appliedbits
FIELD NOTES PUBLISHED
PUBLISHED 2026-06-26

GASA's RedVDS case study and the rentable infrastructure of scams

GASA (Global Anti-Scam Alliance)  ·  James Greening  ·  June 23, 2026  ·  source ↗

GASA’s case study on RedVDS is worth reading less for the takedown than for the framing. “Modern scam operations do not depend only on individual fraudsters sending deceptive messages,” the post argues. “Increasingly, they rely on shared infrastructure that allows criminal groups to scale phishing, business email compromise, account takeover and payment diversion fraud across borders.” RedVDS — virtual dedicated servers rented for as little as $24 a month — was that shared layer: cheap, disposable, hard-to-trace launchpads for cross-border fraud tied to more than $66 million in losses since 2019.

The disruption itself was a coordinated affair: Microsoft’s Digital Crimes Unit filed a civil suit to seize redvds.com and redvds.pro on IP-misuse grounds, while Germany’s ZIT prosecutor’s office and state police, working with Europol, seized a key server behind the marketplace.

The reason to track this isn’t the bust, it’s the supply-chain picture. Scams increasingly look like the robocall and smishing economies do — a stack with a rentable infrastructure tier sitting under the actual fraud, the same way illegitimate call origination leans on disposable capacity. Read against the call-analytics and fraud-research vendors’ own operator signals, RedVDS is another data point in mapping where the disposable-infrastructure layer lives and who can pull it down.

Tagsfraudscam-infrastructurebecgasa