INTERPOL Operation Red Card 2.0 African Cybercrime Crackdown
INTERPOL’s Operation Red Card 2.0, coordinated under the African Joint Operation against Cybercrime (AFJOC), resulted in 651 arrests across 16 African countries and the recovery of over $4.3 million tied to online scam activity. The operation ran from December 8, 2025 to January 30, 2026, identified 1,247 victims, and targeted criminal activity linked to over $45 million in losses, including high-yield investment fraud, mobile money fraud, and fraudulent mobile loan applications.
Law enforcement reported significant disruption activity, including the seizure of 2,341 devices and takedowns of 1,442 malicious IPs/domains/servers (and related infrastructure). Notable actions included Nigeria dismantling an investment-fraud ring that leveraged phishing, identity theft, and social engineering (with 1,000+ fraudulent social media accounts removed) and arresting six suspects accused of breaching a major telecom provider using compromised staff credentials to steal airtime/data for resale; Kenya arrested 27 suspects tied to social-media/messaging-driven fraud schemes; and Côte d’Ivoire arrested 58 suspects linked to predatory loan-app activity with hidden fees and abusive collection practices.
Timeline
Feb 18, 2026
INTERPOL publicly announces Operation Red Card 2.0 results
INTERPOL published the results of Operation Red Card 2.0 and highlighted the transnational nature of the cybercrime syndicates, stressing the need for cross-border collaboration to combat online scams in Africa.
Jan 30, 2026
Operation Red Card 2.0 concludes with 651 arrests and $4.3 million recovered
By the end of the operation, authorities had arrested 651 suspects, identified 1,247 victims, recovered more than $4.3 million, seized 2,341 devices, and disrupted 1,442 malicious IPs, domains, and servers linked to scams causing over $45 million in losses.
Dec 8, 2025
Côte d’Ivoire disrupts fraudulent mobile loan app scheme
Authorities in Côte d’Ivoire arrested 58 suspects connected to predatory mobile loan fraud carried out through deceptive applications that targeted victims with abusive lending scams.
Dec 8, 2025
Kenya arrests suspects tied to social-media investment scams
Kenyan authorities arrested 27 suspects linked to investment fraud schemes that used social media and messaging platforms to lure victims with fake opportunities.
Dec 8, 2025
Nigeria arrests telecom-breach suspects using stolen credentials
Nigerian police arrested six suspects accused of breaching a major telecommunications provider by using stolen employee credentials as part of a separate cybercrime scheme uncovered during the operation.
Dec 8, 2025
Nigeria dismantles investment fraud ring during Red Card 2.0
During the operation, Nigerian authorities dismantled a major investment fraud network that used phishing, identity theft, social engineering, fake digital-asset investment schemes, and more than 1,000 fraudulent social media accounts.
Dec 8, 2025
Operation Red Card 2.0 begins across 16 African countries
Law enforcement agencies in 16 African countries, supported by INTERPOL and AFJOC, launched Operation Red Card 2.0 to target high-yield investment fraud, mobile money scams, and fraudulent mobile loan applications.
Feb 28, 2025
First Operation Red Card phase results in 306 arrests
INTERPOL said an earlier phase of Operation Red Card, conducted between November 2024 and February 2025, led to 306 arrests and the seizure of 1,842 devices across participating African countries.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
1 more from sources like interpol
Related Stories
Operation Sentinel: Africa-Wide Cybercrime Crackdown and Major Arrests
Law enforcement agencies across 19 African countries, coordinated by INTERPOL under Operation Sentinel, arrested 574 suspects and recovered approximately $3 million in a sweeping crackdown on cybercrime. The month-long operation targeted business email compromise (BEC), digital extortion, and ransomware, resulting in the takedown of over 6,000 malicious links and the decryption of six ransomware variants. Notable incidents included the prevention of a $7.9 million BEC fraud at a Senegalese petroleum company, a ransomware attack on a Ghanaian financial institution that encrypted 100 terabytes of data, and the dismantling of a cross-border scam in Ghana and Nigeria that defrauded over 200 victims. Authorities also seized more than 100 digital devices, took down 30 servers, and shut down thousands of scam-linked social media accounts, with total financial losses from investigated cases exceeding $21 million. The operation highlighted the increasing scale and sophistication of cyberattacks targeting critical sectors such as finance and energy across Africa. International cooperation and rapid response were key to the operation's success, with support from private sector partners including Team Cymru, The Shadowserver Foundation, Trend Micro, TRM Labs, and Uppsala Security. The results demonstrate a strong commitment by African law enforcement and their international partners to combat cybercrime and protect digital infrastructure in the region.
1 months ago
INTERPOL Operation Synergia III Disrupts Global Phishing and Fraud Infrastructure
**INTERPOL** said **Operation Synergia III** led to the arrest of **94 suspects**, the seizure of **212 devices and servers**, and the sinkholing or takedown of more than **45,000 malicious IP addresses** tied to cybercrime infrastructure across **72 countries and territories**. The operation ran from July 2025 through January 2026 and targeted infrastructure supporting **phishing, malware, ransomware, romance scams, credit card fraud, and related online fraud**. Authorities said **110 additional individuals remain under investigation**, underscoring that follow-on enforcement activity is still ongoing. Preliminary case details show broad international participation and a focus on both technical infrastructure and fraud operators. In **Macau**, investigators identified more than **33,000 phishing and fraudulent websites**, including fake casino, banking, government, payment, and other critical-service sites used to steal credentials and payment data. In **Bangladesh**, authorities arrested **40 suspects** and seized **134 devices** linked to loan scams, employment scams, identity theft, and credit card fraud, while in **Togo** police arrested **10 suspects** tied to a fraud ring whose members split responsibilities between account compromise and social-engineering schemes such as romance and sextortion scams. The reporting describes a coordinated law-enforcement disruption of active criminal infrastructure rather than a vendor announcement or generic security guidance.
1 months ago
European Law Enforcement Takedowns of Phishing and Investment-Fraud Networks
European law enforcement reported multiple cyber-enabled fraud disruptions, including a Eurojust-supported operation that dismantled a **fraudulent call-centre network** operating from three offices in Dnipro. Authorities from Latvia, Lithuania, and Ukraine arrested **11 suspects**, seized **more than €400,000** in cash, and collected electronic evidence (computers, SIM cards, documents) during searches at **32 locations**. The group allegedly ran a fake cryptocurrency investment platform and used **remote access software** to gain access to victims’ online banking and move funds to accounts and crypto wallets under their control. Separately, Poland’s Central Bureau for Combating Cybercrime (CBZC) dismantled an organized group operating in Poland and Germany that used **phishing** to hijack Facebook accounts and extract **BLIK** payment codes. Investigators identified **11 group members**, placed **six** in pretrial detention, and seized **over 100,000** stolen Facebook credentials; prosecutors filed **400+ charges** including unauthorized access, online fraud, and money laundering. A South Korean case involving the breach of Seoul’s bike-hire service *Ttareungyi* (4.62 million users affected) is a distinct incident and not part of the European takedown actions described above.
1 months ago