In a coordinated law enforcement effort that spanned five months and five African nations, INTERPOL announced that its Operation Red Card resulted in the arrest of over 300 suspected cybercriminals and the seizure of nearly 2,000 devices linked to mobile banking fraud, investment scams, and messaging app schemes that collectively victimized more than 5,000 people. The operation, which ran from November 2024 through February 2025, represents one of the most significant multinational cybercrime enforcement actions ever conducted on the African continent, and signals a growing determination among African law enforcement agencies to confront the rising tide of digitally enabled financial crime.
The operation targeted cross-border criminal networks operating in Nigeria, South Africa, Zambia, Rwanda, and Benin, according to The Hacker News. Authorities recovered 1,842 devices during the operation and identified criminal schemes that ranged from SIM box fraud and telecom signal manipulation to sophisticated social engineering campaigns conducted through messaging platforms. INTERPOL stated that the intelligence-sharing framework underpinning the operation was critical to its success, with private-sector cybersecurity partners including Kaspersky, Group-IB, and Trend Micro providing threat intelligence that helped law enforcement agencies identify suspects and map criminal infrastructure.
A Continent-Wide Assault on Digital Fraud Networks
Nigeria’s contribution to Operation Red Card was among the most significant. Nigerian authorities arrested 130 individuals, including 113 foreign nationals, suspected of involvement in online casino fraud and investment scams. According to INTERPOL’s public reporting, investigators found evidence that some of the suspects had been recruited through human trafficking networks and forced to carry out cyber fraud operations — a disturbing trend that mirrors similar findings in Southeast Asia, where criminal syndicates have enslaved thousands of people in so-called “scam compounds” across Myanmar, Cambodia, and Laos.
In South Africa, law enforcement dismantled a network of more than 40 suspects linked to SIM box fraud, a scheme in which criminals use banks of SIM cards to reroute international calls as local calls, defrauding telecommunications companies of revenue while also facilitating large-scale SMS phishing campaigns. Authorities seized over 1,000 SIM cards and more than 50 desktop computers during the South African raids. SIM box fraud has become a persistent problem across Africa, where rapid mobile phone adoption has outpaced regulatory and technical countermeasures. The South African arrests underscore the degree to which telecom infrastructure manipulation has become intertwined with broader cybercrime operations.
Rwanda and Zambia: Messaging App Scams and Financial Deception
Rwandan authorities arrested 45 individuals as part of the operation, accusing them of running social engineering scams that defrauded victims of more than $305,000 in 2024 alone. Some of the suspects impersonated telecommunications employees and sent fraudulent text messages claiming fake lottery winnings, while others posed as injured or ill family members to solicit money through messaging platforms such as WhatsApp and Telegram. Rwandan police said they recovered $103,043 in stolen funds and seized 292 devices during the arrests.
In Zambia, authorities zeroed in on a criminal group that had deployed a modified malware variant distributed through malicious links sent via SMS and messaging apps. Once a victim clicked the link, malware was installed on the device that gave attackers access to banking applications and the ability to propagate the malicious link to the victim’s contacts through messaging platforms, effectively turning each compromised phone into a distribution node for further infections. Zambian police arrested 14 suspects in connection with the scheme. The malware distribution method described by authorities bears similarities to widely documented Android banking trojans that have plagued mobile users across Africa and beyond.
The Growing Scale of Cybercrime Across Africa
Africa has experienced an explosion of cybercrime in recent years, driven by a combination of rapid digitalization, expanding mobile money platforms, and enforcement gaps that criminal networks have been quick to exploit. The African Union estimated in a 2024 report that cybercrime costs the continent approximately $4 billion annually, a figure that many security researchers believe significantly understates the true economic impact when accounting for unreported losses and indirect costs such as diminished investor confidence and erosion of trust in digital financial services.
Mobile money platforms, which have transformed financial inclusion across sub-Saharan Africa by enabling millions of unbanked individuals to conduct transactions via basic mobile phones, have become a particularly attractive target. Kenya’s M-Pesa, the continent’s largest mobile money platform, processes billions of dollars in transactions annually, and similar services have proliferated across West and Southern Africa. The same accessibility that makes these platforms transformative for economic development also creates attack surfaces that criminal groups have learned to exploit with increasing sophistication. Operation Red Card’s focus on mobile banking fraud and messaging-based scams reflects this reality.
INTERPOL’s African Cybercrime Strategy Takes Shape
Operation Red Card is the latest in a series of INTERPOL-coordinated operations targeting cybercrime in Africa. In 2023, INTERPOL’s Operation Africa Cyber Surge II resulted in the arrest of 14 suspects across 25 African countries and the identification of more than 20,000 suspicious cyber networks. Earlier operations, including the first Africa Cyber Surge in 2022, similarly focused on building cross-border cooperation and intelligence-sharing capacity among African law enforcement agencies, many of which have historically lacked the technical resources and institutional frameworks necessary to investigate complex cybercrime cases independently.
INTERPOL Secretary General Valdecy Urquiza said in a statement that Operation Red Card “demonstrates the power of international cooperation in combating cybercrime, which knows no borders and can have devastating effects on individuals and communities.” The operation was conducted under INTERPOL’s African Joint Operation against Cybercrime (AFJOC) program, which is funded by the United Kingdom’s Foreign, Commonwealth and Development Office. AFJOC has been instrumental in building cybercrime investigation capacity across the continent, providing training, equipment, and operational coordination support to participating countries.
Private Sector Intelligence Proves Indispensable
The role of private-sector cybersecurity firms in Operation Red Card highlights an increasingly important dynamic in international cybercrime enforcement. Group-IB, the Singapore-headquartered threat intelligence firm, provided INTERPOL with intelligence on identified threat actors and their infrastructure. Kaspersky contributed analysis of malware samples and malicious Android applications targeting African users, while Trend Micro shared information on fraudulent activity linked to the criminal networks under investigation. This public-private intelligence-sharing model has become a standard feature of major INTERPOL cyber operations, reflecting the reality that private security companies often possess more granular and timely threat intelligence than government agencies.
The involvement of these firms also raises questions about the long-term sustainability of African cybercrime enforcement efforts. While INTERPOL-coordinated operations generate significant arrests and seizures, the underlying conditions that fuel cybercrime on the continent — including high youth unemployment, inadequate cybersecurity regulation, and the rapid expansion of digital financial services without commensurate security investment — remain largely unaddressed. Security researchers have noted that arrest-focused operations, while important for disruption and deterrence, must be accompanied by structural investments in cybersecurity infrastructure, regulatory frameworks, and public awareness campaigns to produce lasting reductions in cybercrime.
Human Trafficking and Cybercrime: A Convergence of Crises
Perhaps the most alarming dimension of Operation Red Card’s findings is the evidence linking cybercrime operations to human trafficking. The arrest of 113 foreign nationals in Nigeria who were allegedly trafficked and forced to participate in cyber fraud schemes echoes a pattern that has drawn intense international scrutiny in Southeast Asia. The United Nations Office on Drugs and Crime has documented extensive forced-labor cyber fraud operations in the Mekong region, where hundreds of thousands of people — many of them lured by false job advertisements — have been held against their will and compelled to conduct online scams targeting victims worldwide.
The emergence of similar patterns in West Africa suggests that the forced-labor cyber fraud model may be spreading globally, adapting to local conditions and exploiting vulnerable populations in new regions. Nigerian authorities have not disclosed the nationalities of the foreign suspects arrested, but the scale of the trafficking component indicates organized criminal networks with transnational reach. This convergence of cybercrime and human trafficking presents enforcement challenges that extend well beyond the capacity of any single country’s law enforcement apparatus, reinforcing the case for the kind of multinational coordination that Operation Red Card exemplifies.
What Comes After the Arrests
The 306 arrests announced under Operation Red Card represent a significant operational achievement, but the harder work of prosecution and systemic reform lies ahead. Cybercrime cases are notoriously difficult to prosecute, particularly in jurisdictions where legal frameworks have not kept pace with technological change. Many African countries have enacted cybercrime legislation in recent years — Nigeria’s Cybercrimes Act of 2015 and South Africa’s Cybercrimes Act of 2020 among them — but enforcement remains uneven, and courts often lack the technical expertise to adjudicate complex digital evidence.
INTERPOL’s continued investment in African cybercrime enforcement through programs like AFJOC signals recognition that the continent’s digital transformation, while enormously beneficial, carries risks that demand sustained international attention. As mobile connectivity and digital financial services continue to expand across Africa, the criminal opportunities they create will expand in parallel. Operation Red Card has demonstrated that coordinated multinational action can disrupt these criminal networks. Whether it can deter them in the long run will depend on commitments that extend far beyond any single operation.