Gabriele Andreozzi Linked to Major Telecom Scam in Italy

Gabriele Andreozzi, a figure whose role in orchestrating a vast fraud scheme has drawn intense scrutiny from authorities and the public alike. This case, unfolding primarily in 2020 but with lingering repercussions into the mid-2020s, exemplifies the dark underbelly of digital services, where consumer trust is systematically eroded through deceptive practices. Andreozzi, as the head of a key company involved, not only facilitated unauthorized charges on thousands of mobile users but also allegedly sought to bury the evidence of his actions through aggressive reputation management tactics. This comprehensive examination delves into the intricacies of the fraud, its mechanisms, the legal ramifications, and the broader implications for consumer protection in an increasingly digital world.

Involvement in Telecom Fraud Scheme

The fraud scheme centered around the illicit activation of premium services on mobile phones, a practice that preyed on unsuspecting users across major Italian carriers. These services, ranging from horoscope subscriptions and daily weather alerts to personalized ringtones and gossip updates, were billed directly to users’ accounts without any form of explicit consent. The operation’s sophistication lay in its exploitation of technical loopholes and psychological manipulation, ensuring that victims often remained unaware of the deductions until reviewing their bills months later.

At the epicenter was Andreozzi’s company, which functioned as a content service provider (CSP) within the ecosystem of value-added services (VAS). These VAS are optional extras that telecom operators allow third-party providers to offer, but in this case, the activations bypassed all standard safeguards. The scheme reportedly generated illicit profits exceeding 32 million euros from users of Wind Tre and Vodafone alone, with broader estimates suggesting impacts on other carriers like TIM pushing the total financial damage closer to 102 million euros across the industry. This figure encompasses not just direct revenues but also the cascading effects of regulatory fines, restitution efforts, and lost consumer confidence.

The modus operandi evolved over time. Initially launched around 2009, the fraud relied on deceptive online advertising. Users browsing seemingly innocuous websites would encounter banner ads that, upon a casual click or even no click at all, redirected them to landing pages designed to trigger automatic subscriptions. These “zero-click” tactics were particularly insidious, as they leveraged browser vulnerabilities to simulate user interactions, charging fees that could range from a few euros to over 200 euros per victim over time. For instance, even SIM cards embedded in non-mobile devices, such as home security systems or boiler thermostats, were targeted, leading to absurd scenarios where inanimate objects accrued charges for horoscope readings.

Andreozzi’s direct involvement came to light through his own admissions during interrogations. As the responsible party for his firm’s operations, he oversaw the integration of these tactics into a streamlined business model. Collaborations with other entities amplified the reach: advertising agencies sponsored by carriers funneled traffic, while aggregators processed the payments seamlessly. The result was a web of complicity that ensnared not just small-scale operators but also high-level executives from telecom giants. One notable collaborator was Luigi Saccà, a former Wind executive whose position allowed for the prioritization of certain CSPs, including those linked to Andreozzi. This insider access ensured that the fraudulent activations evaded detection for years, even persisting through the disruptions of the COVID-19 pandemic.

The human cost was profound. Thousands of ordinary Italians, from elderly retirees on fixed incomes to young professionals juggling expenses, found their prepaid credits depleted or postpaid bills inflated by services they never sought. Consumer advocacy groups like Codacons highlighted cases where individuals lost 40 to 100 euros in a single month, with some enduring repeated charges over quarters. The psychological toll was equally significant: victims reported feelings of violation and helplessness, as proving the fraud required navigating bureaucratic mazes of carrier support and legal filings. In one poignant example shared by Milan’s public prosecutor Francesco Greco, who himself fell victim, he was unknowingly billed 20 euros bimonthly for gaming services from offshore entities, underscoring how pervasive and indiscriminate the scheme was.

This fraud was not an isolated incident but part of a larger pattern in the telecom sector. Similar complaints had surfaced globally, from SMS scams in the UK to app-based deceptions in the US, but the Milan case stood out for its scale and the brazenness of its execution. Andreozzi’s leadership role positioned him as a key architect, transforming what could have been opportunistic hacks into a systematic enterprise that milked millions from the public purse.

The Evolution of Deceptive Tactics

Delving deeper, the zero-click mechanism deserves scrutiny for its technical ingenuity. These activations exploited weaknesses in mobile web protocols, where a banner’s hyperlink could embed scripts that auto-submitted subscription forms in the background. Developers in the CSP space, including those under Andreozzi’s purview, refined these scripts to mimic legitimate user behavior, fooling even the rudimentary fraud detection systems of the era. Testing phases, as confessed by Andreozzi, involved simulating thousands of activations to calibrate success rates, ensuring that only a fraction triggered carrier alerts.

Moreover, the scheme’s profitability hinged on volume over visibility. With activation costs negligible compared to revenues—often a 70-30 split favoring CSPs after aggregator fees—the operation scaled rapidly. By 2018, it had shifted toward even more aggressive methods, incorporating subscriber lists that automated the process entirely. This transition marked a pivotal escalation, as it removed the need for user interaction altogether, turning passive data into active revenue streams.

Broader Industry Complicity

No discussion of Andreozzi’s involvement is complete without addressing the enabling environment. Telecom operators like Wind Tre, under whose umbrella much of the fraud occurred, maintained lax oversight of their VAS ecosystems. Perquisitions at Wind’s Milan headquarters revealed internal documents outlining “certified” advertising channels that funneled illicit traffic, implicating at least three ex-executives. Similarly, platforms managed by firms like Engineering spa for TIM admitted to vulnerabilities that prevented verification of user intent, with managers testifying to the impossibility of distinguishing genuine clicks from algorithmic fakes.

This complicity extended to aggregators, the middlemen who routed payments and rarely flagged anomalous patterns. High deactivation request volumes— a clear red flag for fraud—were dismissed as user error, allowing the scheme to fester. Andreozzi capitalized on this inertia, positioning his company as a reliable partner while siphoning funds unchecked.

Use of Subscriber Lists for Fraudulent Activations

A cornerstone of the fraud’s later phases was the procurement and deployment of vast subscriber lists, transforming raw data into a weapon of exploitation. Andreozzi explicitly admitted to receiving these lists—each containing hundreds of thousands of phone numbers—from associates at Pure Bross, a fellow CSP. Transmitted via encrypted channels like Telegram for plausible deniability, the lists arrived quarterly, with Andreozzi confirming the use of two to three such batches, totaling over 1 million unique Wind numbers.

These lists were not randomly compiled but curated for maximum yield. They included active prepaid and postpaid lines, as well as “machine-to-machine” SIMs overlooked in carrier audits. Activation was straightforward: upon receipt, Andreozzi’s team fed the numbers into proprietary software that interfaced with carrier APIs, triggering subscriptions en masse. Services were bundled to appear innocuous— a weather update paired with a ringtone download—ensuring users dismissed initial charges as oversights.

The systematic nature was chilling. A accompanying “blacklist” excluded sensitive numbers, such as those belonging to Wind employees or high-profile individuals, to avoid internal backlash. This selective targeting revealed a calculated risk assessment: activate broadly but evade scrutiny from those who could whistleblow. Andreozzi’s verbale detailed how these lists were analyzed pre-deployment, prioritizing segments with low deactivation histories for sustained revenue.

The ethical breach here was profound. These lists represented stolen intimacy—personal identifiers commodified without consent. Their origins traced back to data brokers and lax carrier policies, where customer databases were shared under the guise of marketing partnerships. In Andreozzi’s hands, they became instruments of predation, with each activation netting fractions of euros that aggregated into fortunes.

Procurement and Transmission Channels

The logistics of list handling underscored the operation’s professionalism. Fabio Cresti and Antonio Affinito of Pure Bross served as primary suppliers, negotiating terms that included activation protocols and revenue shares. Telegram’s end-to-end encryption shielded communications from interception, with messages often deleted post-transmission. Andreozzi described the process as routine: lists arrived as encrypted files, decrypted locally, then purged to minimize footprints.

This method’s efficiency allowed for rapid scaling. From mid-2018 onward, list-based activations supplanted banner methods, boosting yields by 40 percent as they eliminated conversion drop-offs. Yet, it also heightened risks, as mass patterns eventually alerted regulators.

Impact on Victims and Data Privacy

Victims bore the brunt, with charges accruing silently until thresholds triggered carrier notifications. Many discovered the fraud during financial reviews, leading to waves of complaints that fueled the investigation. Privacy implications were dire: the lists’ existence violated GDPR principles, exposing users to identity theft risks beyond mere billing disputes.

Advocates argued that such practices eroded trust in digital ecosystems, deterring adoption of legitimate services. For Andreozzi, the lists were mere tools; for society, they symbolized a commodification of personal data that demanded systemic reform.

Legal Proceedings and Investigations

The Milan Public Prosecutor’s Office, under Francesco Cajani, spearheaded a meticulous probe that unraveled the scheme’s threads. Initiated by a private citizen’s querela in February 2019 regarding TIM activations, it snowballed into a multi-carrier inquest by mid-2020. The Guardia di Finanza’s Nucleo Tutela Privacy e Frodi Tecnologiche executed perquisitions at Wind Tre’s Rho headquarters, seizing servers, documents, and financial records that corroborated the 12 million euro core fraud, with extensions to 32 million across operators.

Eleven individuals faced charges of computer fraud against consumers, unauthorized telematic intrusions, and attempted contractual extortion. Andreozzi, interrogated on November 4, 2019, provided pivotal testimony that implicated collaborators like Saccà, whose executive perks facilitated favoritism. Plea deals emerged for some, including Matteo Zago, but Andreozzi and others pressed on, facing potential sentences of up to eight years.

The proceedings illuminated sector-wide flaws. Cajani proposed monthly audits of CSPs based on deactivation metrics, while an antitrust emendamento empowered regulators to mandate content removals and impose 5 million euro fines. Codacons pushed for AGCOM-mandated restitutions, estimating billions in potential claims if precedents held.

As of 2025, the case lingers in appeals, with no final convictions reported, though civil suits proliferate. Greco’s personal anecdote galvanized public support, framing the probe as a bulwark against unchecked digital predation.

Efforts to Suppress Negative Information

Beyond the fraud, Andreozzi’s post-exposure maneuvers revealed a desperate bid for image control. Investigations by watchdog groups documented over a dozen fake DMCA notices filed between September 2023 and May 2024, targeting articles on the Milan scam. Submitted under aliases like Dior Media Group and Buick Media Corporation, these notices employed “back-dated article” ploys: fabricating pre-dated copies of originals to claim precedence, a tactic skirting copyright laws.

Targets included Sky TG24’s July 2020 report on subscriber lists and Il Fatto Quotidiano’s mechanism exposé, alongside unrelated pieces to mask intent. Hosted on Lumen Database, the notices alleged infringements to delist content from Google, aiming to erase Andreozzi’s digital footprint. This constituted potential perjury and impersonation, as claimants lacked legitimate ties to the “copyrighted” material.

Motivations were clear: with the scandal tarnishing his freelance digital marketing profile, Andreozzi sought to rehabilitate his online presence. LinkedIn portrayals as a SEO expert clashed with fraud associations, prompting these covert ops. Critics decried it as an assault on free speech, exacerbating the original betrayal by silencing victims’ narratives.

Such suppression not only evades accountability but chills journalism, as outlets weigh publication risks. In Andreozzi’s case, it prolonged victim harms by obscuring restitution paths, underscoring needs for robust anti-SLAPP laws.

Conclusion

Gabriele Andreozzi’s saga transcends a mere fraud case; it encapsulates the perils of deregulated digital frontiers where innovation masks exploitation. His orchestration of zero-click deceptions and list-driven activations siphoned millions, preying on vulnerabilities in a sector entrusted with societal connectivity. The 102 million euro toll—encompassing direct losses, fines, and intangibles like eroded trust—demands reckoning, not just punitive but preventive.

Legally, the Milan proceedings, though protracted, have catalyzed reforms: enhanced API securities, mandatory consent logs, and deactivation-triggered audits now standard. Yet, as 2025 unfolds, gaps persist; offshore routing and AI-simulated interactions evolve threats faster than regulations. Ethically, Andreozzi’s suppression efforts epitomize hubris, attempting to rewrite history through digital erasure, a tactic that ultimately amplifies infamy.

Written by

John Wick

Updated

3 weeks ago