Call Center Scams Spread Across Eurasia

Executive Summary:

• A series of investigations and arrests across Eurasia has revealed a rise in international call center fraud operations, underscoring the increasingly transnational nature of cybercrime in the region.
• Russian-language cybercrime has historically avoided targeting Russia or members of the Commonwealth of Independent States, but Eurasian call center fraud is increasingly targeting Russian speakers.
• These scams are likely to continue to increase, given the perilous economic situation for many in the region, the erosion of the rule of law across post-Soviet Eurasia, and the spread of new technologies and criminal expertise.

The ongoing issues of call center fraud in Russia have prompted the Russian State Duma to take measures to target so-called “drop” payment accounts. The Duma passed a law in June 2025 to increase legal penalties for such activities. These accounts are used in various forms of fraud, including call center fraud, for the laundering of criminal proceeds. Sberbank estimated that, in 2024 alone, up to two million Russian citizens had their payment card information used in such schemes, with youth being recruited on social media or gaming platforms and subsequently driving much of the activity (Russian State Duma; RBC, June 17).

A series of investigations and arrests across Eurasia has underscored the increasingly transnational nature of the region’s call center crime operations. In December 2024, the Russian Federal Security Service (FSB) raided a call center running scam investments, which they estimated was earning up to $1 million per day, targeting more than 100,000 individuals in over 50 countries. The Milton Group, the company operating the call centers, was originally founded in Israel in 2017 and subsequently relocated to Kyiv before establishing offices in Moscow. The company recruited international students studying in Moscow to make calls targeting citizens in their home countries. Russian authorities claimed that the criminal activity was linked to exiled former Georgian Minister of Defense David Kezerashvili, a claim that he has denied, along with Israeli-Georgian businessman David Todva (RBC, December 9, 2024).

In February, authorities in Uzbekistan shut down a network of call centers in Fergana and Tashkent, which had mainly targeted Russian citizens (Gazeta.uz, February 4). Similar centers in Belarus targeting Russians were also seized earlier this year (RIA Novosti, April 3). Recent joint actions between EU and Ukrainian law enforcement have focused on call centers emanating from Ukraine targeting European citizens (Gorod.ua, March 13).

Recent public investigations have also highlighted the region’s role in this scam. The Organized Crime and Corruption Reporting Project (OCCRP) obtained vast amounts of data leaked from two separate call center networks and subsequently published the investigations in March 2025. The first investigation documented how a network of call centers in Georgia scammed victims around the globe and caused over $35 million in damages. The second network had offices in Ukraine, Bulgaria, Cyprus, and Israel, and operated across seven different countries, allowing it to achieve a global reach (OCCRP, March 14).

Fraudsters would pose as security service members for the target’s financial institution,  investment advisers pushing cryptocurrency or commodities investment schemes, or even as the target’s relatives (OCCRP, March 5). The Russian-language cybercriminal underground is teeming with services that provide the necessary tools for such activity, ranging from SIM cards for various countries worldwide to technologies that spoof phone numbers, mask a user’s voice, and utilize telephony server systems that underpin such operations. Sophisticated hackers can also compromise servers used for routing calls over the internet and use them for their own ends (Flashpoint, August 15, 2017).

This criminal expertise was often used to assist in hacking bank accounts or setting up financial accounts for laundering stolen proceeds. It has gone further, however, with the spread of cryptocurrencies and mobile online payment systems (see EDM, July 3, 2024). Operators can now interact instantly with networks of shell companies and electronic payment services via messaging platforms such as Telegram and WhatsApp, which can facilitate the quick transfer of money between accounts and create fake invoices (OCCRP, March 5). Ukraine’s targeting of Russian citizens expanded once Russian and Ukrainian law enforcement ceased to cooperate in the aftermath of Russia’s annexation of Crimea in 2014 and dramatically accelerated following Russia’s full-scale invasion of Ukraine in 2022 (Moskvich Mag, April 6, 2023; see EDM, September 3, 2024).

Following the formation of an investigative committee by the Ukrainian Verkhovna Rada in 2023 to address this criminal activity, new legislation was subsequently passed, lengthening prison sentences for these types of scams (Minfin.com.ua, March 7). The Anti-Corruption Human Rights Council in Ukraine estimated that there were around 2,000 call centers in Ukraine in 2023 (Anti-Corruption Human Rights Council, October 20, 2023). The Ukrainian city of Dnipro has been called the “capital of telephone fraud” in part because fraudsters there can target Russians more easily, as many in the region are fluent in Russian. Recent estimates by Russian financial institutions indicate that the number of call centers targeting Russians in Dnipro has declined to 350–400 (URA, June 26). This decrease may be a sign that the organizations have consolidated and improved their operational security, making them harder to detect.

Many of the call centers conducting fraud operations are located in former Soviet republics, yet they primarily target Russians. On the Russian-language cybercriminal underground, there exists an oft-explicit rule that advertising malware or services targeting Russia or members of the Commonwealth of Independent States is prohibited, likely due to the fear of detection by Russian security services, which have been known to monitor these communities. This new generation of fraudsters, however, is no longer afraid of the long reach of Russian security services, a potential sign that Russia’s influence over its former satellites is declining after Russia’s full-scale invasion of Ukraine (Global Initiative Against Transnational Organized Crime, April 7).

There is little reason to believe that this level of criminal activity will decrease anytime soon. Many in the region are experiencing a perilous economic situation and an erosion of the rule of law (see EDM, September 14, 2022, December 6, 2024, July 15; see Strategic Snapshot, May 8). The expertise that Ukrainian call center operators have honed prior to and throughout the conflict will likely not dissipate if the conflict ever ends, particularly given that their targets are now global, and the globalized economy allows such networks to move between countries with relative ease.