🤚 The Open-Palm Dragnet
INTERPOL, in coordination with Europol, ASEANAPOL, GCCPOL, and China’s Ministry of Public Security, has completed Operation First Light 2026 — a three-and-a-half-month global sweep that ran from January 15 through April 30 and produced numbers that would make even the most cynical crime journalist sit up and take notes.
The receipts:
- 5,811 suspects arrested across 97 countries
- 15,606 additional suspects identified but not yet arrested — the waiting list
- $293 million in illicit assets seized
- 31,014 bank accounts blocked or frozen
- 142,000 victims identified globally
- 152,808 cases analyzed
The operation targeted social engineering fraud — which is the clinical term for “lying to people professionally” — including business email compromise, sextortion, impersonation scams, romance fraud, investment schemes, and the money laundering networks that keep all of it financially literate.
INTERPOL deployed its I-GRIP (Global Rapid Intervention of Payments) system to block illicit financial flows in real time, which is essentially the “undo” button for international wire transfers — except it requires the cooperation of 97 sovereign nations and, against all reasonable expectation, actually works.
👐 The Two-Handed Arithmetic
Let’s do some math that nobody asked for but everyone needs.
$293 million sounds like a lot until you consider that the FBI’s Internet Crime Complaint Center reported $16.6 billion in cybercrime losses in 2024 alone. That means Operation First Light recovered approximately 1.8% of a single year’s losses — and that’s just the United States. Global fraud losses are estimated at roughly $1 trillion annually.
5,811 arrests across 97 countries works out to about 60 arrests per country — or roughly one arrest for every 2.7 suspects who were identified but not arrested. The ratio suggests that for every fraudster who went to jail, nearly three more received the law enforcement equivalent of being added to a list that someone will definitely get to eventually.
142,000 victims identified globally means each arrested suspect was connected to approximately 24 victims on average. These aren’t isolated incidents by misguided individuals. These are industrial operations — call centers with shifts, break rooms, onboarding processes, and probably a performance review cycle.
As INTERPOL eloquently stated: “Criminal syndicates exploit human psychology to manipulate their targets, and no nation can stay safe unless all countries are equipped and committed to jointly fighting back.”
This is true. It is also the kind of statement that, by design, makes you feel like something meaningful happened while the math quietly suggests otherwise.
🌿 The Gentle Awakening
The philosophical problem with arresting 5,811 fraud suspects is that fraud, as an industry, does not have a staffing shortage.
While INTERPOL was meticulously coordinating across 97 countries to dismantle existing operations, a new phishing-as-a-service platform called Forg365 quietly entered the market with the kind of feature set that would make a legitimate SaaS founder weep with professional envy.
Discovered by ZeroBEC, Forg365 combines:
- Adversary-in-the-middle (AiTM) attacks that proxy Microsoft authentication requests to capture session cookies in real time
- Device-code phishing that tricks victims into authorizing attacker-controlled devices through legitimate OAuth 2.0 flows — using Microsoft’s own infrastructure against itself
- AI-assisted email generation built directly into the operator dashboard, because even phishing has embraced the “AI-first” product strategy
- A browser extension called ForgCookie (compatible with Chrome, Edge, and Brave) that automatically refreshes stolen Microsoft SSO cookies for persistent, silent access
The infrastructure runs on Amazon SES for email delivery, Cloudflare Pages for landing pages, and Gophish for campaign management. The anti-detection suite includes AES-encrypted redirectors, bot detection, debugger traps, sandbox checks, and polymorphic code.
This is not a hacking tool built in someone’s basement. This is a product — with a tech stack, an operator dashboard, a persistence mechanism, and presumably a roadmap. It has better UX than several enterprise security tools designed to stop it.
👑 The Gold-Leaf Futility Index
The juxtaposition is almost poetic, in the way that watching someone mop a deck during a hurricane is poetic.
The largest coordinated fraud crackdown in INTERPOL’s recent history concluded in April. By July, a new AI-powered phishing platform is already operational, automating the exact kind of credential theft that those 5,811 arrested suspects were doing manually.
The AI component deserves special attention. Forg365 integrates content generation directly into its phishing dashboard, meaning operators can “create, prepare text, and refine malicious emails” without leaving the same interface they use for post-compromise operations. As the researchers noted: “AI reduces the cost of developing custom phishing content, but it also reduces the cost of building custom PhaaS platforms.”
This is the headline that nobody wants to write: the marginal cost of fraud is dropping faster than the marginal cost of enforcement. Each arrest requires international coordination, legal frameworks, judicial cooperation across sovereign borders, and months of intelligence work. Each phishing campaign requires a dashboard, a stolen email template, and $30 worth of cloud infrastructure.
INTERPOL arrested 5,811 people over three and a half months. Forg365 can onboard a new operator in an afternoon.
Until that equation changes, Operation First Light will keep producing impressive press releases. And the fraud industry will keep producing impressive quarterly results.
“They arrested 5,811 people, seized $293 million, coordinated 97 countries, and analyzed 152,808 cases over three and a half months. The replacement phishing platform launched while the press release was still being typeset.” — The Slap of Wisdom Fraud Economics Bureau, currently accepting grant applications for researchers who can quantify futility at industrial scale