Behind the Scam: A Risk Intelligence Autopsy
Fraud, today, does not wear a hoodie and hide in a dark basement. It wears a tie, rents office space, and runs on CRM dashboards that would not look out of place in any legitimate sales company. The story from OCCRP reads like a thriller, but for us, entrepreneurs in the Netherlands, it is a governance case study. It shows how an entire ecosystem of seemingly ordinary service providers can become the scaffolding of a scam that bleeds millions from unsuspecting victims worldwide.
Let’s strip this down into the three phases of the fraud lifecycle:
1. Catching the Victims
The scammers do not “find” their victims; they buy them. Affiliate marketing firms, MGA Team, CRYP, Sierra Media, push ads with promises of fast wealth, celebrity endorsements, and a glossy landing page. The real product is not a service, but data. Your name, email, and phone number are the gold.
Platforms like Meta, Google, Taboola are not villains in this story, but their moderation failures turn them into unwitting accomplices. Billions of fraudulent ads slip through the cracks because the system is built to sell ad space, not police morality. For the scammer, this is phase one: lead generation dressed as “investment opportunity.”
2. Managing the Scam
Enter the call center: modern, multilingual, and fueled by the same tools your company may use. CRM systems, VoIP services, screen-sharing software, nothing exotic, nothing criminal per se.
- CRM tools (Getlinked.io, PumaTS) store everything about a victim’s “journey.”
- AnyDesk gives scammers control of the victim’s screen.
- VoIP providers (Coperato, Squaretalk) make sure the call looks like it comes from London or Zurich.
The organizational layer, HR firms, administrative providers, gives the scam centers a façade of normalcy. Payroll gets paid, rent is covered, invoices are cleared. To an outsider, these companies look like any other B2B provider.
3. Taking the Money
This is where governance collapses and compliance gets bypassed.
- Victims are coached on what to say to their bank, so compliance officers hear the “right” story.
- Reputable names appear, Revolut, Chase UK, Wise, Santander, banks that exist within strict regulation. Yet, once a transfer leaves the controlled gate, the river forks into murky channels.
- Payment service providers, often unregulated, step in. They take a cut of 10 to 17 percent to move funds through shell companies. By the time the money emerges, it has been laundered through so many layers that chasing it down is like trying to follow a shadow in fog.
The Governance Lesson for Entrepreneurs
Here’s the uncomfortable truth: the tools that empower your micro or small enterprise are the same ones weaponized by scammers. CRM, VoIP, affiliate marketing, payment platforms, they are neutral instruments. What differentiates you from the scammer is how governance and compliance are applied.
For Dutch SMEs, this means three takeaways:
- Never outsource blindly. Vet every partner, marketing agencies, payment services, even the VoIP you use. A cheap provider with opaque ownership is a red flag.
- See your tools as double-edged. If a CRM or payment gateway makes life easier for you, assume it can make fraud easier too. Build checks, not just convenience.
- Follow the money. Every euro that leaves your business should have a traceable, defensible path. If you cannot explain it to a regulator in one sentence, it is a risk.
Fraudsters are not inventing new technology, they are hijacking the infrastructure of normal business. What looks like a success story of digital globalization is, in fact, a supply chain of deceit.
The governance challenge for us is clear:
- build transparency into every layer,
- demand accountability from your providers,
- and remember that fraud does not begin with a criminal act, it begins with a weak spot in the system that someone chooses not to check.