Summary
- Five people have been charged in the NCA’s Russian Coms investigation.
- The platform allegedly allowed criminals to spoof trusted organisations and hide their identity.
- The case highlights telecoms trust, caller identity abuse, and fraud-enabling cybercrime infrastructure.
The National Crime Agency has charged five people in an investigation into Russian Coms, a platform allegedly used by criminals to make scam calls appear as if they came from trusted organisations.
The NCA says Russian Coms was established in 2020, initially as a handset before moving to a web-based application. Both products were marketed and sold to criminals, allowing them to hide their identity by appearing to call from pre-selected numbers. Those numbers often belonged to financial institutions, telecoms companies, and law enforcement agencies, with the aim of stealing money and personal details from victims.
The agency’s case update says the five individuals were charged in relation to supplying Russian Coms devices and apps, and offences relating to money allegedly made from selling the devices. All five are due to appear at Westminster Magistrates’ Court on 14 August.
The charges remain allegations until tested in court, but the case already focuses attention on infrastructure rather than only downstream fraud. Spoofed calls exploit trust in caller identity, brand recognition, and institutional authority. When a victim sees a bank, telecoms provider, or law enforcement number, the technical weakness becomes a human and process weakness at the same time.
Russian Coms is relevant to enterprise risk because banks, telecoms companies, and public agencies carry the reputational and operational burden when their identities are abused at scale. Contact centres face increased verification pressure, fraud teams see more convincing social-engineering attempts, and customers lose confidence in legitimate outbound calls.
The move from handset to web application also reflects a wider pattern in cybercrime services. Fraud-enabling tools are increasingly sold as managed infrastructure, reducing the skill required to carry out convincing impersonation. A platform that packages caller-ID abuse, pre-selected trusted numbers, and operational convenience can widen participation in fraud, just as phishing kits and infostealers widened access to other forms of cybercrime.
The organisational response cannot rest on customer education alone. Companies whose brands are abused need stronger call-back procedures, clearer communication policies, transaction controls, fraud analytics, and collaboration with telecoms providers and law enforcement. Telecoms networks also face pressure to improve number authentication, abuse detection, and takedown processes, although the practical challenges vary across countries and legacy systems.
Targeting the enabling layer can increase the cost and risk of operating fraud infrastructure. Removing one platform will not end spoofed calls, but enforcement can generate intelligence on customers, payment flows, hosting, distribution, and associated actors.
The case should be followed through court because it may expose how the platform was sold, how criminals used it, and how proceeds moved. Those details will help regulated organisations understand the infrastructure behind identity abuse, social engineering, and fraud at scale.




