INTERPOL-coordinated global operation HAECHI-II targets cyber-enabled financial crime

HAECHI-IIINTERPOL-coordinated Operation HAECHI-II, which ran from June to September 2021, targeted the global threat of cyber-enabled financial crime.  As a result police arrested over 1,000 individuals and intercepted a total of nearly USD 27 million of illicit funds.

The operation brought together specialised police units from 20 countries, as well as from Hong Kong and Macau, to target specific types of online fraud, such as romance scams, investment fraud and money laundering associated with illegal online gambling.

This resulted in the arrest of 1,003 individuals and allowed investigators to close 1,660 cases.  In addition 2,350 bank accounts linked to the illicit proceeds of online financial crime were blocked.  Over 50 INTERPOL notices were published based on information relating to Operation HAECHI-II and 10 new criminal modus operandi were identified.  The results  show that transnational organised crime groups have been using the Internet to extract millions from their victims, before funnelling the illicit cash to bank accounts across the globe.

HAECHI-II is the second operation in a 3-year project to tackle cyber-enabled financial crime supported by the Republic of Korea, and the first that is truly global in scope.  INTERPOL member countries on every continent participated.  Information gained during HAECHI-II enabled INTERPOL to publish multiple Purple Notices – international police alerts that seek or provide information on modus operandi, objects, devices and concealment methods used by criminals.  The notices are then shared with INTERPOL’s 194 member countries so that police can exchange on emerging criminal methods and establish connections between cases.

One Purple Notice requested by Colombia during the operation details a malware-laden mobile application using the name and branding of the Netflix show ‘Squid Game’.  Masquerading as a product affiliated with the popular television series, the app was in fact a Trojan horse virus that, once downloaded, was able to hack the user’s billing information and subscribe to paid ‘premium’ services without the user’s explicit approval.  While flagged in Colombia, the app has also targeted users in other countries.

The operation also saw INTERPOL officials pilot test a new global stop-payment mechanism – the Anti-Money Laundering Rapid Response Protocol (ARRP) – which proved critical to successfully intercepting illicit funds in several HAECHI-II cases.  INTERPOL will officially launch the ARRP next year, and their Financial Crime Unit is continuing to work with member countries to integrate the system into existing communications channels.

The following countries participated in Operation HAECHI-II: Angola, Brunei, Cambodia, Colombia, China, India, Indonesia, Ireland, Japan, Korea (Rep. of), Laos, Malaysia, Maldives, Philippines, Romania, Singapore, Slovenia, Spain, Thailand, and Vietnam.

The INTERPOL Financial Crime Unit participates in EAST Global Congress and Interim Meetings and in meetings of the EAST Expert Groups on Payment and Transaction Fraud (EAST EPTF) and All Terminal Fraud (EAST EGAF).

Investment Fraud network dismantled by cross-border operation

On 11 May 2021, a large criminal network involved in investment fraud and money laundering was dismantled as a result of a cross border operation supported by Europol and Eurojust.  This was a large-scale online investment fraud network with hundreds of victims across Europe.

LAW ENFORCEMENT ACTION

The investigation, led by Germany, involved law enforcement and judicial authorities from Bulgaria, Israel, Latvia, North-Macedonia, Poland, Spain and Sweden. The final results were:

  • 11 arrests (5 in Bulgaria and 1 in Israel on the action day and 5 previously in Spain)
  • 12 locations were searched in Bulgaria, Israel, Poland, North Macedonia and Sweden
  • Seizures included numerous electronic devices, real estate, jewellery, high-end vehicles and approximately €2 million in cash
  • Bank accounts have also been frozen

Europol supported the operation by facilitating information exchange and providing analytical support and operational coordination. During the action day, Europol experts cross-checked operational information in real-time against Europol’s databases to provide leads to investigators in the field.

HOW THE INVESTMENT FRAUD WORKED

The criminal network, organised mainly by Israeli nationals, created different, professional looking, online trading platforms advertising substantial profits from investments in high-risk options and cryptocurrencies. The victims were targeted through advertisements in social media and search engines. The criminals posed as experienced brokers when contacting the victims via the call centres they had set-up, operating from Bulgaria and North Macedonia. They used manipulated software to show the gains from the investments and to encourage the victims to keep investing.

Victims across Europe are estimated to have lost at least €30 million to the fraud. Victims in Germany suffered at least €7 million of these losses, while 300 complaints were filed in Spain. The suspects laundered the illegal profits through bank accounts controlled or owned by shell companies based in different EU countries.

FRAUD DEFINITIONS

The EAST Payments Task Force (EPTF), which meets three times each year, focuses on the prevention of payment fraud.  It has provided fraud definitions to be adopted globally when describing or reporting payment or terminal fraud.  Investment Fraud is classified as a form of Technological Fraud (Attacks against Technology).

Europol supports hit on Investment Fraud Network

Insignia of the Lithuanian PoliceOn 4 March 2021, Europol supported a hit on a large investment fraud network operating in several EU Member States. The investigation, led by the Lithuanian Police (Lietuvos Policija), and involving law enforcement authorities from Germany, Sweden and the United Kingdom, was also assisted by Eurojust.  By offering fake Retirement Plans, the network defrauded its German victims of a total of €1.5 million.

HOW THE SCAM WORKED 

The criminal network specifically targeted academics in Germany, offering  fake accounts that in reality belonged to Lithuanian companies that were behind the investment fraud scam. The victims wanted to invest their funds in saving accounts hosted on foreign online deposit platforms. The victims found the offers themselves, and then applied for the services. They also sent deposits to individual accounts opened under their names. The criminals offered them fake savings accounts, where the funds had to be deposited for a significant time period, usually between six months and three years.  This gave them time to escape with the funds and hide their traces.  On receipt the criminals transferred the funds to accounts in other EU Member States, and part of them were cashed out at ATMs in Sweden.  A total of €1.5 million was stolen in this way.

LAW ENFORCEMENT ACTION

EFECCThe action day in Lithuania led to:

  • 26 house searches (18 in Lithuania and 8 in Sweden)
  • 5 arrests (4 in Lithuania and 1 in Sweden)
  • 38 victims identified
  • Accounts worth more than €1.2 million frozen (€500,000 in Lithuania and €700,000 in other countries)
  • Seizures include electronic equipment and various documents

Europol supported the operation by facilitating information exchange and providing analytical support. During the action days, Europol cross-checked operational information in real-time against Europol’s databases to provide leads to investigators in the field.

FRAUD DEFINITIONS

The EAST Payments Task Force (EPTF), which meets three times each year, focuses on the prevention of payment fraud.  It has provided fraud definitions to be adopted globally when describing or reporting payment or terminal fraud.  Investment Fraud is classified as a form of Technological Fraud (Attacks against Technology).

Investment fraud gang taken down in Bulgaria and Serbia

Investment fraudA large criminal network involved in investment fraud, money laundering and social engineering was taken down in an international investigation, launched one year ago. The action day, which took place in Belgrade and Sofia, went ahead on 2 April despite the current lockdown.

Estimated total losses were €80 million and the fraud affected over 1,000 victims in Germany and Austria, as well as people in other countries.  In Austria  it is estimated that 850 victims lost around €2.2 million, while in Germany hundreds of victims suffered estimated losses of about €10 million.

The suspects, believed to be members of a large criminal network, offered bogus investments in trading products such as binary options and contract for differences (CFDs) on online trading platforms.  The investments started at around €250 and Agents from call centres in Bulgaria and Serbia then manipulated the victims to make much higher investments in non-existent trading products including CFDs and forex (foreign exchange currency market).

During the action day Law enforcement authorities from Bulgaria and Serbia carried out 11 house searches and arrested 9 individuals (5 in Serbia and 4 in Bulgaria). Two of the leaders of the criminal network were arrested in Sofia. The seizures include five properties in Serbia, €2.5 million from a bank account in Germany, electronic equipment and other evidential material. 30 other bank accounts were put under surveillance.  

Advisory Group on Financial ServicesEuropol and Eurojust supported the investment fraud investigation, which involved law enforcement and judicial authorities from Austria, Bulgaria, Germany and Serbia.  

Europol facilitated information exchange and provided analytical support, cross-checking operational information in real-time against its databases to provide leads to investigators in the field, and a Joint Investigation Team between Austria and Germany was set up by Eurojust to coordinate judicial matters.

EAST and Europol have worked together since 2004 and EAST provides secure platforms for public/private sector cooperation in the fight against organised criminal groups engaged in financial crime.  Click here for more information on EAST’s law enforcement relationships.

The EAST Payments Task Force (EPTF) has a specific focus on tackling social enginnering  This Group, which meets twice a year, adds value to the payments industry by using the unique and extensive EAST National Member platform and Associate Member network to provide information and outputs that are not currently available elsewhere.