
INTERPOL Operation First Light 2026 has become one of the largest coordinated anti-fraud operations ever announced, with authorities arresting 5,811 suspects across 97 countries and seizing US$293 million in illicit assets. The operation targeted social engineering scams, business email compromise, investment fraud, romance scams, sextortion, impersonation schemes and the money laundering networks used to move criminal proceeds.
Coordinated by INTERPOL, the operation ran between January 15 and April 30, 2026. Investigators also identified more than 142,000 victims, analysed 152,808 cases, blocked 31,014 bank accounts, and identified another 15,606 suspects beyond those arrested.
Operation First Light Targets Fraud Networks Across 97 Countries
Authorities combined traditional policing with financial disruption during the operation. Alongside raids and arrests, investigators froze bank accounts and cryptocurrency wallets, requested INTERPOL Notices and Diffusions, and used the agency’s Global Rapid Intervention of Payments (I-GRIP) mechanism to halt suspicious transfers before stolen funds could be moved.
The operation received support from regional policing bodies including Europol, ASEANAPOL and GCCPOL.
Rather than focusing on ransomware or malware alone, investigators concentrated on fraud schemes that rely on manipulating victims into handing over money, credentials or sensitive information.
A Growing Focus on Social Engineering and Financial Crime
The latest operation also reflects how international cybercrime investigations have evolved.
Earlier initiatives, including Operation Africa Cyber Surge II in 2023, concentrated on dismantling phishing infrastructure, malware-hosting systems and command-and-control servers. By 2024, Operation Serengeti expanded the effort by targeting ransomware groups, business email compromise operations and online scams across 19 African countries, leading to more than 1,000 arrests.
In early 2026, Operation Red Card 2.0 focused on investment fraud, fake loan applications and mobile money scams across 16 African nations, resulting in 651 arrests.
Operation First Light builds on those efforts by extending coordinated enforcement beyond Africa to nearly 100 countries while placing greater emphasis on disrupting the financial networks that enable organised fraud.
Kenya and Africa Remain Central to INTERPOL’s Cybercrime Operations
Kenya has featured in several of INTERPOL’s recent cybercrime operations.
During Operation Serengeti, Kenyan investigators helped dismantle an online credit card fraud network linked to losses of US$8.6 million. Earlier, Operation Africa Cyber Surge II saw authorities take down hundreds of systems associated with malicious activity, while Operation Red Card 2.0 led to the arrest of 27 suspects linked to fake investment schemes operating through social media and messaging platforms.
The broader threat landscape remains substantial.
According to the Communications Authority of Kenya, the National KE-CIRT/CC detected more than 3.3 billion cyber threat events between January and March 2026. Phishing, social engineering and AI-assisted attacks remain among the techniques security teams continue to monitor.
While those figures measure cyber threat activity rather than criminal cases, they illustrate the scale of malicious activity facing organisations connected to Kenya’s digital economy.
What the Crackdown Means for Businesses and Consumers
For businesses, the operation serves as a reminder that fraud is no longer confined to isolated criminal groups operating within one country. Business email compromise, executive impersonation and fraudulent investment schemes often involve infrastructure, payment channels and money laundering networks spread across several jurisdictions.
Consumers also remain prime targets. Romance scams, fake investment opportunities, impersonation schemes and phishing attacks continue to rely on convincing victims to voluntarily transfer money or reveal sensitive information.
By pairing arrests with asset seizures and payment intervention tools, Operation First Light demonstrates that international law enforcement is seeking not only to apprehend suspects but also to interrupt the financial systems that keep organised online fraud profitable.
A Practical Guide for Businesses Reviewing Their Cybersecurity
Cyber threats continue to evolve, but businesses do not need to navigate those challenges without reliable information. Understanding how modern attacks work is the first step towards making informed security decisions.
The Kaspersky SMB Cybersecurity Guide examines common attack methods, explains the role of modern endpoint protection and outlines how layered security can help businesses detect and respond to threats more effectively. It is designed for organisations looking to strengthen cybersecurity without adding unnecessary operational complexity.





