Swiss and German authorities arrested 10 people and the regional head of the Black Axe criminal network, which has carried out scams causing millions of Swiss francs in damages.

Europol supported the operation this week in Switzerland and has not released the names of the individuals arrested, most of whom were Nigerian in origin. The Black Axe is formally linked to the Neo-Black Movement of Africa, which promotes social justice and Pan-Africanism.

The Black Axe is a structured, hierarchical group with a global presence of more than 30,000 registered members. It is known for its involvement in a range of criminal activities, including cyber-enabled fraud, drug trafficking, human trafficking and prostitution, kidnapping, armed robbery, and fraudulent spiritual practices, Europol said in a press release.

“The group’s annual criminal proceeds are estimated to be in the billions of euros, generated through many small-scale operations that collectively have a significant impact,” Europol added.

Organized crime groups like the Black Axe are increasingly targeting both European individuals and organizations in cyber-enabled fraud schemes that generate substantial profits and significant losses—$64.1 billion in the EU in 2025 alone. These figures mean that fraud schemes are now the fastest-growing area of organized crime, according to Europol’s Internet Organized Crime Threat Assessment (IOCTA) 2026.

“While sophistication of techniques and modi operandi vary, cybercriminal networks are particularly active in fraud against payment systems, aimed either at stealing funds or at obtaining personal information,” the report explained. “Stolen data are not just used for the fraud scheme but often sold onwards and further exploited by other criminals, via clear and Dark Web, in a vicious loop where targets are relentlessly re-victimized.”

The 2026 IOCTA identified five factors that are enabling organized cybercrime activity to flourish:

1. Dark Web marketplaces are now fragmented, allowing specialized platforms to cater to specific criminal activities and pop-up even as law enforcement shuts others down.
   
   
2. Cryptocurrencies continue to be the preferred payment method for ransomware attacks, and the mixing of services in offshore jurisdictions complicates law enforcement tracking efforts.
   
   
3. Surface and Dark Web communication channels are becoming increasingly blurred as end-to-end encryption platforms and anonymized services now connect the two.
   
   
4. Domain Name System abuse allows criminals to exploit the time between domain registration and law enforcement intervention.
   
   
5. Criminals are moving towards more complex operational set-ups that exacerbate law enforcement's attempts to trace and dismantle.

New Technology Facilitates Fraud

Europol identified in the IOCTA that technological advancements are allowing fraud schemes that are characterized by velocity and complexity to net larger profits.

Artificial intelligence (AI). Generative AI is accelerating online fraud because criminal networks operating outside the European Union (EU) can use the technology to personalize their efforts and target EU citizens at a high rate, at scale. The IOCTA said this activity is occurring in the form of schemes where fraudsters use AI to impersonate bank helpdesk personnel or law enforcement representatives, as well as for business email compromise and CEO fraud.

“By advertising on very large online platforms (VLOPs), criminal networks can industrialize victims’ targeting and bypass geographic or linguistic barriers, a significant enabler especially for crypto investment fraud, now largely happening on VLOPs,” according to the report.

VLOPs include social media platforms where fraudsters often conduct malicious advertising campaigns to target victims by imitating banks, investment or trading platforms, or fake accommodation or merchandise listings.

“Unlike banks, which face license revocation for facilitating financial crime, major tech platforms currently lack comparable penalties to report fraudulent advertising effectively,” the IOCTA said.

Recent analysis from the U.S. Federal Trade Commission found that reported fraud losses from schemes that started on social media reached $2.1 billion in 2025. Fraudsters were particularly active on Meta’s platforms, causing reported losses of $794 million on Facebook, $425 million on WhatsApp, and $234 million on Instagram. All other social media sites accounted for just $599 million in losses that same year.

Cybercrime innovators are also creating large language models (LLMs) that are built—or adapted—to remove ethical constraints and filters seen on more traditional models. This adaptation allows the LLMs to be used for criminal purposes, such as creating malware samples, and creators can sell or provide access to their LLMs on the Dark Web.

SIM boxes. Fraudsters are using SIM boxes, devices that hold hundreds of SIM cards, to mask their communication data, make calls, and send SMS messages at cheaper rates. These actors are also creating SIM farms, where they can use these SIM boxes to send and make thousands of calls, messages, and social media posts to enable large-scale fraud.

“Active farms have been identified in the EU and are often utilized remotely by criminal networks based in other jurisdictions,” the IOCTA explained. “The global reach of these anonymity services illustrates that the SIM box ecosystem is a cohesive, transnational supply chain rather than a localized threat.”

IMSI catchers. Another technology that fraudsters are leveraging is an IMSI catcher—a device that mimics a cell tower to trick mobile phones in its range into connecting to it. Fraudsters can then use this connection to harvest personal and sensitive data.

IMSI catchers use a 2G connection, so the attack style allows fraudsters to operate “under the radar” of commercial telecommunication providers, the IOCTA said.

What Does the Future of Fraud Look Like?

Europol anticipates that organized crime groups will continue to utilize advancements in technology to evolve their fraud tactics. Challenges on the horizon include a rise in autonomous cybercrime where fraudsters use agentic AI to conduct entire criminal workflows with little human involvement.

“As adoption accelerates, these systems will further enable offenders to distance themselves from illicit operations, transforming cybercrime into an increasingly intangible and evasive threat,” according to the report.

Europol predicts that growing relationships between state-sponsored hybrid threats and cybercrime actors will pose challenges for authorities. It expects hacking coalitions to emerge that will target governments, private companies, and customers’ data via cyberattacks and fraud schemes.

To combat this activity, Europol explained that law enforcement will need to harness these same innovative technologies to disrupt and dismantle these organized groups.

“As criminals continue to exploit technological advancements, it is crucial that we enhance our capabilities and collaborate more effectively to protect our citizens and critical infrastructure,” said Edvardas Šileris, head of the European Cybercrime Centre at Europol, in a statement.

 

MOST POPULAR ARTICLES

1. From ‘Send Me the Video’ to Governance: How Privacy Makes Security Systems Defensible

2. Preventing Workplace Violence: Holistic Support Starts with Listening to Nurses

3. 3 Tools Providing Privacy Protections in Video Systems