Nursing home residents and pensioners are among thousands of victims of a massive fraud network operating in Georgia
Ben Fogle was not a happy man.
“Not sure I need to highlight this,” the broadcaster posted on Instagram during the spring of 2024, “but the deepfake of me from [ITV’s] This Morning … circulating on Facebook [and] advertising crypto is a scam.”
Fogle’s warning showed a fictional news article, linking to a digitally doctored video, but not everybody noticed.
One of those taken in was Mark*, a franchise manager in his 30s from East Anglia, who in one click lurched towards losing his life savings.
“I watched the video [of] Ben Fogle, like trading,” Mark said, recalling how the clip had promoted a cryptocurrency website called AdmiralsFX. “So I just bang some details in [and] then I was contacted [by a call centre]. It was a £250 buy-in … I was like, ‘Oh, well, it’s worth a go for that’.”
Within a month, he had handed over £27,000 – the equivalent of a year’s salary – and sounded less relaxed. On a call with the person he believed was his investment adviser, he pleaded: “I’ve lost all my money, mate … What have you done with it?”
Mark was far from alone and the sheer scale of this heist can now be revealed for the first time, thanks to a massive leak of data shared with the Guardian and international media partners by Swedish television channel SVT and the Organized Crime and Corruption Reporting Project (OCCRP).
Analysis of the files suggests at least 6,179 people were duped by an industrial-scale boiler room fraud operating inside three plush-looking offices in Tbilisi, the capital city of the former Soviet republic of Georgia.
Calling themselves the skameri – Georgian for scammers – a group of 85 call handlers and support staff made it their daily mission from May 2022 to relieve ordinary people of $35m (£27m) of their savings.
They routed the cash through what appears to be a sophisticated money-laundering network and yet, somehow, almost nobody seems to have noticed this sizeable venture, which appears to be still operating.
The networks
With hindsight, the warnings were everywhere.
AdmiralsFX, the investment platform Mark had started using, had already prompted a notification by the UK’s Financial Conduct Authority stating it had been created by fraudsters “to scam people”. A related brand, also being promoted from Georgia and called Golden Currencies, had been given the same official treatment.
Other celebrities whose images were used – including the money expert Martin Lewis and the radio DJ Zoe Ball – had issued their own warnings. For many that proved futile. Victims of the Georgian scam still frequently cited the deepfakes as the reason they pressed ahead.
The sums taken by the Tbilisi agents are significant, but there are even bigger networks. The leak contains some details of a second group, with call centres in Bulgaria, Cyprus and Spain, apparently run from Israel, which made an estimated $240m over three years. However, the Georgian data offers a significant additional insight: the scammers recorded their conversations with victims, storing more than 1m calls.
The files lift the lid on how these schemes actually work. Scammers pay affiliate marketers to place fake ads on well-known social media sites. For each successful “lead” – a victim making an initial deposit after handing over their contact details – the marketer is rewarded with anything from $500 up to $1,750. Those from wealthy nations, in particular the UK and Canada, attract the highest fees.
The “leads” included a 74-year-old former NHS doctor, Theresa*, who was living in sheltered housing on the outskirts of London when she lost about £50,000. She seems to have spent her last days borrowing from relatives to pay her tormentors. There was also Ken*, a 64-year-old with a neurological disorder. As he lay sick and heavily medicated, the scammers tried to extract money from his accounts via his son. Lucy*, a 61-year-old woman, was left wrestling with “dark” thoughts after transferring £100,000 and emptying her pension pot. There were also successful small business people, whose commercial savvy seemed to offer limited protection.https://interactive.guim.co.uk/uploader/embed/2025/03/archive-zip/giv-4559TScrk21Ij590
The highest individual loss discovered in the leak came from a former employee of the London Stock Exchange called Derek*. He parted with £162,000.
There were thousands more.
The data includes training manuals, payroll and accounting spreadsheets, countless messages between staff and affiliate marketers, plus instructions on how to move money while circumventing bank security protocols. The Georgia network appeared particularly attracted to targeting the UK, which accounted for 45% of the attempted phone calls and losses of nearly a third (£9m) of the takings. The second largest group of victims were from Canada and the operation cast its net wide, employing German, Spanish and Arabic speakers.
But if all these people were only being asked for a few hundred pounds, how did it get so bad?
The hook
“Get up, push your clients, and get the money flowing … Otherwise, I’ll have to escalate things.”
Meri Shotadze had a talent for dishing out aggressive orders to her elite team of Tbilisi-based “retention” agents, charged with persuading victims to increase their initial deposits. It was demanding work – in February 2024, her group of seven had a $420,000 “sales” target. Leaked records and social media posts show the agents were paid well for their efforts, while they socialised hard at company events. Bonuses of Rolex watches would motivate agents to strain for even higher returns, while lavish parties with cabaret dancers and a giant gold cake encouraged loyalty and affection to their thrusting boss.
“You know, I’m counting on you this month,” Shotadze texted one of her star performers, who operated under the pseudonym of Mary Roberts, as she feared her team was falling behind target. Mary simply responded with a big red heart.
The elite agents had been passed their clients from newer recruits, who dealt with the initial nominal deposits gleaned from the social media ads. This allowed them to hone their skills before promising their marks a more experienced broker would “help” make their fortunes.
Many victims dropped away at this point. But, for others, this is where the nightmare began. Internal records from the Georgian operation suggest that, out of about 2,000 victims persuaded to part with the largest sums, 652 were from the UK.
Key to the deception was specially built software displaying a seemingly live trading screen featuring financial market tickers, charts and news about Elon Musk. Victims were told they were using AI technology to trade in crypto currencies. They could click on their own account balances, which inevitably showed stellar profits. “On the platform, it all looks real, you know? I was making good money,” Mark said.
“I’d invested $250 and made big profits,” recalled former London Stock Exchange worker Derek, “and then I was asked for $5,000 to move up to the Golden Currencies bronze service.”
Derek spent more time on the phone to the skameri than any of the UK victims: he was contacted more than 300 times and clocked up more than 135 hours of conversations as he saw his profits soaring to a staggering $10m. Theresa believed she was up about £150,000 and Mark thought he was in line for about £80,000. He was planning to quit his job, buy a van and become self-employed.
But the profits were not only fake – they were a trap.
When each of them asked to withdraw their winnings, the demands for large payments started: brokerage fees, money transfer commissions, tax demands from HMRC, anti-money laundering costs. All of them were fake. Thousands of pounds were required before the winnings could be accessed. Each time one bill was settled, another appeared. And there was limited time to pay before the profits risked being frozen, they were told.
Groomed
Victims paid because of the bond the agents had crafted with their targets.
On his long commutes home, Mark openly shared details about his relationship with his girlfriend – while his agent, “Liliana”, talked about her children. Theresa sat alone in her sheltered housing seemingly desperate for conversation with her adviser, Mary; the pair would chat and then bicker like a pair of siblings. Many victims handed scammers control of their phones or computers remotely, via an application called AnyDesk, as they struggled to operate the technology.
Even when doubts emerged, they were quickly batted off.
“Every time I help you it works out. Why are you so sceptical?” Mary asked Theresa. “You are my best friend.”
So Theresa kept paying, believing her huge profits would soon be released. In reality, her losses were soaring.
“I can just about pay my rent,” Theresa confided. “I’m very worried.”
The trail
Banks have defences to shield customers against this type of crime. But the scammers had a way around it: pushing victims towards using newer, largely online operations – “challenger banks”. These names featured surprisingly heavily in the leak considering their market share.
Revolut, which received a UK banking licence last year, seems to have been the most used. It was involved with 154 victims out of 1,000 who had their bank listed in spreadsheets from the Georgian operation. Among British victims, Revolut was again the most used (119 victims), followed by another nascent UK digital lender, Kroo (50). Blue chip banking group JP Morgan’s online brand, Chase, also appears in the top 10, with 14 victims using it.https://interactive.guim.co.uk/datawrapper/embed/pz9vZ/1/
But extracting money from victims is an art, not a science. Often the controls did work. Mark said he had tried to send £12,000 from Revolut and HSBC, only for both those banks to block the transfers. His adviser then pointed him towards setting up a new account, which worked. “It’s much easier to do it with Chase,” Mark was told.
Revolut, Kroo and Chase all say they take fraud incredibly seriously and invest heavily to prevent it, while Facebook owner Meta added it had started a programme allowing banks to report these scams to help combat fraud. The data also shows their anti-fraud efforts often being undermined by their own customers who, under the instruction of their agents, would lie to compliance staff.
“Tell them you are buying clothes and say you are in the store,” Mary told Theresa, as she attempted to pay fees to release her profits. Theresa then used her new Chase account to transfer £10,000 to an account in the name of a company claiming to be a small clothing business, set up in Birmingham two and a half years earlier. She later transferred £16,000 to a six-month-old “phone” company owned by the same person.
Checks suggest these businesses were shell companies and seemingly part of a money-laundering service provided by an unknown third party.
In at least one case, a victim even allowed money from another victim to pass through his own account.
Destination
The money trail disappears in places, but the leak contains information about who may have been controlling the Georgian operation.
The assertive team leader, Shotadze, is the registered owner and director of a Georgian telemarketing company called AK Group, a business whose name and branding is all over the leaked documents. Some of these files link the company to the Tbilisi call centre offices. The AK Group name features prominently at staff parties and on call centre messaging groups. The initials are the same as those of an individual who Shotadze appears to refer to as her “boss” – a Tbilisi resident called Akaki Kevkhishvili.
In February 2024, she messaged one of her agents, saying: “Kaki is our boss, sometimes he gets angry with us, sometimes he likes us.”
She is pictured in the leak wearing luxury items, including a $17,000 Rolex watch, while Kevkhishvili is pictured driving high-end cars and being chauffeured in a Range Rover. Photos found online show the pair posing together at a lavish AK Group party in 2023. Neither responded to requests for comment.
The Instagram and WhatsApp accounts of a man calling himself Akaki Kevkhishvili feature the logo of a lion wearing a crown. The same logo appears on a private Telegram account, labelled simply A.K, which the data suggests played an active role at the company. A.K told one employee: “Don’t fuck up transactions in such a banal fashion, please. And turn off your emotions totally, it obstructs you.”
But the charm and polish of the skameri can slip. When another victim confronted her, Mary gloated: “Just go ahead and kill yourself … Yeah I can scam whoever I want …You’re so stupid,” she went on, “you will never find my real passport.”
In fact, Mary’s real identity, and that of her sister, who also worked as a scammer, have emerged from the leak. Georgia’s prosecutor’s office says it is now looking into this network, while UK parliamentarians push for a more urgent legislative response. But Tbilisi is a seven-hour flight from London and a long reach for British law enforcement.
“I reported this to Action Fraud but I was told the police couldn’t do anything,” said Derek. Mark feels resigned to his own loss and is now attempting to do for others what Fogle tried to do for him – saying he is speaking up to “help the younger generations to not fall in a similar trap”.
* Names have been changed
Source: The Guardian
Recent Comments