"The criminal network, allegedly operating several call centres in Tirana, Albania, is believed to have caused significant financial damage, totalling at least EUR 50 million," Europol said in a press release.
Europol and Eurojust coordination and the April 17 operation
A joint investigation led by Austrian and Albanian authorities, supported by Europol and Eurojust, culminated on April 17 with the arrest of 10 suspects and searches of three call centres and nine private residences. The probe began in Vienna in June 2023 and identified victims across Italy, Germany, Greece, Spain, Canada, and the United Kingdom. During the coordinated action, law enforcement seized cash and large quantities of electronic devices for forensic analysis.
- Seized cash: €891,735
- Computing and communications equipment: 443 computers, 238 mobile phones, and 6 laptops
- Other evidence: various data storage devices
The call centres in Tirana: scale, staffing, and business-like structure
Investigators say the criminal ring operated like a legitimate business, employing up to 450 people across distinct departments — customer acquisition, retention, finance, IT, and human resources. Team leaders supervised daily activities while call centre managers coordinated operations. Operators worked in teams of six to eight, organised by language, including German, English, Italian, Greek, and Spanish.
Reported compensation was roughly €800 per month plus performance-based commissions, reflecting a salaried structure layered over incentives. Europol characterised the centres as "professionally set up and organised, resembling legitimate business structures featuring a clear division of roles and hierarchical management."
Modus operandi: fake platforms, retention agents, remote access, and a second scam
Victims were lured to counterfeit cryptocurrency investment platforms through advertisements on search engines and social media. Once engaged, they were assigned so-called "retention agents" who posed as professional brokers or investment advisers and managed victims' accounts. Those agents routinely used remote access software to control victims' devices and applied psychological pressure to coerce additional deposits.
According to the investigation, deposited funds were never invested. Instead, the money was channelled into an international money‑laundering scheme that routed illicit proceeds into accounts controlled by the network. Investigators also documented a secondary layer of fraud: criminals recontacted victims, offered to "recover" lost funds, and demanded a €500 entry fee to put money into cryptocurrency accounts — defrauding victims a second time.
Cross-border reach and precedent: where this fits in a pattern of large takedowns
The case is the latest in a sequence of European operations targeting large call-centre investment frauds. The source traces earlier actions: a March 2022 shutdown of a call-centre investment fraud network that employed 200 "traders" and stole at least €3 million per month; multiple takedowns last year of call centres across Europe linked to losses of millions of euros; a May operation that shuttered 12 fraud call centres tied to thousands of daily scam calls; and a recent July action in Spain that dismantled a ring alleged to have laundered over €460 million stolen from more than 5,000 victims, followed one week later by another large-scale takedown connected to more than €10 million in cumulative damages.
What this means for technologists, policymakers, and victims
- Technologists and security teams: The large volume of seized devices — 443 computers, 238 phones, 6 laptops, and multiple storage media — will be central to forensic work. Analysts will look for the remote access tools used to control victim devices, the infrastructure behind the fake platforms, and traces of the money‑laundering chain recorded in logs and account records.
- Policymakers and cross-border law enforcement: The investigation underlines the role of transnational coordination; the operation involved Austrian and Albanian authorities with Europol and Eurojust support, and victims were identified in multiple European states plus Canada and the United Kingdom. That geographic spread highlights legal and operational dependencies across jurisdictions when dismantling complex, multilingual fraud rings.
- Victims and consumer protection groups: The scheme's two-tiered approach — initial investment fraud followed by a recovery scam requiring a €500 deposit — illustrates the risk of repeat victimisation. Reported victim locations include Italy, Germany, Greece, Spain, Canada, and the United Kingdom, signalling a broad pool of targets reached by multilingual ad campaigns and phone operations.
The arrests and seizures on April 17 mark a concrete disruption of a large, structured criminal enterprise that simulated legitimate employment and financial services. With nearly €900,000 in cash and hundreds of devices now in evidence, investigators have tangible leads for tracing the flows of illicit funds and the technical components that enabled the scams. How quickly prosecutors across the affected jurisdictions can convert forensic findings into charges and asset recovery will determine how much of the estimated EUR 50 million in losses can be remedied.
