Executive Summary: The Dual Crisis
Ukraine’s position in the global fraud landscape in 2026 is unlike that of any other country. It is simultaneously:
-
One of the world’s most heavily victimized fraud nations — with online fraud cases more than tripling since the full-scale Russian invasion began in 2022, displaced persons targeted by every category of humanitarian scam, and a population under economic and psychological stress that elevates vulnerability to financial exploitation.
-
One of the world’s most active fraud operation bases — hosting an estimated 1,500 fraudulent call centres, producing investment fraud and romance scam operations that target victims across Europe, North America, and the broader post-Soviet space, and generating criminal revenue that flows through a financial system simultaneously trying to fund a wartime economy.
No counterpart exists for this combination. Ukraine is not simply a victim of cybercrime exploited from outside its borders. It is a country where the collapse of formal economic opportunity, the disruption of law enforcement capacity, and the geographic pressures of an active war zone have created conditions in which organized fraud has expanded dramatically — even as the same conditions make ordinary Ukrainians among the most fraud-vulnerable populations on earth.
The Numbers: Fraud in Wartime
Fraud cases tripled. The United Nations Office on Drugs and Crime (UNODC) documented that cases of online scams and fraud in Ukraine more than tripled in 2023 compared to 2022 — the year the full-scale invasion began. This is one of the most dramatic single-year fraud surges documented for any country.
1,500 call centres. Law enforcement estimates place approximately 1,500 fraudulent call centres operating across Ukraine, conducting investment fraud, romance scams, and impersonation fraud targeting victims domestically and internationally. These are not small operations — many are professionally staffed with scripts, performance management, and quality control infrastructure that mirrors legitimate commercial call centres.
Moving toward the front line. Czech police — investigating one of several European operations targeting Ukrainian-based fraud networks — noted in 2025 that it had “become more common to move such call centres closer to the front line in an apparent attempt to deter law enforcement operations.” The calculation is straightforward: Ukrainian police raid capacity in active war zones is constrained, and proximity to the front creates a buffer that conventional law enforcement struggles to penetrate.
$11.7 million in one European bust. A coordinated European law enforcement operation dismantled a network of fraudulent call centres operating across Ukraine that had defrauded hundreds of victims in Germany, France, and other EU countries of more than $11.7 million through fake cryptocurrency investment platforms. The operation required coordination between Ukrainian, Czech, Polish, and Europol-coordinated forces — reflecting the cross-jurisdictional complexity of investigating Ukraine-based fraud targeting European victims.
Who Runs Ukraine’s Fraud Call Centres
Ukraine’s fraud call centre ecosystem did not emerge from the war. It predates it — a product of the same Eastern European cybercrime economy that produced Romania’s Hackerville and Russia’s industrial-scale vishing networks.
Ukraine has a substantial population of technically trained IT and communications professionals — the same talent pool that produced one of Europe’s most respected legitimate technology sectors. When formal economic opportunity collapses under wartime conditions, and when criminal organizations offer cash income in an environment where legitimate employment is uncertain, the supply side of fraud labour expands.
The typical Ukrainian fraud call centre operation involves:
- Scripts and targeting lists purchased from criminal data brokers or generated from leaked databases
- Fake investment platform infrastructure — professional-looking cryptocurrency trading sites, often with functional demo accounts and fabricated performance histories
- Operator training covering the psychology of pressure, urgency, and relationship-building
- Payment infrastructure using cryptocurrency, third-party payment processors, and international money transfer services designed to complicate tracing
The operations are not monolithic. Some are run by organized criminal networks with significant capital, professional management, and long-term infrastructure. Others are smaller, more opportunistic — individual entrepreneurs who have identified fraud as a viable income stream and purchased operator access to shared call centre infrastructure.
The UNODC notes that some operations are run by criminal groups like Khimprom that have diversified from traditional organized crime into cyberfraud, recognizing it as lower-risk and higher-margin than physical crime in a wartime environment where law enforcement attention is focused elsewhere.
The Victims Inside Ukraine
While Ukraine’s call centres target foreign victims, the most numerous fraud victims in the country are Ukrainians themselves. The war has created extraordinary vulnerability conditions:
Displaced Persons Targeting
Ukraine has generated the largest internal displacement crisis in Europe since World War II — with millions of Ukrainians displaced from their homes, living in temporary accommodation, reliant on emergency assistance, and navigating unfamiliar institutions and digital services.
Displaced Ukrainians are targeted with:
- Fake humanitarian aid scams — fraudulent “registration” processes for non-existent assistance programs that collect personal data and advance payments
- Housing scams — fake rental listings targeting internally displaced persons seeking accommodation, requiring deposits for apartments that don’t exist
- Employment fraud — fake remote work offers targeting people who have lost their previous jobs and need income
- Financial product fraud — fake loans, investment opportunities, and cryptocurrency schemes targeting people under financial stress
The UNODC notes that “most of the victims are Ukrainians, including those who have been forcibly displaced” — a fact that inverts the common narrative of Ukraine primarily as a fraud source rather than victim.
Ukrainian Refugees Abroad
An estimated 6-8 million Ukrainians are living abroad as refugees or displaced persons in EU countries, the UK, Canada, and elsewhere. This population faces a distinct fraud threat profile:
- Impersonation of government assistance programs — fake notifications about aid payments requiring “verification” that are actually credential harvesting operations
- Fake Ukrainian government impersonation — criminals posing as Ukrainian tax authorities, pension systems, or consular services to extract payments or personal data
- Integration scams — fake language courses, work permit assistance, driving license conversion services, and other settlement services that collect fees for nothing
- Bank account fraud — phishing campaigns in Ukrainian targeting refugee banking accounts in European countries
Russian State-Sponsored Attacks on Ukraine
No country-level fraud profile of Ukraine in 2026 would be complete without addressing the Russian state-sponsored dimension — the systematic use of cyber operations as a component of the broader hybrid war.
Russian operations against Ukraine include:
- Destructive malware campaigns targeting Ukrainian government systems, energy infrastructure, financial networks, and telecommunications — with the goal of degrading Ukraine’s wartime operational capacity
- Information operations using fake social media accounts, fabricated news, and manipulated media to demoralize the Ukrainian population, sow distrust in institutions, and generate internal political conflict
- Financial scam operations targeting Ukrainian civilians — in some documented cases, disguised as legitimate government communications or military fundraising appeals
- Targeting of Ukrainian military personnel — phishing campaigns seeking information about unit movements, personnel, and operational security
The line between Russian state operations and Russian-adjacent criminal operations is deliberately blurred. Criminal operators who target Ukraine provide useful “grey zone” capabilities that serve Russian strategic interests without requiring formal attribution.
The Fraud Economy and Ukraine’s War Financing
A significant and underreported dimension of Ukraine’s fraud landscape involves the intersection of organized criminal financial flows with the wartime economy. The UNODC report on Ukraine’s wartime criminal landscape notes elevated risks of money laundering through the financial sector — with criminal proceeds from fraud operations both domestic and foreign potentially recycled through Ukraine’s economy.
This is not unique to Ukraine — it is a common feature of wartime economies where formal financial controls are weakened, informal cash flows expand, and regulatory capacity is diverted to other priorities. But it adds a layer of complexity to international efforts to support Ukraine’s legitimate economy while disrupting its criminal financial flows.
Law Enforcement Response
Ukraine’s Cyber Police — a specialized unit within the National Police — has maintained operational capacity throughout the war and has conducted numerous operations targeting domestic fraud call centres. These operations face significant constraints:
- Active war zones limit geographic access
- The war creates competing priorities for all law enforcement resources
- International cooperation with Russia (which previously participated in some cybercrime frameworks) has completely ceased
- Criminals have adapted their operations specifically to exploit the geographic and operational limits of war-zone enforcement
Europol and bilateral partnerships with EU member states have provided the most effective enforcement pathway — coordinated operations that combine Ukrainian Cyber Police local knowledge with European investigative resources and jurisdiction over foreign victims.
Key Statistics
| Metric | Figure |
|---|---|
| Fraud case increase (2022–2023) | 3x |
| Estimated fraudulent call centres in Ukraine | ~1,500 |
| Losses in one European bust | $11.7M |
| Ukrainians displaced abroad | 6–8M |
| Primary domestic fraud targets | Displaced persons, refugees |
| Russian state cyber operations attribution | Documented by CISA, NCSC, ANSSI |
Protecting Yourself
For Ukrainians in Ukraine or abroad:
- Official Ukrainian government assistance programs communicate through Diia (the official government app) and verified .gov.ua domains only
- No legitimate assistance program requires advance payment for registration
- Verify any rental listing in person or through a trusted intermediary before paying a deposit
- Report fraud to Ukraine Cyber Police at cyberpolice.gov.ua or the national hotline
For organizations working in Ukraine:
- Apply heightened BEC verification protocols for any transactions with Ukrainian counterparties, given the elevated fraud environment
- Verify wire transfer details through independently confirmed channels, not solely through email
For international victims of Ukrainian-based call centres:
- Report to your national fraud reporting body (ic3.gov, Action Fraud, etc.) and request the case be flagged for Europol coordination
- Cryptocurrency-denominated losses may be partially traceable through blockchain analytics firms
Sources: The Record: European police bust Ukraine call center network · UNODC: War transforming Ukraine’s criminal landscape · ACAMS: UN Warns of ML and Cybercrime in Wartime Ukraine · Organized Crime Index: Ukraine 2025
