Operation First Light 2026: 5,811 Arrests and $293M Seized in Global Fraud Crackdown

An INTERPOL-coordinated operation across 97 countries closed over 23,000 fraud cases, froze 31,014 bank accounts, and identified 142,000+ victims of social engineering scams.

Threat Intelligence Regulations Identity & Access

INTERPOL announced the results of Operation First Light 2026, a coordinated anti-fraud operation spanning 97 countries and territories that ran from January 15 through April 30, 2026. The operation led to 5,811 arrests and the interception of roughly $293 million in illicit assets, funded through China’s Ministry of Public Security with support from ASEANAPOL, GCCPOL, and Europol.

Investigators worked through more than 152,800 reported cases, closing over 23,700 of them, identifying 15,606 suspects, and freezing 31,014 bank accounts tied to the schemes. Over 142,000 victims were identified globally. The operation targeted the full spectrum of social engineering fraud — business email compromise, romance scams, investment fraud, sextortion, and official impersonation — along with the money-laundering networks that convert stolen funds into cash or crypto.

The scale of the operation underscores how industrialized these fraud operations have become: dedicated scam centers, cross-border money-mule networks, and organized crypto-laundering infrastructure, rather than isolated opportunistic actors. In one notable case in Macao, a public awareness campaign led police to intervene in real time and stop a victim from wiring nearly $372,000 to scammers impersonating officials.

For security and fraud teams, this is a reminder that business email compromise and social engineering scams sit on top of the same organized infrastructure as ransomware and data theft operations — they aren’t lower-priority incidents. Make sure your detection covers anomalous payment approval flows and out-of-band verification bypasses, not just malware and unauthorized access, and that finance teams are trained to treat urgent, pressured payment requests as a red flag regardless of how convincing the impersonation is.

Why it matters: Scale like this tells you social engineering isn't a fringe risk — it's an industrialized criminal supply chain with the same maturity as any other cybercrime market. If your security awareness training still frames phishing and BEC as isolated incidents rather than organized fraud, this is a good prompt to update it.

Read source →