www.interpol.int
18 February 2026
Cyber operation dismantles criminal networks running transnational fraud schemes
LYON, France – Law enforcement agencies from 16 African countries have made 651 arrests and recovered more than USD 4.3 million in an international cybercrime operation against online scams.
Operation Red Card 2.0 (8 December 2025 to 30 January 2026) targeted the infrastructure and actors behind high-yield investment scams, mobile money fraud and fraudulent mobile loan applications.
During the eight-week operation, investigations exposed scams linked to over USD 45 million in financial losses and identified 1,247 victims, predominantly from the African continent but also from other regions of the world. Authorities also seized 2,341 devices and took down 1,442 malicious IPs, domains and servers, as well as other related infrastructure.
INTERPOL supported the operation through critical intelligence sharing, real-time information exchange and capacity-building activities, including training on digital forensic tools.
Neal Jetton, INTERPOL’s Director of the Cybercrime Directorate, said:
“These organized cybercriminal syndicates inflict devastating financial and psychological harm on individuals, businesses and entire communities with their false promises. Operation Red Card highlights the importance of collaboration when combatting transnational cybercrime. I encourage all victims of cybercrime to reach out to law enforcement for help.”
The architecture of fraud: Key cases reveal diverse scam models
In Nigeria, police dismantled a high-yield investment fraud ring that recruited young individuals to carry out cyber-enabled crimes using phishing, identity theft, social engineering and fake digital asset investment schemes. Over 1,000 fraudulent social media accounts were taken down and investigators uncovered a residential property constructed by the syndicate ringleader to serve as the operational hub for the criminal activities.
In Kenya, authorities made 27 arrests linked to fraud schemes that used messaging apps, social media and fictitious testimonials to lure victims into making fake investments in reputable global corporations. Scammers solicited small initial investments ‒ as low as USD 50 ‒ with claims of lucrative returns. Victims were shown fabricated account statements or dashboards but withdrawal requests were systematically blocked.
In Côte d’Ivoire, law enforcement made 58 arrests and seized 240 mobile phones, 25 laptops and over 300 SIM cards in a targeted operation against mobile loan fraud. These scams predominantly targeted vulnerable populations through deceptive mobile applications and messaging services, attracting victims with promises of quick, unsecured loans, only to impose fees, enforce abusive debt-collection practices and illicitly harvest sensitive personal and financial data.
In a separate major success for Nigerian authorities, six members of a sophisticated cybercrime syndicate were arrested for infiltrating the internal platform of a major telecommunications provider through compromised staff login credentials. An investigation led to the disruption of the scheme, which involved siphoning significant volumes of airtime and data for illegal resale.
During Operation Red Card 2.0, INTERPOL worked closely with its partners, Cybercrime Atlas, Team Cymru, Trend Micro, TRM Labs and Uppsala Security, leveraging their data and expertise to provide critical intelligence to participating countries.
Notes to editors
The operation was conducted under the African Joint Operation against Cybercrime (AFJOC), an initiative funded by the UK’s Foreign, Commonwealth & Development Office.
The Global Action on Cybercrime Enhanced (GLACY-e) project, a joint initiative of the European Union and the Council of Europe, provided operation-specific support.
Participating member countries
Angola, Benin, Cameroon, Côte d’Ivoire, Chad, Gabon, Gambia, Ghana, Kenya, Namibia, Nigeria, Rwanda, Senegal, Uganda, Zambia and Zimbabwe.
bitdefender.com
Alina BÎZGĂ
February 17, 2026
Bitdefender Labs is tracking an ongoing scam campaign on Meta platforms targeting people in the EU and the US, using fraudulent “Olympics Shop” advertisements that offer discounts of up to 80% on Milano Cortina 2026 merchandise.
Bitdefender Labs is tracking an ongoing scam campaign on Meta platforms targeting people in the EU and the US, using fraudulent “Olympics Shop” advertisements that offer discounts of up to 80% on Milano Cortina 2026 merchandise.
Users who click on these ads and interact with the fraudulent websites expose themselves to several risks. Many similar scam operations are designed to steal payment card information at checkout, harvest personal details such as names, addresses, phone numbers, and email accounts, and in some cases collect login credentials.
Victims may also receive counterfeit merchandise — or nothing at all — after completing a purchase. In many instances, the sites disappear shortly after processing payments, leaving buyers with no way to recover their money.
At a glance, the ads look legitimate.
They feature official Olympic imagery, professional product photos, and convincing promotional messages such as:
“Olympics Exclusive! Up to 80% OFF.
30 Days No Excuse Free Return.
🛒Get Yours Before Out of Stock!”
“Olympics Esclusivo! Sconti fino all'80%.”
“Reso gratuito entro 30 giorni, senza domande.”
“Acquistalo prima che finisca!”
But the danger begins after the click.
Near-Perfect Clones of the Official Olympics Shop
The fraudulent websites are not crude copies – they are near-perfect replicas of the official Olympics merchandise store.
Bitdefender Labs observed that the scam sites use:
The same product photos
Identical color schemes
The same merchandise collections
Official branding elements
Similar layout structure
At a glance, most users would struggle to tell the difference.
The deception lies in the small details.
For example:
The legitimate store promotes “Sign up & Save 15%.”
The scam websites advertise “Sign & Save 80%.”
Official Olympics Shop
Fake Olympics Shop
That small wording change reflects the core tactic: inflate discounts to trigger a sense of urgency and bypass skepticism.
Font rendering may be slightly different. Minor layout inconsistencies appear in certain sections. Domain names look similar but are newly registered and unrelated to the official organization.
These subtle discrepancies are easy to miss when a user is focused on a limited-time deal.
Coordinated Scam Infrastructure
This campaign shows clear signs of coordination, and as Labs researcher Andreea Olariu points out, most of the fraudulent domains were registered within days of each other:
www.olympics2026[.]store – created Feb 3
Olympicseu[.]shop – created Feb 9
olympics-sale[.]top – created Feb 9
olympics-hot[.]top – created Feb 9
www.olympics-top[.]shop –created Feb 10
Olympicssportswear[.]shop – created Feb 10
Olympexapparel[.]shop – created Feb 10
Lifestylecollection[.]shop – created Feb 10
www.2026olympics[.]store – created Feb 11
Following the initial detection of the scam advertisements, Olariu observed ongoing domain registrations consistent with the same impersonation strategy. The daily appearance of new lookalike domains indicates an adaptive infrastructure designed to evade detection and extend the campaign’s lifespan.
Most recent domains include:
Olymponline[.]top – created Feb 11
Postolympicsale[.]com created Feb 11
sale-olympics[.]top - created Feb 11
olympics-save[.]top - created Feb 11
olympicssportswears[.]shop - created Feb 11
olympicsfashionhub.[]shop - created Feb 12
All these domains are flagged as fraudulent by Bitdefender security systems.
In some instances, ads appear to display the official shop preview but silently redirect users to www.olympics2026[.]store for example.
Newly Created Facebook Pages Running the Ads
Another strong indicator of fraud: the Facebook pages promoting these ads are newly created.
Bitdefender Labs observed that several of these pages were set up on the same day the scam domains were registered. This suggests a rapid deployment model:
Register domain
Clone official website
Create Facebook page
Launch ad campaign
Begin collecting payments
All within a short time window.
Legitimate global brands rarely create brand-new pages and immediately launch aggressive 80% discount campaigns tied to major international events.
The sophistication of the cloning significantly increases the risk. When scam sites mirror official branding almost perfectly, users default to visual familiarity instead of domain verification.
That’s exactly what attackers are counting on.
February 13, 2026 12:36 pm CET
By Antoaneta Roussi
“We also have to have offensive capacity,” says Commissioner Henna Virkkunen.
Europe must be able to strike back in cyberspace, as the strategy to deter adversaries is no longer enough, the EU executive's tech and security chief told POLITICO.
“It’s not enough that we are just defending ... We also have to have offensive capacity,” the European Commission's Executive Vice President Henna Virkkunen said in an interview on the sidelines of the Munich Security Conference on Friday.
For years, European capitals have held back from stating publicly that they support offensive cyber operations — known as "hacking back" — because of fears that such operations could trigger retaliation and escalation from countries like Russia, China and others.
But the tide is turning, as EU states including Germany, Latvia and others warm to the idea of conducting offensive cyber operations. The European Commission also mentioned the need for both defensive and offensive cyber capabilities in its defense white paper in December.
Virkkunen said the Commission is also identifying critical areas and industries where Europe wants more control over its data. It is part of a broader push to reduce dependence on foreign technology and build a homegrown tech and cyber industry in Europe.
“We don’t want to have risky dependencies in any critical fields,” she said. “That doesn’t mean we plan to do everything on our own. When we don’t have certain capacities ourselves, we are very willing to work with like-minded partners to build resilient supply chains.”
| The Record from Recorded Future News
therecord.media
Alexander Martin
February 13th, 2026
The European Union can no longer afford to be “naive” about adversaries’ ability to switch off critical infrastructure, the EU’s top tech official warned Friday, as she called for tougher rules and more investment to protect Europe from cyber and hybrid threats.
EU can’t be ‘naive’ about enemies shutting down critical infrastructure, warns tech official
MUNICH, Germany — The European Union can no longer afford to be “naive” about adversaries’ ability to switch off critical infrastructure, the EU’s top tech official warned Friday, as she called for tougher rules and more investment to protect Europe from cyber and hybrid threats.
Speaking at the Munich Cyber Security Conference, European Commission Executive Vice President Henna Virkkunen said cyberattacks have become a central tool of modern conflict, often coordinated with physical sabotage, disinformation and economic pressure.
Europe’s power grids, hospitals, financial systems, satellites and military command networks are all deeply dependent on digital infrastructure — and increasingly exposed, she warned.
“In today’s world, there is no security without cybersecurity,” said Virkkunen, pointing to recent attacks and interference targeting hospitals, energy networks, public administrations, supply chains and democratic processes across Europe.
She said the Commission last month proposed revising the EU’s Cybersecurity Act to strengthen the bloc’s cybersecurity agency and reduce risks in critical information and communications technology supply chains. The draft proposal would see member states phase out the use of designated high-risk suppliers within their critical national infrastructure.
The potential threat posed by Chinese network equipment suppliers such as Huawei and ZTE had previously resulted in several national decisions to restrict those vendors from contributing to various parts of telecommunications infrastructure.
The use of U.S. technology and service providers had also prompted concern across the EU following President Trump’s unpredictable decisions to sanction various political figures — resulting in prohibitions against those officials using technology provided by companies such as Microsoft — and aggressive posture towards Greenland.
Those concerns were partially assuaged by U.S. National Cyber Director Sean Cairncross on Thursday, who stressed the U.S. wants European partners to work alongside it in cyberspace to confront the most significant threats — and stressed that the U.S. technology stack was safer than that offered by China.
Cairncross echoed a line coined by Secretary of State Marco Rubio, saying the U.S. “America first” approach does not mean “America alone.” Rubio is expected to deliver a keynote to the main Munich Security Conference on Saturday in the wake of an extremely controversial speech delivered by JD Vance last year.
Without naming specific states, Virkkunen argued that Europe’s growing reliance on digital systems has expanded the attack surface for hostile actors and made cyber defense a core part of defense readiness. “We can no longer afford to be naive about who has the capacity to switch off the ICT systems running our critical infrastructure,” she said.
She also pointed to new EU action plans on drone and undersea cable security, following recent incidents, as examples of efforts to improve prevention, detection and rapid response across borders.
Cyber, she said, is now a core military domain, and Europe must build stronger capabilities and a homegrown cyber industry, including by using advanced computing and artificial intelligence for defense. The goal, Virkkunen said, is to ensure Europe remains resilient, secure and able to withstand growing hybrid threats.
