Cybercrime

Belgian Police Arrest Suspected Ringleader of European Phishing Network

Belgian Police Arrest Suspected Ringleader of European Phishing Network

Belgian federal police announced on July 2, 2026 the arrest of a 19-year-old man from Antwerp suspected of playing a central role, and possibly a leadership role, in an organized phishing and money-laundering network with victims across Europe.

Special units of the Belgian Federal Police arrested the man on June 29 in an Airbnb in Antwerp, shortly after he returned from Dubai, according to the East Flanders prosecutor's office. A second person present at the rental was not arrested, and their role has not been disclosed. The suspect, whose identity has not been released, has been placed under an arrest warrant by an investigating judge in Dendermonde. He remains a suspect and has not been convicted.

Dubai

The investigation, opened in March 2026 by the Federal Judicial Police East Flanders, describes a layered fraud model. Victims first received emails made to look like official government correspondence. They were then called by someone posing as a bank employee, who talked them into installing remote-control software on their computers. With that access, the fraudsters took over victims' online bank accounts and drained them.

The money then moved through money mules and cashers into foreign bank accounts before being laundered through cryptocurrency, prosecutors say. Investigators have so far identified dozens of incidents in Belgium, victims elsewhere in Europe, and suspected proceeds above €500,000. Exact victim counts, the countries involved, and the tools and infrastructure used have not been released.

One detail stands out in the official account: the suspect allegedly paid for multiple flights to Dubai using bank cards belonging to phishing victims. Officials have not suggested Dubai played any role beyond travel and spending, but purchases like that leave a dense trail of booking records, payment metadata, and identity documents that can tie online fraud to a real person.

A Dutch-directed network, officials believe

Officials believe the suspect operated within a criminal organization directed from the Netherlands, with part of its operations run from Belgium. That cross-border structure is typical of the cases that pushed the Belgian Federal Police to create a National Phishing Cell this month, a unit built to map the upper structure of phishing networks: the people who set up campaigns, direct role-based offenders, sell crime-as-a-service tooling, and organize laundering.

The wider ecosystem context is suggestive, though no direct links have been confirmed. In April 2026, the same East Flanders unit and Europol arrested a 20-year-old alleged supplier of phishing panels used by criminal groups across Europe. In June, prosecutors in the same district announced three arrests in an international phishing case built on fake Belgian government login pages. Both cases share traits with this one, including Belgian-Dutch geography and government-themed lures, but prosecutors have not publicly connected them to the Antwerp suspect.



International Cyber Digest

Get the ICD Newsletter

Subscribe for source-forward cyber news, OSINT notes, breach updates, and analysis. Have evidence or a lead? Send it to ICD.

Subscribe Send a tip