When Annika Gustafson and Anthony Adams first started chatting over the phone, they hit it off immediately. He told her to call him “Tony.” To him, she was always “dear.” He shared his dream of seeing the Northern Lights before he died, and promised to visit her in Sweden one day.
Annika, a retired journalist in her late 60s living in the country’s north, had been feeling anxious about money. She needed expensive dental work and didn’t have the cash to cover it. When she responded to a Facebook ad touting a new investment scheme in October 2023, Anthony got in touch.
He told her he was a senior financial adviser based in the U.K. who loved working with “beginner” investors. He said that, backed by an expert team, he could help Annika make money investing in stocks and cryptocurrency. Annika quickly came to trust him.
But within five months she had lost all her savings, been plunged into debt, and was considering suicide.
Annika Gustafson.
“Anthony Adams” wasn’t an urbane British investment adviser at all. He was a professional scammer based out of a call center in Tbilisi, the capital of Georgia.
Scammers like “Anthony” have been operating with relative impunity for years, emboldened by the ease of setting up call centers in the internet age and the fact that law enforcement agencies struggle to follow complex scams across borders. Estimates of their prevalence vary widely, but experts agree that hundreds of billions of dollars are lost annually to online scams like the one Annika fell prey to.
“The laptop, so to speak, is now the sharpest sword in the arsenal of criminal groups,” said Jürgen Stock, the former secretary general of Interpol.
But now, a team of journalists has obtained an inside view of how these scams operate, thanks to an unprecedented leak from two groups of call centers.
The massive archive contains internal documentation, records of money flows, screen recordings of the scammers’ computers, and even over 20,000 hours of audio-recorded phone calls, allowing reporters to listen in as scammers gained their victims’ trust before destroying their lives.
The leaked files analyzed by OCCRP and partners came from two separate scam operations, one based in the country of Georgia, and another with offices in Israel and multiple European countries. Though reporters found no evidence that these operations are controlled by the same group, they operate in very similar ways — and at a massive scale.
According to financial records maintained by managers of the Georgian operation, it received $35.3 million from more than 6,179 “clients” between May 2022 and February 2025.
The Israeli/European operation recorded much bigger numbers: It received $240 million from would-be investors between January 2021 and December 2024, according to internal transaction sheets. The money came from over 26,000 people in 33 countries, with most clients living in Canada, Spain, Australia, the U.K., and South Africa.
But reporters didn’t just get a glimpse of the scammers’ finances — they entered their world. They were able to watch as scammers chatted with each other on Telegram and Skype, swapping jokes and cheering each other on with animated GIFs when they convinced an unwitting victim to send more money. Internal chats also show scammers gloating over clients’ distress once they realize they’ve been scammed, at which point victims are often passed on to other agents who impersonate law enforcement and tax authorities and trick them into paying even more, supposedly to release their lost funds.
Fake passports used by scammers at the call centers.
The leaked files also reveal that these merciless scams are enabled by an entire ecosystem of service providers that make it possible to set up — and scale up — these operations.
Some of these providers are legitimate businesses that scammers can easily exploit, like online “neobanks” and voice-over-IP services. Others appear to largely cater to scammers, like a firm we uncovered that helps people avoid banking compliance efforts by making fake invoices and providing scammers with details of ready-to-go shell companies and bank accounts. A thriving online marketing sector helps ensnare victims with fake ads, collects their contact details, and sells them to scammers.
“These call centers are extremely professionally structured and organized and are managed accordingly,” said Nino Goldbeck, a senior public prosecutor in the German state of Bavaria who specializes in cybercrime.
“Well equipped, good IT, good equipment…We’ve often been really amazed at how well they work, how well everything is monitored and recorded. In our opinion, the accounting in such companies is sometimes almost better than in many completely legal companies.”
The industry also thrives because of its ability to elude law enforcement by crossing borders — scammers can open companies in minutes, move money through a web of international transactions, and target victims in far-away countries.
For crime groups looking to turn a profit, operating a call center can be more lucrative than trafficking drugs, since the margins are higher and the risks of being caught much lower, according to an investigator from Spain’s Mossos d’Esquadra, the Catalonian police, who specializes in investment fraud networks.
“The profits they make without risking anything are enormous."
Spanish investigator
“The profits they make without risking anything are enormous,” said the investigator, who was not authorized to speak on the record about his work.
On the other side of the phone line are people who are pushed to the brink of financial — and often psychological — ruin.
Reporters reached 182 people targeted by the Georgian and Israeli/European call centers, using information within the leak to find them. More than 90 percent of them, or 166 people, said they had been scammed. Their total confirmed losses exceeded $21 million, and 85 of them told journalists that they had gone to the police.
Though many of these victims lost relatively small sums, some were cheated out of life-altering amounts of money. One of them was Annika, who is living on a pension and says she will never financially recover from her run-in with Anthony.
“I was devastated, absolutely devastated,” she told OCCRP. “I felt so stupid, betrayed and ashamed. … I didn’t tell anybody for a long time.
“I didn’t want to live any more.”
About the 'Scam Empire' Project
Scam Empire is a collaborative investigation by OCCRP, Swedish Television (SVT), and 30 other media partners from multiple countries. Based on 1.9 terabytes of leaked data obtained by SVT, reporters expose two groups of call centers, based in Israel, Eastern Europe, and the country of Georgia, whose employees have convinced at least 32,000 people across the world to make “investments” totalling at least $275 million.
Gaining Victims’ Trust —Then Destroying Their Lives
Like dozens of other victims we spoke to, Annika got reeled into the scammers’ universe through an advertisement she saw while browsing Facebook. Formatted like a news story, it claimed that a famous Swedish television host had found a way to “earn money while she sleeps.”
“At first I thought, ‘This is a hoax,’” she told SVT in an interview. “But then I saw that it was some serious journalist at Aftonbladet who had checked this out … and I thought yes, why not?” After all, Annika was desperate to fix her teeth, and she didn’t know where else she would get the money. She entered her contact information into the page.
It was a fateful decision. Annika was now a “client” of “Golden Currencies,” a completely fake investment platform.
Although Golden Currencies had a logo, a website, and a motto (“Get more for less”), reporters were unable to identify an actual company behind the branding. (British regulators issued a warning in November calling it a “clone” firm set up to spoof a licensed company.)
Instead, a marketing company was behind the Facebook advertisement. When she filled out the contact form, Annika became a “lead” that the marketing firm could sell to a scam call center.
The Scam Empire data reveals that this is a typical tactic: Hundreds of marketing firms feed the names of people like Annika to scam centers, who then call them directly to pitch their products. In exchange, the marketers get a payment for every “lead” who can be converted into a “client.” The going rate for a Swedish victim was around $1,350, the second-highest rate in the world, according to spreadsheets of marketing payments found in the leak.
The Marketing Company
There is no evidence these firms were aware they were servicing scammers, but there were several red flags about the operations, including the fact that the financial platforms being advertised were in many cases unlicensed, and some had been flagged by regulators around the world. The promoted ads often used fake celebrity endorsements and fake news sites — as in Annika’s case — and the compensation per lead was also extremely high for the industry.
Annika’s name ended up with the Georgian scam operation, run by a company called A.K. Group. With three offices in Tbilisi, the country’s capital, it was staffed by young, multilingual Georgians who had received intensive training in how to pretend to be “financial advisers” who could help their clients get rich quickly.
Diamond Jewelry, Lavish Holidays, Range Rovers, and Porsches
Along with the other agents, Anthony likely worked in A.K. Group’s largest office on Kavtaradze Street, a leafy thoroughfare that runs through a Soviet-built residential neighborhood in the west of Tbilisi.
One of the call centers identified by the journalists is located on Kavtaradze Street in Tbilisi, the capital of Georgia.
Internal documents and communications reveal an office life that, in many respects, wouldn’t look out of place at a normal company. The call center staff clocked in and out of work, enjoyed office parties, underwent performance reviews, and exchanged memes and GIFs of Hollywood celebrities in office chat groups.
But there are also clues that something darker was happening. Employees used code names in their chats and even in official internal spreadsheets. Their office has no signage and was rented on A.K. Group’s behalf by a company owned by a proxy — an internally-displaced person from the breakaway region of Abkhazia.
And when the employees received bonuses, their rewards were linked to the amount of money they had extracted from their “clients.” An internal spreadsheet shows that high-performing staffers made over $20,000 some months in a country where the average monthly income hovers around $750.
These earnings afford them a high-flying and sometimes decadent lifestyle, replete with diamond jewelry, lavish holidays, ostentatious weddings, Range Rovers and Porsches.
Highlights from the Instagram account of a scammer at A.K. Group, Veriko Charchian, who showed off pricey purchases and international holidays on social media.
Earning all that money required an organized workflow. Like many sales operations, the Georgian scam organization was divided into “conversion” and “retention” teams.
The “conversion” team was filled with fresh recruits. After receiving batches of leads from an affiliate marketer, their job was to call them one by one, gauge their interest and level of expertise, and quickly pass them on to a more experienced agent if they proved willing to make a small initial investment.
They were instructed to present this as an opportunity. “[Sell] the senior, presenting them as a figure of authority,’” reads an instructional manual found in the leak.
Scamming 101
Call center staff are carefully trained — after all, the success of an investment scam hinges on how convincing the agents are.
Here are excerpts from training materials we found in the "Scam Empire" leak.
Day 1
New recruits are asked to reflect on the average salary in their country. (In Georgia, it is just $750 per month.). Then they’re told how much they could conceivably earn at a call center. The difference is eye-popping — at A.K. Group, some agents earned $28,000 some months.
They also practice:
Reading pitches aloud “to test tonality, speed, fluency, etc”
Reflecting on what they would do with a $10,000 windfall. (“Every client will also have an answer to this question,” the syllabus notes.)
For homework, they are assigned to “decide on a stage name that suits your accent/background”
Day 2
By Day 2, agents have moved on to practicing “objections and rebuttals” — for every reason a “client” might give for not wanting to invest, the agent has detailed rebuttals at hand to override their objections.
They also play something called “the Objection game” which involves learning to “think on your feet” while a trainer lobs objections at you.
Their homework tonight is to learn the call center’s “basic script” for calling a potential client for the first time, and practice saying it out loud.
Day 3
On Day 3, agents move on to practicing “KYC,” or “know your customer.” This is the term used by real banks and other financial service providers for a series of checks they must perform to ensure that they aren’t enabling financial crime.
Scam call centers have cynically repurposed the term — their “KYC” refers to pumping their “customers” for information that can be used against them later.
Agents-in-training “practice asking KYC questions in a non-interrogative way” through a game in which they talk to simulated clients. “Discuss types of clients and what they want to hear,” the curriculum reads.
Days 4 and 5
At the end of their first week of training, agents focus intensively on simulating calls with clients, with a focus on “transferring the call’ to a more experienced scammer.
Agents who pass the training course will be placed on the call center’s “conversion” team, which attempts to “convert” leads into customers.
As soon as this happens, they are told to get the customer into the hands of a more experienced person — who they can sell as a “senior” financial adviser available to top customers — who will try to pump the target for more funds.
The 'Basic Pitch'
The leak also contains a copy of the “basic” pitch used by new agents the first time they speak to a client.
They are told to introduce themselves as a representative of the fake investment platform the client “signed up” with (usually, by clicking an online advertisement).
“Do not ask if they are busy, if they have time to talk, if they remember signing up etc.,” the script orders. Instead, agents should plow ahead with their pitch, which sells the company as an educational platform that can help “beginners” make more money by learning to invest.
"Know Your Customer"
The basic pitch also includes an outline of the call center’s KYC process. Agents are supposed to ask a series of questions to determine a new "client's" experience level (including whether they’ve been scammed before): “Do you have any experience trading and investing online?” “Do you work in finance or something related?” “What do you do for work?”
They also ask the customer’s age — and are instructed to throw in a compliment for good measure. “You sound very young to have been XYZ for 10 years” is one suggested wording. (Recordings of calls from the center show that many agents did indeed use that line.)
The Rebuttal Bible
The leak also contains a seven-page list of rebuttals to the most common reasons someone might not want to “invest,” from “I don’t have money” to “I am happy with my financial situation” (“No one is happy with their financial situation,” the agents are told to reply. “Not even billionaires.”)
Other objections include: “Are you regulated?” (Answer: “We are an educational company, so we are not required to be regulated.”) and “I just want to keep my money in the bank. (“Do you know what the bank is doing with your money? They make money from your money. They are trading with it … Why would you want your money to make some CEO rich and not you?”)
Performance Reviews
After they start work, agents are still expected to learn. Performance reviews found in the leak reveal what call center management values: the ability to think quickly, improvise, and be utterly convincing. Recruits are also ranked on their voices (are they pleasant or “irritating”?), the quality of their English, and how hard they “push” and “solve objections.”
One agent, using the name “Mike Hastings,” is dinged for “losing too much time, no drive, and … mentioning scam on his own.”
“Veronika Nowak,” on the other hand, has a “little bit irritating” voice, but gets 10 out of 10 for being pushy and refusing to take no for an answer. “Not letting costumer make the decision which she’s not okay with,” the reviewer notes approvingly.
It was actually a deeper trap. The most skilled salespeople sit on the “retention” team, where their job is to extract as much money as possible from their clients.
Divided up into different language “desks,” the call center agents use fake names that match the country they are tasked with calling — in the Georgian call center, agents calling Spain had names like “Esteban Fernandez,” while the Russian desk was led by “Kseniya Koen” and the English desk employed “Mary Roberts.”
Along with the pseudonyms, they gave themselves impressive titles — usually “financial advisers” — as well as detailed back stories and fake identity documents they could send to clients who doubted their legitimacy. Some of the female agents sent male clients photographs of a beautiful green-eyed woman, claiming to be her. (The images were actually taken from the social media account of a Ukrainian woman.)
Scammers Flatter Their Victims — But Trash Them in Private
After submitting her information, Annika first received a quick phone call from a man who spoke poor English — internal records show that he was a conversion agent using the alias “Lucas Hoffman.” He convinced her to make a small initial payment of around $250 to join Golden Currencies and promised to connect her with a colleague in London for further guidance.
“It didn’t take many minutes and this one called,” she recalled. “Anthony Adams.”
Recordings of Anthony’s calls with Annika show that he had a smooth, polished pitch and a deft handle on his backstory as “senior financial adviser,” although his English was accented to the point where she asked him if he was really from the U.K. (Anthony’s ready answer? He was born in Toulouse.)
In reality, the man behind the pseudonym writes and speaks in fluent Georgian with his colleagues, the leaked files show. On his desktop, reporters found a copy of a British passport that was clearly doctored, using an AI-generated image available online.
On that first call with Annika, Anthony asked her what she would do with the investment windfall she was sure to receive — a tactic scammers learn in training. “I love when my clients are motivated,” he said, suggesting she might want to buy a new car or take a holiday.
Annika replied that after fixing her teeth, she dreamed of giving her profits to the homeless. Anthony complimented her effusively, calling her a lovely woman. He also had good news for her: She had already made a “profit” of $19.
But the scammer’s sweet side frequently dropped away in internal chats with colleagues, and even in some conversations with clients when they did not cooperate. In one case, he prank-called a man who had caught on to the scam, claiming to be a delivery man bringing a sex toy to his wife.
“Family full of dickheads,” Anthony wrote in a note on his internal customer relationship management software, which the scammers used to track approaches to potential victims.
On another occasion, he left a string of expletive-ridden comments in the software to denigrate a target: “She is a fuckin bitch // said that doesn’t want calls every month // thinks that I’m gonna trade for her like a slave // said that has investment plan for whole year and isn’t willing to invest more // … hope all her properties will fuckin burn down // dumb bitch.”
Gaining Access to Victims’ Computers
During the months Annika was in touch with Anthony, she was in poor health and he pestered her with incessant contact, sometimes ringing several times a day. Recordings of the dozens of calls he made to her create the impression of a woman bowled over by his confidence and persistence.
Early in their relationship, Annika allowed Anthony to walk her through the process of downloading a remote-access software program called AnyDesk.
Although AnyDesk has many legitimate uses, call center scammers frequently use it to gain access to vast amounts of personal information from their victims’ computers.
In thousands of screen recordings of scammers’ computers reviewed by OCCRP, it was very common to see AnyDesk open on one side of the screen so that scammers could keep an eye on their victims.
Reporters even saw scammers chatting with their victims while watching through AnyDesk as they typed their responses, creating a haunting mirror image.
A typical view of a scammer's desktop. On the left side, the scammer looks up a client's entry in her customer relationship management system. In the middle is a VoIP app she uses to make calls. On the right, she is watching through AnyDesk as her "client" chats with her.
AnyDesk told OCCRP that it was “tirelessly working to prevent” the use of its software by scammers and worked closely with law enforcement to fight against scam call centers. “We even have a warning in place for first-time connections from suspicious accounts where the end user has to type, ‘I read this,’ said a spokesman, Matthew Caldwell. “Unfortunately, a large portion of these attacks involve social engineering where a victim is coached around these automated countermeasures we put in place.”
After Annika installed AnyDesk, Anthony began to guide her even more closely, explaining in minute detail where she should click in the Golden Currency-branded trading platform to secure her profits.
“I want you to move [the] mouse to the right side,” he said in one phone call. “Okay, to the bottom right now. Go below. Down. Go down. Stop, no, not so much.”
Eventually, he directed her to click on a red “close” button: “You see $30? That’s our profit for today. … Congratulations. So, we have closed the positions and we have made this profit.
After these initial “gains,” it was time for the real “investing” to begin. In mid-January 2023, Anthony called with news of a fantastic VIP deal: He had inside information on the electric vehicle company Tesla, and if Annika sent him just $2,500, he could help her make a “risk free” investment in the firm.
“Oof,” she said when she heard the amount, which was far more than the $650 she had at her disposal. But he promised she would recoup her investment, and more, after just three days. She agreed to send the money. (Internal logs from the call center confirm that she made this payment.)
A "letter of guarantee" sent by Anthony Adams to a British client of the fake investment platform Golden Currencies shows the same type of reassurances he made to Annika: that her investment was "risk free" and her money would only have to be held for a short period of time.
Three days later, Anthony called with great news.
“Let’s check our platform,” he told her, watching through AnyDesk as she moved to the Golden Currencies website. “All right, here we are,” he announced. “You see on the bottom there? $6,288. So we made an amazing profit. We made approximately $2,700 on a Tesla deal. So that was something amazing.”
A screenshot of an agent's computer from inside the A.K. Group call center shows what a client might have seen while "trading" on the Golden Currencies investment platform. At left is the agent's desktop; at right is the client's. The agent is watching through AnyDesk.
In fact, none of Annika’s money had been invested in Tesla at all. (Even if it had been, she couldn’t have doubled her money on Tesla stock, since the company’s share price was falling in January 2024.)
Things moved faster after that. Immediately after her successful Tesla deal, Anthony proposed another one — a much larger investment in Bitcoin.
Annika had nowhere near enough cash to afford what he proposed, so Anthony suggested she take out a loan. Call logs show how he logged into her bank’s website and filled out a loan application on her behalf. When that didn’t work out, he helped her apply for several other loans, before a Swedish provider finally agreed to lend her the equivalent of around 9,000 euros.
Then it was time to send him the money.
Neobanks, Cryptocurrencies, and Shell Companies
Annika can’t recall precisely how she made her payments to Anthony, but internal records from inside the call center show they arrived through cryptocurrency exchanges.
This was typical of the cases examined by reporters in both call center operations. Victims would be instructed to convert funds to crypto and send it to wallets, or to set up accounts with online-only “neobanks” or online payment service providers to speed up their transactions.
From there, the money would be whisked away through a series of shell companies registered in different jurisdictions, often set up and owned by proxies to disguise their ownership. OCCRP found victims’ money moving through companies owned on paper by a fashion model and a perfume vendor, among others. Some victims were even used as “mules,” unwittingly sending money to other victims who scammers were trying to reel in with small payouts.
In order to send her second, larger payment to him for the so-called Bitcoin investment, Anthony walked Annika through the steps of opening an account at Wise, a major “neobank.” But her attempted transfer was blocked.
(In response to a request for comment, Wise said its verification processes, transaction monitoring, and account deactivations “help us prevent, detect and stop potential instances of financial crime and abuse of our services.”)
Scammers and NeoBanks
In the cases examined by reporters, scammers often told their victims to open accounts at neobanks like Revolut or electronic money services providers like Wise that are not as stringently regulated as commercial banks.
Giving up on that approach, Anthony then told Annika to simply wire the money from her bank to an obscure cryptocurrency exchange, Cratos. (Its X.com profile, which has just one follower, says it is based in Estonia, but its website says it is operated by a licensed Canadian firm, Blue Whale Tech Inc.)
He coached her carefully in what to say if this transaction was questioned:
“If they will ask you, did anybody help you with the registration on WISE? Tell them, no, I did it by myself, okay? And there's a chance that they can mention AnyDesk as well, for example, okay? Or any screen sharing application. Tell them that you're not using anything like this, okay? You did everything by yourself. And you're just simply moving the money to your personal account, all right? … So if they will start questioning you a lot, don't be afraid of being a little bit strict, okay? The money is not the bank's money. The money is yours, all right, Anika? If they will ask you something. So you know the whole story right now, right? … Even if they will tell you, there were the cases, to be honest, where some of the banks told to my customers that it's a crypto, it's a scam, you will lose this money, and blah, blah, blah, just to threaten them, okay? Because they don't like when you're moving the money out of the bank. So don't be afraid of that.
But it apparently never was.
Cratos is listed in internal documents as the source of nearly $350,000 sent by at least 40 clients of the Georgian call center operation, including Annika.
In response to a request for comment, Cratos wrote: “Cratos is a crypto exchange platform, providing clients with exchange services like fiat to crypto or crypto to fiat and we are not informed where the crypto or fiat goes after the transaction … we do not deal with any call centers or business clients as our clients are 100% individual clients.”
When reporters attempted to send a follow-up message to the firm a day later, its email account had been disabled.
Blue Whale Tech Inc.
“I’m Considering Suicide”
Not long after Annika’s big investment, the shutters came down.
Completely out of money, she asked Anthony to withdraw 74,000 euros she thought she had made through his investment advice. Suddenly, Annika received an official-looking notice claiming that the transaction had been flagged for potential money laundering. To get the funds, she would have to make another large payment to a “cold wallet,” Anthony helpfully explained.
It was money she didn’t have.
“I’m considering suicide,” Annika said bluntly when Anthony told her that the transfer was blocked.
“Okay, you need to keep calm for a moment, please. The suicide is not going to be returning your money or it's not going to be making you to feel better,” Anthony said, before encouraging her to borrow more from anybody she could — relatives, friends, neighbors or colleagues — in order not to “lose” her fictitious investment.
“I’m on the verge of crying and I’m scared,” Annika said.
“Scared of what?” Anthony asked
“I’m scared that I’ve lost all my money and I still owe 100,000 [kronor] that I’ve borrowed,” she replied.
OCCRP and our partners reached out to hundreds of people like Annika who were listed in the call centers’ databases as “clients.” Many had harrowing stories of having been pushed to their mental and financial limits by voracious scammers who wouldn’t take ‘no’ for an answer.
Victims spoke of emptying their savings accounts, taking out bank loans, and borrowing from friends and family in desperate attempts to regain what they had lost. They told of crippling debt, trauma, and an inability to trust strangers. Several said they had contemplated suicide.
“My whole world collapsed”
Retired scientist Helmer Södergård from Finland estimates he lost 26,000 euros after clicking on a Facebook ad for an investment scheme. Scammers who called him after he entered his contact details persuaded him to download a remote management system that gave them access to his phone and bank account, taking the money without his permission, he told Finnish public broadcaster Yle and local police. Leaked audio calls show how, months later, swindlers targeted him again, promising to recover his lost savings. This time he furiously stood up to them. His financial losses drove him into a deep depression. “My whole world collapsed,” said Helmer, who is now 72. “I died in that place. It was pain, pain, pain.”
“They took everything from me.”
When a Spanish architect fell prey to scammers, she was already under intense stress: she had just suffered a stroke, was being treated for breast cancer, and had recently divorced. After clicking an online ad, she spoke with a supposed broker who said he would help her invest in safe stocks and commodities. But what she had intended to be a small investment ballooned into a loss of almost 400,000 euros. “At the time, I was fresh out of a stroke operation and was undergoing chemotherapy. A lot of things made me more vulnerable,” the architect, who asked to be identified only by her initials, IGP, told InfoLibre. “They took everything from me.”
“They know how to persuade people to do anything.”
A Latvian couple in their 80s lost their life savings — around 50,000 euros — after pouring money into what they thought were investments in oil. Believing that they would get back their money plus profits if they just kept paying the fees demanded by the scammers to release their funds, they borrowed from friends and relatives, and asked neighbors to make payments on their behalf when money transfer services refused to make any more transactions. Later, they even asked strangers to transfer money on their behalf as scammers demanded more money to release their supposed investment earnings. The fraudsters communicated in Russian with the couple, who asked to be identified by the pseudonyms Laimonis and Sandra since they fear reprisals. “They have studied psychology, they know how to talk, they know how to persuade people to do anything,” said Laimonis.
“I can't understand why anyone would do that.”
Canadian factory worker Marcel Deschamps, 59, was left penniless by scammers who targeted him repeatedly. One then posed as a cryptocurrency expert, promising she could help him recover funds he had lost. He estimates he paid a further 3,500 Canadian dollars due to the recovery scam. Eventually he confronted one of his scammers in a call. She told him to “go kill yourself.” In an interview with CBC/Radio-Canada, Marcel said: “I can't understand why anybody [would] do that to anybody. To scam people out of their money, their life savings.”
“They play on people’s naivety.”
A Belgian policeman lost more than $2,500 to a scammer who was not deterred by his profession. In one text message she even wrote: “You are not my first policeman client.” The policeman, who is identified by OCCRP’s partner De Tijd by the pseudonym Maarten, thought he was buying bitcoin, but through his own research discovered the trading platform he had signed up to was a sham and was advised by a police colleague to stop. “They play on people’s naivety,” Maarten told De Tijd. 'You hear so much about cryptocurrencies — that bitcoin has risen so sharply — and you want to invest in them yourself. I suspect that I am not the only policeman who has fallen for this.”
“I’m really embarrassed by that.”
A British victim identified by the pseudonym Mark, who says he was first lured in by a fake video featuring British celebrity Ben Fogle supposedly promoting online trading, lost at least 25,000 pounds to an investment scam in which the perpetrators supplied him with fake invoices to get transactions past his bank. They even instructed him what to tell the bank if it raised questions over the payments. It looked like his profits were going up on the trading platform he signed up for — but that platform was a fake. He told OCCRP he had gone into it hoping to make enough money for a deposit on a house. “I basically spent my inheritance that my granddad left me,” he said. “I’m really embarrassed by that. One friend and my girlfriend know about it. Nobody else does.”
“All this money was my life savings.”
A surgeon in Spain lost almost 1 million euros to scammers, believing that he was investing via an international gold and oil trading platform. He first came across the scheme in a newspaper ad endorsed by a well-known Spanish businessman. Fraudsters promised to pay out if he kept investing, calling him day and night to push him into further deposits — but he never received profits. “I’m a doctor and doctors basically trust people a lot. We're used to people offloading on us and we try to be at this threshold. So this has really affected me. I was lucky that my family supported me and encouraged me and helped me recover. Because all this money was my life savings.”
“There was always some kind of buzz about investing.”
An experienced Lithuanian businessman estimates he lost the equivalent of $380,000 in a complex con — but data in the leak shows that he actually sent more than $470,000 to scammers. He said he was first persuaded to invest in crypto and commodities using a supposed trading platform that showed he was making substantial profits. He even received a few thousand dollars in profits, he told OCCRP’s partner Siena. But later he received fake documentation claiming to be from financial institutions, saying his funds were frozen and could only be withdrawn if he paid a fee to release them. Ultimately scammers convinced him his money was being held in Germany, he told Siena.lt. “Honestly, I never had any intention of dealing with such large amounts, but there was always some kind of buzz about investing — something you’d hear about here and there, even on social media. It was always in the air,” he said.
The leaked recordings reveal scammers’ utter contempt for their panicked victims, sometimes subjecting them to horrifying verbal abuse, or taunting them for falling for a con.
In heart-rending calls with the scammers, many victims who expressed desperation or suicidal thoughts were pushed even further.
After one scammer urged a Danish man to borrow money from his brother, he told her he didn’t want to live anymore. “I lost everything I’m going to do something stupid but I can’t take anymore I lost everything,” he wrote in a Telegram message, sending her a photograph of a noose.
She immediately called him — and began to berate him for being “pessimistic” and bringing his misfortunes on himself.
“This is too much drama right now,” she said. “Things happen, it doesn’t mean you need to kill yourself.”
The People Behind The Scam
Who is actually orchestrating these scams? Both the Georgian and Israeli/European operations exposed in this leak hide behind many layers of misrepresentation. The call center employees use pseudonyms even in their internal communications, use proxy company owners to pay their bills and rent, and create false documentation to justify money flow.
After months of examining internal communications, reporters managed to establish that the Georgian operation that took Annika’s money is run by a man named Akaki Kevkhishvili. On paper he has no connection with A.K. Group, the company that operates the call center, but employees there frequently refer to him as their boss. Internal chats reveal that it is Kevkhishvili who decides on the workers’ salaries and whether they will be promoted.
He is also the one who moves money out of A.K. Group’s accounts, according to internal financial spreadsheets, which show him taking out over $130,000 from February to May 2024. He has a private security detail paid for by the company, the finances show.
Akaki Kevkhishvili (left), Meri Shotadze (center), and Kevkhishvili's bodyguard posing at an A.K. Group event.
It is unclear whether Kevkhishvili, 33, is the ultimate boss or whether he may be taking orders from someone else operating from behind the scenes. Although he owns shares in furniture and nut businesses, they were acquired recently, and he doesn’t have a record of wealth or business activity. A woman who appears to be his close friend, Meri Shotadze, is the official owner of A.K. Group in the Georgian business registry. Leaked chats show that Shotadze also helps manage agents at the call center. Neither responded to requests for comment.
Files from the larger Israeli/European operation show that it is much larger and more diffuse, but still highly organized. Spreadsheets of staff costs list employees in Israel, Bulgaria, Cyprus, and Ukraine who have a wide variety of roles, including working in HR, marketing, compliance, quality control, and IT, as well as the agents who deal with would-be investors. Salary sheets for August 2023, which show incomes for all the network’s units, put the number of employees at 480.
Managerial roles — including a “CTO” referred to as “Mark,” who earns around $20,000 a month — are listed in the data as based in Israel, and evidence suggests that the network has operated an office out of a glittering skyscraper called the Sapphire Tower in the city of Ramat Gan. But it is not clear who owns this network, who ultimately profits, or whether it even has an official name.
The Sapphire Tower in the city of Ramat Gan, Israel.
'They Seek New Channels to Find Their Future Victims'
Like many victims, Annika initially did not report her losses to Swedish police, as she retreated into her shell.
“I haven’t had the strength,” she said.
Experts told OCCRP that this kind of underreporting is just one of the challenges in investigating and prosecuting investment scams.
“Obviously, the international element makes things hugely difficult,” said Michael Skidmore, Head of Serious Crime Research at the Police Foundation, a U.K.-based policing think tank.
”Your victims aren’t necessarily where your offenders are. So the more dispersed geographically [the scammers] are, the less likely [they] are going to get targeted unless you get some kind of joint [police] operation that crosses different countries.”
And the scammers know how to stay ahead of the game.
“They adapt, they create new methods, they seek new channels to find their future victims,” said Audrius Valeika, deputy director of Lithuania’s Financial Crime Investigation Service.
“The criminals adapt to the measures applied by the law enforcement, by the AML [anti-money laundering sector], the banking system and the financial institutions. When they realize that a method they use no longer brings instant benefit, they replace it very swiftly.”
A Finnish detective told reporters that many scammers have turned to psychological tricks of the kind used to ensnare Annika precisely because other methods have become more difficult.
“Pure phishing frauds, where you can steal a person’s credentials … have been reduced by technical measures,” said Sakari Tuominen, Detective Superintendent of the country’s National Cyber-enabled Crimes Unit. “But then there’s this crime of fraud through social engineering, where a person first builds a trusting relationship … and of course, no technical tools or inhibitions help [in that case].”
Spanish lawyer Mauro Jordan de la Peña said that in his own country, there is a lack of urgency among the police and judiciary to pursue the cases of online investment scam victims, because it is not an issue that triggers as much social alarm as other crimes.
“In Spanish society there’s a sense that, hey, if you are scammed because you wanted to earn a lot of money, then that’s on you,” Jordan said in an interview with OCCRP.
Jordan represents more than 70 plaintiffs who claim they were victims of investment fraud in a criminal complaint that has been admitted by the nation’s High Court. That means that it will be assigned to prosecutors for further investigation, but does not equate to an indictment.
Some Victims in Spanish Case Appear in ‘Scam Empire’ Leak
But although this case has made it to the High Court, Jordan said many other victims’ complaints have fallen on deaf ears.
When police do investigate, they take the wrong approach, he added. “It doesn’t make sense to investigate these crimes in a traditional way, or within a particular geographic area, which is what they do.”
A lack of knowledge within the judiciary about how to pursue an international investigation is also an obstacle, he said.
Annika said she felt helpless about her situation until journalists from SVT got in touch to interview her.
“But it has made my life worth living again,” she said of the fact that they were featuring her case in a story. “Because it feels like I'm being vindicated. And above all, the warning goes out to all the Swedish people to watch out.”
She was even able to accompany journalists to Georgia, where she and another scam victim consulted with local lawyers and filed a formal complaint against Anthony and the A.K. Group with Georgian prosecutors. (They told OCCRP this week that they are looking into the call center, though they stopped short of saying they had launched an investigation.)
She also went with SVT to the Tbilisi call center where Anthony is based. The reporting crew was thrown out by a security guard, but Annika left a letter for her tormentor.
A journalist from OCCRP's partner Studio Monitori tried ask questions of Akaki Kevkhishvili, the head of the A.K. Group call center in Tbilisi, but was blocked by his private security detail.
Asked beforehand what she would put in her letter, she said: “I would like to ask him: ‘What do you think will happen when you die?
“I’m not a religious person and I don’t believe in hell, but I would like to ask him…do you think you can die peacefully and rest assured that you will have a beautiful afterlife?
“Because I don’t think he will care if I tell him I’m now a poor person. But I think using that particular question, maybe it’ll make him wake up.”
