Episode 246

1st May – 3rd May 2026

Sanctions

US Treasury Sanctions Former DRC President Over Alleged Support for Armed Groups

The US Department of the Treasury has imposed sanctions on a former president of the Democratic Republic of the Congo, citing his alleged involvement in supporting armed conflict in the country. According to the announcement, the designation aims to address activities which the US government says have contributed to instability and violence.

Fraud

Europol and Eurojust dismantle €50m pan‑European investment fraud network operating call‑centre “broker” hubs in Albania

A two‑year joint investigation by Austrian and Albanian authorities, supported by Europol and Eurojust, has dismantled a large-scale online investment fraud network which allegedly ran multiple call‑centre-style operations in Tirana, deceiving victims across Europe and beyond into transferring more than €50 million. The network, structured like a corporate enterprise with up to 450 staff, used multilingual “conversion” and “retention” agents to pose as investment advisors, gain remote access to victims’ devices, and pressure them into repeated payments, which were then laundered internationally rather than invested. A coordinated action day on 17th April 2026 led to 10 arrests and the seizure of €891,735 in cash, hundreds of computers and phones, and extensive data infrastructure, with investigators expecting further insights as analysis continues.

Global Law‑Enforcement Operation Dismantles International Scam Centres, Leading to 276 Arrests

An international law‑enforcement operation involving the FBI, Dubai Police, and China’s Ministry of Public Security resulted in at least 276 arrests and the shutdown of multiple scam centres accused of running cryptocurrency investment fraud schemes targeting US victims. Authorities in Dubai and Thailand apprehended several individuals charged in the United States with wire fraud and money‑laundering conspiracies linked to so‑called “pig‑butchering” schemes, in which scammers build trust with victims before directing them to fraudulent investment platforms. Investigators report millions of dollars in losses, and US prosecutors have unsealed related charges in San Diego as part of broader efforts to disrupt transnational fraud networks.

US Law Enforcement Advances Actions Against Domestic and International Fraud Networks

Federal authorities across the United States are advancing multiple enforcement actions against a diverse array of financial fraud schemes ranging from localised mail theft to large-scale international cybercrime. In Ohio, the conviction of 25 individuals concluded the prosecution of a $215 million international business email compromise network which hacked corporate communications to defraud over 1,000 victims worldwide. Similarly, in a case of individual financial exploitation, a Vermont federal court sentenced an Alabama man to 30 months in prison for operating an online romance fraud scheme which extracted more than $150,000 from victims while he was on federal supervised release. Domestically, federal indictments in Georgia charged former postal workers and a bank manager for their alleged roles in a nearly $5 million mail theft and bank fraud conspiracy involving the laundering of a stolen US Treasury cheque. Concurrently addressing overseas threats, the FBI's San Diego office and the Scam Centre Strike Force announced the seizure of a malicious web domain and a $10 million State Department reward for information concerning the Burma-based Tai Chang scam enterprise, a compound involved in large-scale cryptocurrency investment fraud operations.

Bribery and Corruption

MEPs Call for Stronger EU Action as Rule‑of‑Law Concerns Persist Across Member States

The European Parliament has adopted a resolution warning that ongoing gaps in judicial independence, anti‑corruption measures, media freedom, and civic space continue to undermine rule‑of‑law standards across the EU, noting that most Commission recommendations have been repeated from previous years. MEPs highlighted risks such as political influence over courts, weak enforcement against corruption, pressure on journalists, misuse of spyware, and restrictions on civil society. The text also links rule of law shortcomings to fundamental rights concerns and calls for consistent scrutiny in the use of EU funds and in enlargement processes.

Cybercrime

Europol’s 2026 IOCTA warns that encryption, AI, and fragmented dark‑web ecosystems are accelerating cybercrime across the EU

Europol’s Internet Organised Crime Threat Assessment (IOCTA) 2026 outlines how rapidly evolving technologies, with particular emphasis on end‑to‑end encryption, anonymised communication channels, cryptocurrencies, and generative AI, are enabling increasingly sophisticated cybercrime across the EU, from large‑scale online fraud and caller‑ID spoofing to ransomware operations and state‑linked hybrid threats. The report highlights the resilience and fragmentation of dark‑web marketplaces, the growing use of privacy coins and offshore exchanges to launder ransomware proceeds, and a surge in online child sexual exploitation, including synthetic CSAM and financially motivated extortion. Europol positions the IOCTA as a strategic roadmap for law enforcement, stressing the need for enhanced capabilities, cross‑border cooperation, and innovative responses to an increasingly complex threat landscape.

UK Government Releases 2025/2026 Cyber Security Breaches Survey Highlighting Persistent Threats and Incident Response Gaps

The Cyber Security Breaches Survey 2025/2026, commissioned jointly by the UK Department for Science, Innovation and Technology and the Home Office, has found that 43% of businesses and 28% of charities identified at least one cyber security breach or attack in the preceding 12 months. Phishing remains the most common and disruptive threat, while incidents of ransomware and impersonation among businesses have declined compared to previous years. The study estimates that 19% of businesses and 14% of charities were victims of cybercrime, often involving high levels of repeat victimisation. Although board-level responsibility for cyber security in businesses rose to 31%, only 25% of all businesses have a formal incident response plan, and cyber security prioritisation among charities saw a significant decline compared to the previous year. Furthermore, while the majority of organisations were able to restore operations within 24 hours of their most disruptive breach, there was an increase in businesses reporting negative outcomes such as loss of revenue and reputational damage.