In Kenya, a two-month investigation has led to the capture of nearly two dozen cybercriminals linked to online debit and credit card fraud that siphoned about KES1.1 billion (US$8.6 million) from customers' bank accounts.

The sting operation led by a team of investigators from the International Criminal Police Organization (INTERPOL) shows that the funds were stolen via fraudulent scripts run after changing the banking systems protocol, the police unit noted in a statement.

It added that once the funds were drawn from bank accounts, they were wired almost immediately by the cybercriminals through SWIFT to companies spread across the United Arab Emirates, Nigeria, and far-flung China.

Additionally, the stolen funds were also traced to "digital asset institutions offering trading and financial services regulated in multiple jurisdictions."

The fraud, which also hit other countries across Africa has led to the arrest of 1,006 suspects and crushed an estimated 134,089 malicious infrastructures and networks, an Interpol statement said.

“Through Serengeti, AFRIPOL has significantly enhanced support for law enforcement in African Union Member States. We’ve facilitated key arrests and deepened insights into cybercrime trends. Our focus now includes emerging threats like AI-driven malware and advanced attack techniques,” Jalel Chelba, AFRIPOL’s Executive Director said.

AFRIPOL is a technical unit of the African Union that aims at strengthening the unity of police agencies of AU member states in the prevention and fight against organized transnational crime, terrorism, and cybercrime.

Valdecy Urquiza, Secretary General of INTERPOL, added; “Operation Serengeti shows what we can achieve by working together, and these arrests alone will save countless potential future victims from real personal and financial pain. We know that this is just the tip of the iceberg, which is why we will continue targeting these criminal groups worldwide.”

Chinese nationals arrested

Eight people, including five Chinese nationals, were arrested in Senegal for a US$6 million online Ponzi scheme affecting 1,811 victims. A raid in their house led to police to seize 900 SIM cards, cash amounting to US$11,000 as well as mobile phones, laptops, and ID cards believed to belong to victims.

In Nigeria, Interpol seized a suspect, who is believed to have made upwards of US$300,000 by luring victims through messaging platforms with false promises of cryptocurrency returns. The man was masquerading as an online investment advisor. 

Interpol's Operation Serengeti, which ran between 2nd September and 31 October 2024 sought to unmask the criminals behind ransomware, business email compromise (BEC), digital extortion, and online scams.

Operation Serengeti was funded by the UK’s Foreign, Commonwealth, and Development Office, the German Federal Foreign Office, and the Council of Europe.

During the investigations, over 35,000 victims were identified during the operation, with cases linked to an estimated US$193 million losses across the world.

Information provided by participating countries of ongoing cases with INTERPOL fed into 65 Cyber Analytical Reports that were produced to ensure actions on the ground were intelligence-led and focused on the most significant actors, Interpol explained.

The global police agency noted that Internet Service Providers across the jurisdictions involved played a vital role by sharing information, supporting analysis, and helping to disrupt the crimes.

[email protected]