201 arrested in INTERPOL disruption of phishing and fraud networks

Operation Ramz, a cybercrime initiative coordinated by INTERPOL across the MENA region, focused on disrupting phishing campaigns, malware activity, and cyber scams that caused substantial financial losses across the region. The operation resulted in the arrest of 201 individuals and the identification of an additional 382 suspects.

Moroccan authorities seized computers, smartphones and external hard drives containing banking data and software used for phishing operations. (Source: INTERPOL)

Authorities identified 3,867 victims and seized 53 servers. To support investigations conducted between October 2025 and 28 February 2026, nearly 8,000 pieces of intelligence and investigative data shared across 13 countries in the Middle East and North Africa.

Country-level actions under Operation Ramz

In Qatar, investigators found that device owners were unaware that their systems had been used to distribute malicious activity. The affected systems were secured, and device owners were notified and advised on preventive measures.

Jordanian police traced the location of a computer used in financial fraud schemes. Victims were persuaded to invest through what appeared to be a legitimate trading platform, which shut down after funds were deposited. Fifteen individuals involved in the operation were victims of human trafficking who had been recruited through false employment offers in their home countries across Asia. Upon arrival in Jordan, their passports were confiscated, and they were forced or coerced into participating in the scheme. Police arrested two individuals who orchestrated the operation.

Investigators in Oman identified a server located in a private residence that contained sensitive information. The server had several critical vulnerabilities, including malware infections, despite the owner’s legitimate access to the data. Authorities disabled the server to prevent additional harm.

Investigators in Algeria identified and dismantled a phishing-as-a-service website. They located and seized the server, along with a computer, a mobile phone, and hard drives containing phishing software and scripts. One suspect was taken into custody.

Moroccan authorities seized computers, smartphones, and external hard drives containing bank data and software used in phishing operations. Three individuals are undergoing judicial proceedings, while others remain under investigation.

To support efforts to track illegal cyber activity and identify malicious servers, INTERPOL worked with partners Group-IB, Kaspersky, the Shadowserver Foundation, Team Cymru, and TrendAI.

“In a world where cybercriminals exploit the digital landscape without borders, Operation Ramz demonstrates the effectiveness of global collaboration. INTERPOL is dedicated to working with its member countries and private sector partners to take down malicious infrastructure, disrupt criminal groups and bring perpetrators to justice,” Neal Jetton, INTERPOL’s Director of Cybercrime, said.