Luxury cars line the parking lot of the upscale Mandarin Plaza mall in Kyiv, while their well-heeled owners flaunt their wealth in its jewellery and designer clothes stores.

But hidden on its upper floors, protected by armed guards and under the constant surveillance of security cameras, a very different product is being sold.

Sitting elbow-to-elbow under fluorescent lights, a multi-lingual army of call center staff hawk get-rich-quick dreams across the world in the form of cryptocurrency and stock investments for a company called Milton Group.

Now, a cache of documents handed to the Swedish daily Dagens Nyheter by a whistleblower from inside the call center, and shared with OCCRP, exposes the inner workings of this type of fraud: an old-fashioned boiler-room scam that leverages the power of social media to operate on a global scale.

Armed with a list of over 1,000 people targeted by the call center, reporters from 21 countries and dozens of media outlets spoke to more than 180 victims, revealing a trail of ruined lives from Sweden’s Arctic Circle to the Ecuadorian Amazon, passing through small industrial towns in the Balkans and major world cities like London and Sydney.

The stories were strikingly similar. Many first came into contact with the scam through Facebook ads promising remarkable returns on investments. After entering their contact details to find out more, victims would be deluged with high-pressure sales calls. They would make a small “investment” that quickly yielded impressive — but fake — profits. But requests to withdraw the full funds were not honored.

A screen shown to a Milton Group victim, mimicking a real investment. The losses and gains were entirely fake.Credit: Alexander Mahmoud/DN

Those worst affected were preyed upon by the call center’s “retention” desk, whose job was to conjure up new ways to extract more money, often through brutal psychological pressure. Some were harassed into taking out huge loans, threatened by forged letters from UK financial regulators demanding taxes, or contacted by fake lawyers offering to help get their money back — for yet another fee. In the most extreme cases, Milton Group’s retention specialists would convince victims to install software on their computers that allowed the scammers to control them remotely, and steal more money in the process. Some lost more than $200,000.

The victims, fooled by foreign names and addresses, and assurances of sky-high returns, believed they were on the phone with a legitimate investment business based in Western Europe. They had no inkling that the people on the other end of the line were largely young Ukrainians or Middle Eastern and African migrants in Kyiv.

Some tried to report their losses to police in their countries, but law enforcement largely failed to connect the dots. Cyber-crime units in multiple countries affected by the call center, including Spain and Italy, told OCCRP and its partners that they were aware of such cross-border frauds, but that they are hard to detect, often go unreported, and require cooperation between law enforcement bodies across many jurisdictions.

POLICING A GLOBAL BOILER ROOM
The industrial-scale fraud carried out by Milton Group is part of a wave of so-called boiler-room scams that have swept the world in recent years, reeling in victims with the lure of making a quick buck in a trendy investment: binary options (betting on prices going up or down), foreign currency exchanges (sometimes known as forex), and more recently, cryptocurrencies such as Bitcoin.

However, Swedish authorities have now opened an investigation based on the whistleblower’s extensive evidence, and have been in touch with Europol about the allegations.

fraud-factory/Alexey.jpg

The whistleblowerCredit: Alexander Mahmoud/DN

“This company what they do, everything is fake,” said Alexey, the whistleblower. (His real name cannot be used to protect his safety.) “They just steal money from people.”

He said staff were told the Kyiv center took in a massive 65 million euros in sales in 2019. To celebrate, the company’s leaders threw a lavish New Year’s party themed around the novel “The Great Gatsby,” about a Jazz-Age bootlegger and con artist. Under neon lights, hundreds of Milton staffers watched contortionists and fire-dancers perform, and were awarded prizes, including cars, cash, and free lodging, for especially good salesmanship.

A still from hidden camera footage of the Milton Group New Year’s party.Credit: DN

Milton is apparently tied to other call centers in Albania, Georgia, and North Macedonia employing hundreds more staff.

In some cases, OCCRP was unable to identify whether the specific scam reported by a victim was related to Milton Group. This is not surprising given that many clients had been the victims of repeated scams from a variety of fake investment brands, which by nature are difficult to trace. However, many of them named known call-center operators from Kyiv and the brands they sold.

While it is impossible to determine whether every investment that passed through the Kyiv center was fraudulent, reporters from DN and across OCCRP’s network spoke to more than 180 victims listed in Milton’s client database who confirmed they had lost their money in investment scams. A few had been able to withdraw some funds, likely in an attempt to encourage further investments, or remained hopeful they would be able to cash out their “earnings” one day.

The supposed investments were made by transferring funds through Western Union, bank accounts, credit cards, and cryptocurrencies. Milton salespeople received a higher commission if they could convince their clients to pay in bitcoins and other cryptocurrencies, since they are harder to trace. Many of the bank-to-bank transfers were routed through the private accounts of individuals with a UK financial company, with clear instructions not to indicate the money was for investing.

In many cases identified by OCCRP, online credit-card payments were handled by a Cyprus-based company called Naspay, which bills itself as a “state-of-the-art payment gateway” and is owned by David Todua — the same Georgian-Israeli man the whistleblower identified to law enforcement as the person behind Milton Group. (Todua vigorously denies holding any “formal or informal position” in the company, although he conceded that he had attended Milton Group’s New Year’s party as a guest. He also said that Naspay does not process payments, but merely “transfers information” between websites that accept payments and financial institutions. OCCRP did not find evidence Todua has any ownership of Milton.)

After their initial investments, some victims were told they needed to send additional fees in cash to individuals in far-flung countries such as Colombia and Uganda rather than company bank accounts.

Leif Nixon, a Swedish cryptocurrency expert who helps law enforcement investigate bitcoin-related crime, analyzed the bitcoin addresses used by Milton Group to accept payments from its customers. He said the set-up did not appear to be that of a legitimate operator.

He noted several indications that clients’ money was not being invested as promised, including the fact that many different people were told to send their bitcoins to the same few addresses. Clients were also given different addresses each time they made a payment.

“It’s like opening a bank account, but you don’t get an account number; instead, for every deposit you make you get a different account number,” Nixon explained.

Ultimately, he said, $5.9 million in bitcoins from seven of Milton Group’s addresses disappeared into East Asian exchanges in 2019.

“I can’t see why a legitimate operation would make these kinds of transactions,” he said. “It doesn’t make any sense.”

Call center staff were well aware that their job was to steal, the whistleblower says. Alexey told DN that on one of his first days at Milton, the sales manager joked that even when she was as young as six, she dreamed of being a “motherfucker and stealing people’s money.”

fraud-factory/Client-Getting-Fucked.jpg

Milton’s internal database is laced with crude comments about clients and how they can be “fucked” out of money.Credit: OCCRP

At a training session for new staff at a Tbilisi call center linked to the Milton Group, attended by an undercover reporter last month, a trainer explained that the company’s goal was for customers “to lose their money in a realistic way.” Asked why, she laughed: “It’s naive to ask, to be honest. When they lose the money, it stays with us.”

An internal customer database reviewed by reporters is laced with expletives about “fucking” clients out of money, as well as highlighting their vulnerabilities and how they might best be targeted. In one note from October 2019, a Milton staff member wrote of a 67-year-old Swedish woman: “Sold her home to pay, no money, crying.”

A 67-year-old Swedish woman targeted by Milton Group. She told journalists she had lost nearly everything she owned.Credit: Alexander Mahmoud/DN

That woman, reached by Dagens Nyheter in a rural part of central Sweden, told journalists she was tricked into investing over $100,000 by Milton staff who took out loans on her behalf.

She, like many other victims, was initially sucked in by the illusion that she was making huge profits: “You become hypnotized and brainwashed.”

But when she wanted to withdraw her supposed earnings, “they disappeared.” Today she cannot afford to buy food or pay her rent. “I have nothing to live for,” she said. While Milton Group’s fake investments have brought its victims financial ruin, the picture is very different for the firm’s alleged managers.

A review of their social media profiles shows that they have a penchant for expensive cars, foreign holidays, and guns. Some also have high-level political connections.

The CEO of Milton Group is Jacob Keselman, who declares himself “the Wolf of Kiev” on his Instagram account, a nod to “The Wolf of Wall Street,” the Hollywood film about a notorious penny-stock scammer. His social media profiles are replete with photos of luxury cars, foreign holidays, and the occasional gun. In one photo he can be seen working in a room with a spectacular view of the Eiffel Tower. He writes: “The one who loves his job is truly happy.”

Jacob KeselmanCredit: Instagram
fraud-factory/Collage1-01.jpg
Still images from a video promoting a “teambuilding” party held by Milton Group. Jacob Keselman appears at center in the bottom photo.Credit: Lyubo-Dorogo/YouTube

OCCRP could not obtain official information about Keselman’s national origin, but on his LinkedIn profile he writes that his native language is Russian, he attended university in Kyiv, and he did two stints in sales in Israel before joining Milton Group.

Contacted for comment, Keselman denied that Milton Group had defrauded anyone. “You know how it is working, investment and forex brands … a lot of clients lose money because they don’t understand how it’s working,” he said. He went on to claim that Milton only provided IT support for companies selling investments. He did not respond to follow-up questions.

David Todua, a 38-year-old Georgian-born Israeli citizen, is a frequent visitor to the call center office in Mandarin Plaza, where according to Alexey the staff knew him as one of Milton Group’s owners.

Alexey said he saw Todua there at least six times, including once in November 2019, when he congratulated the staff on their performance and said Milton had brought in $50 million that year to date. The whistleblower said Todua always travelled with multiple bodyguards.

No official documents connect Todua to the scam call center, which on paper is owned by a different Georgian, Irakli Dadivadze. OCCRP was unable to track down any information about him.

However, Todua does own Naspay, a Cyprus-based payment platform through which Milton processes many of its “investments,” internal documents show.

At the firm’s New Year’s party, a man named David was called up to the stage by Keselman, the CEO, identified as the company’s “father,” and presented with a cake with three candles in it, representing the three years Milton Group had been in operation. The whistleblower identified this “father” as David Todua.

“In December, the company turned three years old,” Keselman said, according to an audio recording of the event obtained by OCCRP. “We are big kids, and our father is proud of us, while we are proud of him. And firstly [we] want to say a big thank you, David. And we want to give a cake, because what birthday is without a cake? And David will blow out the candle today.”

fraud-factory/DavidToduaguns3a.jpg

Credit: Instagram

fraud-factory/DavidToduaatMiltonGrouppartya.jpg

Images from David Todua’s personal Instagram account. The bottom photograph pictures Todua at Milton Group’s New Year’s party.Credit: Instagram

Todua told OCCRP he had been at the firm’s New Year’s party as a guest of Keselman, but denied holding any role in the company. “I am not father of any company, I am a proud father of 5 children,” he said.

On Instagram, he calls himself david_todua_007 and poses with a golden Kalashnikov, shoots with a sniper rifle, celebrates birthdays with a champagne tower, and posts photos of expensive cars parked outside his home. (“Hunting is indeed one of my hobbies,” he told OCCRP.)

He also has business ties with a surprising number of politicians from several countries, including ministers and other figures from the United National Movement party, which governed Georgia under President Mikheil Saakashvili for almost a decade until 2012. Saakashvili later became a Ukrainian citizen and forged a political career in the country.

Little is known about Todua’s life in Israel, where he migrated with his family in 1993, but court records and posts from his social media accounts show that he lived until recently in a villa near Tel Aviv. Today he lives in Cyprus.

In Albania, which boasts a 400-strong call center that also appears to be linked to Milton Group, the company operating it is owned by an adviser to a senior minister.

THE GEORGIAN CONNECTIONS
Although David Todua’s family left Georgia for Israel when he was just 11, as an adult he has ties to a surprising number of prominent political figures from his home country.

 

“You Will Never Regret This Decision”

 

Milton Group’s Kyiv call center does not appear unusual at first glance: Hundreds of phone sellers sit side by side, headsets on, using modern telephone and customer management systems.

Workers make up to 300 calls a day to clients around the world in an attempt to reach their monthly sales targets and secure bonuses.

fraud-factory/Inside.jpg

A worker inside the Kyiv call center.Credit: OCCRP

The center is split into different sales desks by language — including Russian, English, Italian, and Spanish — each targeting their own areas of the world. Sellers use so-called “stage names” to build trust with the person on the other end of the call: A Senegalese man on the German desk goes by the name “Todd Kaiser,” while a Ukrainian woman whose real name is Daria calls herself “Diana Swan” or “Kira Lively.”

“But undercover footage from inside Mandarin Plaza, as well as leaked internal documents, confirm that Milton was no ordinary call center.”

It is protected by burly guards and personal mobile phones are forbidden.

On the walls, next to posters of sports cars, a whiteboard sets out sellers’ monthly targets: $40,000 for the Russian market; $60,000 for Spanish, and $100,000 for those working the English-speaking desk.

The staffers in the sales department are provided with a set of notes explaining exactly how to target “clients” by nationality.

fraud-factory/Sales-script1.jpg

Notes from Milton Group on how to target clients, based on their nationality or their reasons for not wanting to invest.Credit: OCCRP

Scandinavians, the notes say, are mostly “old people and they really need someone to talk to.”

People from the UK, Australia, and New Zealand, on the other hand, like to believe they know everything and are certain that their countries are the best in the world, so call center workers are advised to pump them up.

“The only way to Handle [sic] such people is not to argue with them on whatever direction they take and make them feel that they are intelligent,” the notes explain.

“Later talk to them about how important the financial market has become because of great countries like Australia, UK, and New Zealand.”

“You will never regret this decision” is another line suggested to entice customers.

Those targeted by Milton Group are offered the chance to invest in cryptocurrency, stocks, or foreign currencies through a variety of different “brands,” all of which have generic-sounding names and similar websites, and are moved out of the rotation over time. Recently, Milton Group’s brands have included CryptoMB, Cryptobase, and VetoroBanc. All have been subject to recent investor warnings from regulators in the UK, Italy, and Spain.

The precise relationship between the call center and the brands they market is not always clear. Brands are sometimes not associated with any legal entity; when they are, they hide behind offshore secrecy. CryptoMB and VetoroBanc are run by offshore firms in the Marshall Islands and St. Vincent & Grenadines, respectively, while OCCRP could find no evidence that Cryptobase was tied to any specific company.

fraud-factory/VetoroBanc.jpg

The website for VetoroBanc, one of the brands sold by Milton Group. It presented itself as an independent company, but was actually invented by workers in Milton’s Kyiv office, with the name chosen because it sounded Italian, according to the whistleblower.Credit: OCCRP

 

Alexey told journalists that the supposed VetoroBanc was entirely fabricated inside the Milton offices, with the name chosen by the Italian retention manager because it sounded “like one of the Italian banks.” The VetoroBanc website uses stock images for its staff that appear to have been taken from the internet. “Sylvia Moreno,” a supposed market analyst, is in fact an American pediatrician.

Alexey explained that staff had no specific expertise in financial products, but were carefully taught to sell “emotions.”

“It doesn’t matter which emotions, positive or negative: You can sell those fake products if people are really thinking about that,” he explained.

Clients were often shown huge profits to encourage them to invest further funds, but the money was always just numbers on a screen, the whistleblower explained. The only time victims were allowed to receive any of their funds back was in order to encourage an even bigger investment.

The most promising — and vulnerable — investors were passed on to the “retention team,” where the top salesmen work.

Their job is to “squeeze the money from the clients to the last cent,” Alexey explained, pushing them to borrow money and sell their cars and apartments. In one case, he said, a heavily pregnant Russian woman was convinced to hand over the small nest egg she had scraped together for her baby.

The most prolific and ingenious scammer at Milton Group is a man on the retention team who tells prospective investors his name is “William Bradley.”

In fact, he is a young Iranian who uses images of well-known US salesman and motivational speaker Marc Wayshak — who dubs himself “America’s sales strategist” — to disguise his identity on video calls.

OCCRP was unable to verify his real name, but at work and on social media he goes by “Hamze” and speaks fluent Farsi. Alexey claimed he takes in a massive $450,000 a month.

The call center’s internal customer database tracks how much each client has “invested,” as well as the potential to extract more money from them. Comments seen by OCCRP are laced with profanities and details of clients’ vulnerabilities.

One reads: “I saw 800 EUR in his bank and he is sick, he have problem and he told me I want someone fuck me and I said Foster [another call center operator] will fuck you.”

Another reads: “Getting fucked every month for at least 1000 EUR. Gets pension on the 20th/works every tuesday.”

Notes from the Milton Group’s internal customer database describing the situation of one of their victims, Östen Morian.Credit: Alexander Mahmoud/DN

fraud-factory/Mean-Note-to-Osten.jpg

An email to Östen Morian by a woman purportedly working for the European Securities and Markets Authority, demanding that he answer his phone.Credit: Alexander Mahmoud/DN

Of another man, a call center staffer wrote: “Very Old man/pushed him to get the commission payment, hoping he can sort that out today, should call back at 3pm Sweden time.”

A month later, another note appears: “He is at his friend’s home because he doesn’t have money for food. Call him back on Monday, lost 400 k.”

That client was 75-year-old Östen Morian, a retired carpenter who lives close to the Arctic Circle in remote northern Sweden.

Contacted by DN, Morian confirmed he had lost around 400,000 Swedish krona (about $41,000) to the scammers after taking out loans, at 39 percent interest, to make what turned out to be fake investments. He was left heavily indebted.

“I don’t know what I can do,” he said. “Wait to die only.”

fraud-factory/Fake-William.jpg

Östen MorianCredit: Alexander Mahmoud/DN

 

Pursued by Fake Regulators, Lawyers — and “The Gunvernator”

It was New Year’s Eve 2019, and “William Bradley” was marking the occasion by checking in with one of his most lucrative clients, according to undercover footage obtained by the whistleblower.

“I am really happy I know you in this year and I really want to have a beautiful year in 2020 and do all our business together bigger,” he said. “I am telling you from the bottom of my heart…I wish you will have a good rest, and start this year with a beautiful energy that you have.”

fraud-factory/Fake-William.jpg

An image provided by a Milton Group victim showing his video call with “William Bradley,” who is using a filter to make his face look like American motivational speaker Marc Wayshak.Credit: OCCRP

After Bradley hung up, his tone shifted. Asked by the whistleblower if he had “fucked him twice,” Bradley gloated: “More than six times, seven times of commission.”

He added that he kept extracting more money from the victim by convincing him that his losses were his own fault.

Reporters from DN and OCCRP partner Investigace.cz tracked down the man on the other end of the line, a 48-year-old IT specialist living in a small town in the Czech Republic.

Despite being tech-savvy, he acceded to “William Bradley’s” request that he install the TeamViewer program, a commercially available software product that allows remote access to computers and was frequently used by the call center to “help” clients with bank transfers and loan applications.

He also installed a plug-in for the Google Chrome browser that allows code to be inserted into webpages, allowing an outsider to tamper with their appearance. The log of its activities shows it was used to fake the transfer of $317,476.00 from one of Milton’s brands, Cryptobase, to Blockchain, a legitimate bitcoin operator.

Since making his first investment in November 2019, the Czech man lost more than $200,000. He asked to remain anonymous because he was so ashamed of his massive losses.

“I invested in this to get money for the pension and for my daughter. I was looking for a good investment,” he said. “But this was a bad way I chose.”

A Milton Group victim watching footage of one of the call center’s operators boasting about scamming him.Credit: Alexander Mahmoud/DN

Shown the footage of William Bradley speaking to him from inside the Kyiv call center, he chuckled ruefully. “Yes, it is nice to see how stupid I am.”

In order to delay victims’ realization that their money has been lost, Milton Group’s retention team deploys a host of other scams, including what are known internally as “call from the banker,” “call from tax service,” and “call from a money laundering officer,” according to Alexey. Various members of the retention team are drafted to pose as these officials.

Threatening phone calls are then backed up by forged letters from bodies such as the UK’s revenue and customs service or its financial regulatory body, the Financial Conduct Authority, or from genuine banks such as Barclays and Nordea.

Examples provided to reporters by victims are laced with spelling mistakes, including frequent claims that the letters are “CONFIRMED FROM THE GUNVERNATOR” of various countries or banks.

Credit: OCCRP

One of the worst affected victims was a woman who came to Norway from Iran. She was contacted by a man purporting to be a sales representative for a company called CryptoMB — actually “William Bradley.”

The woman says she lost more than $200,000 to CryptoMB, much of it money she had borrowed for that purpose, but when she reported the loss to Norwegian police, she was told there was “no reasonable reason to investigate the existence of a criminal offense.”

She was also contacted by a Persian-speaking lawyer called Amir Akbari who was getting in touch to help her retrieve funds, according to documents obtained by Norwegian newspaper VG. The whistleblower told DN this was, in fact, “Bradley.”

“William Bradley” appears in several Swedish police reports filed by victims and obtained by DN, but all were also closed with little investigation. “The international character of the crime…makes it hard to investigate,” Patrick Lillqvist, head of the fraud department for the Stockholm police, told DN.

It was not just the English-speaking desk that used these aggressive techniques.

In Puyo, a town in Ecuador’s Amazon rainforest, a man named Alex was browsing a social media site in late 2018 when his interest was piqued by an advertisement offering a chance to “make money fast.”

After entering his contact information, he received a call from a man calling himself “Jorge Alvarado” and purporting to be a sales consultant for a cryptocurrency investment company called CryptoMB.

He borrowed thousands of dollars from family members to keep making investments, then for fake fees the staff at CryptoMB convinced him he needed to pay in order to withdraw his profits. He showed journalists a forged letter from HM Revenue & Customs confirming he had paid the “tax.”

“After a few days my wife was cursing me, she almost kicked me out of the house,” Alex told OCCRP partner Plan-V.

“I contacted HB Customers [HM Revenue & Customs], but they unfortunately speak English and they don’t understand anything,” he said.

The Money Trail

fraud-factory/HMRC-Letter-1.jpg

Credit: OCCRP

fraud-factory/HMRC-Letter-2.jpg

A letter purportedly from HM Revenue & Customs sent to Alex, an Ecuadorian man who was targeted by Milton Group, and another forged letter sent to a Spanish victim demanding a tax payment.Credit: OCCRP

Journalists could find no evidence that the money supposedly invested by any of Milton Group’s “customers” was ever used as promised.

Instead, payments in cash were routed through companies such as Western Union to individuals in a variety of countries, including Colombia and Uganda. Bank-to-bank transfers were made through Clear Junction Ltd, a UK-regulated firm owned by Israeli national Dmitri Kats. (In a written response, Kats said Clear Junction “carries out all the necessary checks required by UK legislation, as well as according to the best practices of the financial industry and our stringent internal procedures.” It said it could not comment on whether MIlton Group was a client, due to confidentiality requirements.)

Victims were told to deposit their money in Clear Junction accounts in the names of individuals, while call center staff were instructed to ensure there was no mention of terms like “crypto,” “investment,” or “brand” in the transfer documents.

One 55-year-old electrical technician from the small city of Bor in eastern Serbia has been left with crippling debt after being scammed by one of Milton’s brands, CryptoMB, according to interviews carried out by OCCRP’s partner center in Serbia, KRIK.

He initially sent around $100 in cryptocurrency to CryptoMB and saw his investment soar to $300 or $400 — at least onscreen. This prompted him to invest more.

“I might have invested around $1,000 [total] with them, and I made money: Over $20,000 was written there,” he said. “The problem is when money has to be withdrawn, that’s when the problem starts.”

When his “profit” reached $23,000, he tried to withdraw money, but was stung with fictional lawyers’ fees. Desperate to redeem his earnings, he paid the fake lawyers by taking out loans.

At one point he received a phone call from CryptoMB claiming the company had collapsed and been taken over by the UK government. Another $250 payment was required, but this time he was told it needed to be sent to Colombia.

He wired it to a woman there via Western Union as instructed, but never received any of his money back.

“I feel terrible. I feel catastrophic. How can I tell you?” he said.

“I took out a loan at the bank so I could give that money, and now I’m in debt and I don’t have money. How can I feel [but] pathetic and miserable?”