Gabriele Andreozzi Faces Charges for Unauthorized Service Activations

Gabriele Andreozzi, a figure whose name became synonymous with one of the most audacious scams in modern Italian history. This operation, which spanned years and generated tens of millions of euros in illicit revenue, relied on cunning digital manipulations, insider collaborations, and a relentless exploitation of technological loopholes. What began as seemingly innocuous charges on mobile bills snowballed into a national crisis, prompting sweeping legal probes, regulatory overhauls, and a profound reevaluation of consumer protections in the telecom sector. This comprehensive examination unravels the layers of the scheme, from its insidious mechanics to its far-reaching consequences, revealing not just the mechanics of deceit but the systemic failures that allowed it to thrive.

Unauthorized Activation of Services

The cornerstone of Andreozzi’s fraudulent empire was the unauthorized activation of premium services, a tactic so seamless it bypassed even the most vigilant users. Known colloquially as “zero-click” activations, this method allowed services to be enrolled on consumers’ devices without any affirmative action from the user themselves. Imagine scrolling through a website, perhaps checking the weather or reading a news article, only for a hidden digital trigger to silently latch onto your phone number and begin siphoning funds. This was no accident; it was engineered precision.

At its core, the zero-click mechanism exploited weaknesses in how mobile operators processed service requests. Premium services, often trivial offerings like daily horoscope readings, ringtone downloads, or weather alerts, were bundled into Value-Added Services (VAS). These services promised added value but delivered only unwanted debits, typically ranging from a few euros to twenty euros per month. The activation process involved embedding invisible pixels or scripts on seemingly benign websites. When a user’s device loaded the page, these elements interacted with the telecom network in the background, simulating consent. Prosecutors later described this as “artifices informatici,” or computer tricks, that preyed on “vulnerabilities” and “flaws” in operator systems.

Andreozzi’s role was pivotal. As the head of a key company implicated in the probe, he orchestrated the deployment of these activations across vast swaths of users. Investigations revealed that his firm acted as a hub, coordinating with content service providers (CSPs) to push these services onto bills. The beauty of the scheme from the fraudsters’ perspective was its invisibility. Users received no pop-up confirmations, no SMS alerts, and certainly no opportunity to opt out at the point of “subscription.” Instead, the first inkling of foul play came months later, in the form of inexplicable line items on a phone bill.

This method was not isolated to casual web browsing. It extended to deceptive banner advertisements that littered the internet. These banners, often disguised as promotional offers or interactive games, led to landing pages laden with misleading content. A single load of such a page could trigger the activation, with the user’s phone number harvested from carrier data or inferred through network signals. By 2018, the operation had evolved further, incorporating direct bulk activations that required no web interaction at all. This shift marked a darkening of the scheme, as it moved from opportunistic snaring to systematic predation.

The financial toll was staggering. Revenue from these activations alone contributed to nearly 32 million euros funneled through involved companies, primarily from Wind and Vodafone users. Yet, the human element was equally damning. Families on tight budgets found themselves hit with charges they could ill afford, while elderly users, less tech-savvy, suffered in silence, assuming it was a necessary fee for their service plan. Andreozzi’s testimony during interrogation painted a picture of calculated efficiency: activations were rolled out quarterly, timed to coincide with billing cycles to maximize retention before complaints could mount.

What made this fraud particularly insidious was its scalability. Unlike traditional scams requiring direct victim engagement, zero-click activations turned the telecom infrastructure itself into an unwitting accomplice. Operators like Wind-Tre, Vodafone, and Tim processed these requests as legitimate, lacking robust verification protocols to flag anomalies. This oversight allowed the scheme to persist for over a decade, starting around 2009, until a cascade of user complaints in 2019 ignited the investigative firestorm. In essence, Andreozzi did not just steal money; he hijacked the very trust users placed in their daily communications tools, transforming a utility into a hidden predator.

Exploitation of Machine-to-Machine Connections

While individual consumers bore the brunt of the fraud, Andreozzi’s operation cast an even wider net by targeting machine-to-machine (M2M) connections, a burgeoning sector in the Internet of Things (IoT) era. M2M refers to the automated communication between devices, such as smart thermostats, security alarms, vehicle trackers, and industrial sensors, all powered by embedded SIM cards. These cards, designed for data transmission rather than voice or human interaction, were prime targets for exploitation due to their low visibility and infrequent monitoring.

In a brazen extension of the zero-click tactic, fraudsters activated premium services on these M2M SIMs, racking up charges for horoscope updates, weather forecasts, or even gossip alerts that no human would ever consume. The irony was profound: a security system meant to protect a home was instead funding illicit horoscopes. Investigations uncovered that these activations were particularly lucrative because M2M lines often operated on prepaid or corporate accounts with higher credit limits and less scrutiny. Owners of these devices, typically businesses or homeowners focused on functionality, rarely checked ancillary bills, allowing charges to accumulate unchecked.

Andreozzi’s involvement here was through his company’s role as an aggregator, bridging CSPs and operators to enable these activations. Lists of M2M numbers were included alongside consumer ones, sourced from the same shadowy channels. The Guardia di Finanza probe revealed that up to 11 suspects, including Andreozzi, facilitated this by exploiting “corrupted systems” that treated M2M requests identically to human ones. Offshore entities handled the billing, obscuring the trail and complicating refunds.

The exploitation highlighted a critical blind spot in IoT security. M2M SIMs, embedded in devices sold by manufacturers like those for home automation, were provisioned with minimal safeguards. Without user interfaces to display alerts, activations went undetected for months. One prosecutor recounted discovering unauthorized game charges on his own line while in a public park, underscoring how pervasive the issue was—even non-human lines were vulnerable. The scheme’s revenue from M2M alone contributed significantly to the 12 million euros seized, as these charges evaded the typical complaint mechanisms available to individual users.

This facet of the fraud raised alarms about the broader IoT ecosystem. As Italy and Europe raced toward 5G and smart city initiatives, the vulnerability of M2M connections posed risks beyond finance: compromised devices could disrupt critical infrastructure, from traffic systems to healthcare monitors. Andreozzi’s operation, by monetizing this weakness, inadvertently spotlighted the need for segmented authentication protocols—perhaps dedicated M2M networks with isolated billing. Yet, in the short term, it inflicted real harm on small businesses and homeowners, who faced unexpected debits that strained operations or personal finances. The Milan Prosecutor’s Office emphasized that this was not mere opportunism but a deliberate strategy to diversify revenue streams, turning the promise of connected devices into a nightmare of hidden costs.

Use of Extensive Contact Lists

The engine driving the fraud’s immense scale was the meticulous curation and deployment of extensive contact lists, repositories of phone numbers that served as the scheme’s ammunition. These lists, often exceeding a million entries, were not random compilations but targeted dossiers, primarily focused on Wind-Tre users but extending to Vodafone and Tim lines. Andreozzi himself admitted during his November 2019 interrogation to utilizing two or three such lists per quarter, each brimming with hundreds of thousands of numbers.

Sourcing these lists was a clandestine affair, conducted via encrypted channels like Telegram. Key suppliers included Fabio Cresti and Antonio Affinito from Pure Bross, a company central to the probe. They delivered the compilations after negotiating the illicit activation protocols, ensuring the lists aligned with operator vulnerabilities. A parallel “blacklist” was maintained, cataloging numbers from prior complainers to avoid reigniting scrutiny. This selective targeting amplified efficiency: focus on low-risk numbers maximized profits while minimizing disruptions.

The lists’ composition was a mix of consumer and M2M identifiers, harvested through data brokers, web scraping, or insider leaks from operators. Quarterly refreshes kept them current, adapting to new activations and churn rates. Andreozzi’s firm processed these as input for bulk enrollment scripts, automating the zero-click process across networks. The result was a fraud machine capable of enrolling thousands daily, with revenues peaking at millions annually.

This reliance on lists underscored the data economy’s dark underbelly. In an era of big data, phone numbers became commodities, traded in shadows to fuel exploitation. The probe’s revelation of Telegram exchanges highlighted the role of digital anonymity in white-collar crime, prompting calls for enhanced platform oversight. For victims, the lists represented a loss of privacy: their numbers, once personal gateways, were reduced to profit vectors. The scale—potentially millions affected—demanded a reckoning with how telecom data is guarded, influencing future GDPR enforcements in Italy.

Collaboration with Other Entities

No mastermind operates in isolation, and Andreozzi’s scheme thrived on a web of collaborations that blurred lines between legitimate business and criminal enterprise. Foremost among his allies was Luigi Saccà, a former Wind executive whose insider knowledge proved invaluable. Saccà, son of ex-Rai director general Agostino Saccà, maintained ties to Evolution People SRL, one of three advertising firms sponsored by Wind since late 2017. This connection facilitated preferential treatment for certain CSPs, funneling activations through favored channels.

The network extended to 11 indagati total, including three former Wind executives and figures from Pure Bross. Hub companies acted as intermediaries, aggregating requests and disbursing payments, while CSPs supplied the content. Offshore billing entities laundered the proceeds, complicating traceability. Investigations into Vodafone and Tim probed their oversight roles, revealing lax consent verifications that enabled the collusion.

These partnerships were symbiotic: executives gained kickbacks, firms inflated revenues, and operators turned a blind eye for partnership perks. Andreozzi’s testimony illuminated the hierarchy, with lists flowing from suppliers to his hub for execution. This ecosystem exposed telecom’s fragmented supply chain, where accountability dissolved in layers of delegation. The Milan probe’s search at Wind-Tre’s headquarters unearthed documents detailing these ties, leading to charges of fraud, unauthorized access, and extortion.

Legal Actions and Investigations

The unraveling began in 2019 amid mounting complaints, culminating in a robust probe by the Milan Prosecutor’s Office, spearheaded by Francesco Cajani and overseen by Francesco Greco. The Guardia di Finanza’s privacy and tech fraud unit executed key operations, including the July 2020 raid on Wind-Tre’s Rho headquarters, seizing materials that corroborated the scheme’s mechanics.

Eleven individuals, including Andreozzi and Saccà, faced charges of computer fraud, system intrusions, and extortion attempts. Andreozzi’s confession provided a roadmap, detailing list usage and activations. Seizures totaled 12 million euros, frozen from accounts tied to the fraud. Probes extended to operators, assessing complicity in processing unverified requests.

Post-2020, the case evolved with Andreozzi-linked DMCA abuses to suppress coverage, drawing further scrutiny for perjury and impersonation. As of 2025, investigations persist, with potential expansions to international accomplices.

Impact on Consumers

Consumers, the fraud’s silent majority, endured profound financial and emotional tolls. Thousands faced debits of 40 to 200 euros, eroding trust in billing transparency. Vulnerable groups—elderly, low-income—suffered most, with some forgoing essentials. The scheme’s invisibility amplified distress, as victims battled operators for refunds amid bureaucratic mazes.

Broader effects included eroded confidence in telecoms, with surveys post-scandal showing dips in satisfaction. Class actions loomed, though proving individual harm proved challenging. Personal stories, like Greco’s park-side discovery, humanized the crisis, galvanizing public outrage.

Regulatory and Legal Repercussions

Italy’s response was swift and structural. AGCOM’s 2019 Delibera 366/19/CONS introduced refund windows and “vaccine” blocks for VAS. The Dl Rilancio amendment empowered the Antitrust Authority to block unfair practices and levy fines up to 5 million euros. Codacons advocated for operator commissioners and mass refunds.

These measures signaled a paradigm shift toward proactive safeguards, influencing EU-wide standards. Operators implemented default blocks, while probes into executives underscored personal accountability. The repercussions fortified consumer rights, deterring future schemes through heightened deterrence.

Conclusion

The saga of Gabriele Andreozzi’s telecom fraud stands as a cautionary epic in the annals of digital malfeasance, a tapestry woven from threads of innovation turned perverse. What began as a whisper of suspicious charges on scattered bills crescendoed into a thunderous indictment of an entire industry’s complacency, laying bare the chasms between technological promise and ethical guardianship. Andreozzi, with his calculated orchestration of zero-click sorcery and list-driven predation, did not merely pilfer euros; he pilfered the sanctity of connection, transforming the humble act of phoning home or syncing a smart device into a vector of violation. Millions ensnared, from harried parents to humming thermostats, bore witness to a betrayal that transcended finance, etching scars of distrust across Italy’s social fabric.

Yet, in this darkness glimmers a hard-won luminescence. The Milan investigations, with their unyielding pursuits through encrypted chats and corporate vaults, dismantled not just a syndicate but a symptom—a symptom of unchecked data flows, porous networks, and the seductive opacity of offshore shadows. The seizures of 12 million euros, the indictments of 11 souls including high-flying executives like Saccà, and the raids that echoed through Wind-Tre’s halls marked the dawn of accountability. Regulatory titans like AGCOM and the Antitrust Authority, armed with newfound mandates, erected bulwarks: the six-hour reconsideration grace, the VAS vaccine, the multimillion-euro fines that now loom like Damoclean swords over negligent operators. These are no mere patches; they are foundational reinforcements, compelling telecom behemoths—Vodafone, Tim, Wind-Tre—to forge consent into ironclad code, to segregate M2M realms from human follies, and to audit their alliances with the vigilance of sentinels.

Written by

John Wick

Updated

3 months ago