated the network’s activity cost victims at least €50m. The agency listed victim countries as Austria, Italy, Germany, Greece, Spain, Canada and the UK. Seized items included nearly €900,000 in cash, 443 computers, 238 mobile phones, six laptops and multiple data storage devices. Europol framed the case against the backdrop of broader, global law-enforcement activity: the FBI reported that investment fraud was the highest-grossing cybercrime type in 2025, producing over $8.6bn for scammers, and that this week the FBI, Dubai Police Department and Chinese Ministry of Public Security arrested at least 276 individuals and closed nine scam centres used for cryptocurrency investment fraud schemes. The US also sanctioned a Cambodian network accused of orchestrating large-scale crypto fraud.
What this means for victims, law enforcement, and technologists
- Victims: Those who lost funds were targeted through online ads and one-on-one persuasion by retention agents; Europol’s description indicates many victims were encouraged to make initial deposits of €500 and were later re-contacted with recovery offers.
- Law enforcement: The transnational nature of the probe — including an IP evidence request in April 2024 and joint action across Austrian and Albanian authorities with Europol coordination — demonstrates cross-border investigation and seizure activity can yield arrests, cash seizures and large quantities of electronic evidence.
- Technologists and security teams: Europol’s report that operators sometimes used remote access software to gain full control of victims’ machines highlights the dual role of social-engineering and technical compromise in these schemes and reinforces the need to treat unsolicited remote-access requests as high-risk.
The arrests and seizures close a significant chapter in a two-year probe, but they also fit into a wider pattern Europol and partners documented this year: professionally organised scam centres, large-scale victimization across multiple countries and coordinated international enforcement responses. The seized cash, hundreds of devices and the categorised division of labour inside the call centres provide tangible evidence of how deeply these operations can be industrialised — and of why authorities from multiple jurisdictions are treating cryptocurrency investment fraud as a priority.
