Southeast Asian cyber-fraud industry ‘outpacing’ law enforcement with new tools: UN

Transnational criminal groups in Southeast Asia are incorporating new tools like artificial intelligence and deepfake technology to expand their cyber fraud capabilities, the United Nations Office on Drugs and Crime said Monday. 

In an expansive report on the evolution of the region’s cyber scamming industry, the agency warned that despite increased media attention and high-profile enforcement actions over the last year, organized criminal groups have relocated operations as needed and adapted to technological advances. All the while, a “crime-as-a-service” ecosystem has popped up catering to the needs of fraudsters in Southeast Asia.  

“It is now increasingly clear that a potentially irreversible displacement and spillover has taken place in which organized crime [groups] are able to pick, choose, and move value and jurisdictions as needed, with the resulting situation rapidly outpacing the capacity of governments to contain it,” the U.N. said. 

The so-called scam compounds are typically found along the border areas of Cambodia, Myanmar and Laos and rely on a workforce of forced laborers duped into accepting jobs overseas. While the Southeast Asian fraud industry is most well-known for carrying out pig butchering scams — in which victims are groomed on social media and tricked into sending money or making fraudulent investments — it is increasingly dabbling in other techniques and relying on marketplaces selling services that facilitate cybercrime.

“This has meant that criminals no longer have to handle their own money laundering, code malware or steal sensitive personal information to profile potential victims or obtain initial access for their attacks themselves — instead, these key components can be purchased in underground markets and forums, and often at very accessible prices,” the U.N. said. 

According to the authors, “strong evidence” shows data markets moving to Telegram and explicitly targeting Southeast Asian criminal groups, buttressed by the explosion in infostealing malware. The personal information on offer can be used to bypass “know your customer” money laundering controls, and to carry out business email compromise (BEC) and impersonation scams. 

Biometric data is also on offer, which can be used for deepfake scams, which according to the agency are becoming more and more common throughout Asia.

Also of concern is the use of cryptocurrency “drainers” and other sophisticated malware that can empty wallets without the need for the time-intensive social engineering involved in other scams.

“Concerningly, there is a growing indication of the malware-as-a-service model being integrated into criminal operations based in more vulnerable and remote parts of Southeast Asia, and particularly the Mekong region,” they wrote. 

The researchers even found potential links between a cluster of banking trojans, previously dubbed GoldDigger and attributed to a threat actor named GoldFactory by the cybersecurity firm Group-IB, and scam operations in Southeast Asia. 

“There is some indication that local criminals or victims of trafficking for forced criminality from Southeast Asian countries are also involved, evidenced by instances of phone calls made to victims from 'customer support' in which operators are proficient in the native language used in the targeted country,” they said. 

Earlier this year, the United States Institute of Peace estimated that scamming syndicates in the region are netting some $64 billion each year worldwide, although researchers admit that it is challenging to know the full scale of operations. 

In their report on Monday, the UNODC estimated that in East and Southeast Asia alone victims lost between $18 billion and $37 billion in 2023 from cyber-enabled fraud.