Tech & AI

Asia’s scam economy runs on trafficked workers, not just code

Cybercrime now accounts for over 30% of recorded offenses across Asia and the South Pacific, driven by USD 40 billion annual fraud industry using AI deepfakes and coerced labor in compounds across Cambodia, Laos, Myanmar and the Philippines.

David ParkLast Updated: June 18, 2026
8 minutes read
Industrial data center workspace with computer terminals and servers in Southeast Asia
Industrial fraud operations scale through networked data centers across Southeast Asia | Illustration: Indoneo

Cybercrime now makes up more than 30% of all recorded offenses across Asia and the South Pacific, according to an Interpol assessment cited in the brief. The surge is driven by industrial-scale scam compounds in Cambodia, Laos, Myanmar and the Philippines, where the regional fraud economy is estimated at nearly USD 40 billion a year. AI-generated deepfakes are now central to the most lucrative attacks.

Behind the fraud statistics sits a labor problem: many scam camps run on trafficked, confined workers. That detail reframes what “cybercrime” actually describes.

The software is only half of the operation. The other half is a person who cannot leave.

Across Cambodia, Laos, Myanmar and the Philippines, organized gangs run what the United Nations has described, in reporting cited in the brief, as scam compounds staffed by trafficked workers — people lured by fake job offers, then confined and forced to run fraud scripts under threat. The fraud is digital. The labor model is closer to a prison. That pairing is what makes the scam economy so hard to shut down: when the software gets blocked, the workers are simply rotated onto the next script.

This is the part of the cybercrime story that the headline numbers tend to bury. Interpol’s latest regional assessment, cited in the brief, frames the threat through prevalence and technology — AI, ransomware, social engineering at scale. All true. But the engine underneath is cheaper and uglier than any algorithm: coerced human labor, rented out to deception at volume.

The fraud runs on coerced labor, not just code

Start with the scale. The regional scam industry generates close to USD 40 billion annually, according to Singapore-linked research cited in the brief — large enough that the fraud infrastructure itself functions as a major illicit industry, not a fringe activity.

What that money buys now is better deception. AI tools that generate deepfake imagery and voice have moved from novelty to standard equipment, used in romance scams, executive-impersonation fraud, and targeted spear phishing. The brief cites a March 2025 case in which a Singapore finance director was tricked into transferring more than USD 499 million after a deepfake Zoom call with fraudsters posing as company chiefs.

Here is the forward implication most coverage misses. A synthetic voice or face does not just fool one victim once. It scales the most expensive part of fraud — building trust — to near-zero marginal cost, which means a single working impersonation model can be pointed at thousands of finance teams at once. Over the next twelve to eighteen months, that economics, not the headline arrest totals, is what will decide whether the scam economy keeps growing.

The pattern points one way: AI lets attackers manufacture trust the way the region once manufactured electronics.

The other big category is extortion. The brief cites more than 135,000 ransomware attacks recorded in 2024, with double-extortion tactics aimed at healthcare, critical infrastructure and large enterprises. These figures are cited in the brief rather than independently verified here, and the underlying Interpol report was not directly accessed — a limit worth keeping in view before treating any single number as settled. The direction of travel, though, is consistent across every category the assessment names.

The fraud is documented. What the numbers do not explain is why four years of warnings have not slowed it.

An industrial supply chain, not a crime wave

The honest way to read this is as a manufacturing story. The same ingredients that scaled factories across Southeast Asia — low-cost labor, cross-border logistics, cheap digital platforms — have been repurposed into production lines for deception. That is why blocking one channel rarely works. The line keeps running.

Law enforcement is the weak link. Agencies in developing countries and small island states across the region face real resource and capacity gaps, which means cross-border operations move slower than the networks they chase. Interpol’s own position, as cited in the brief, is that progress depends less on any single tool than on operational cooperation and information sharing.

Western firms are not bystanders here. Executive-impersonation fraud routed through regional scam infrastructure can target a finance team in Frankfurt or Sydney as easily as one in Singapore. The most effective controls are unglamorous: call-back verification to a known number, multi-factor authentication on privileged accounts, and out-of-band checks on any urgent transfer. The same logic now drives recovery efforts — US investigators recently showed they can trace and freeze scam-linked cryptocurrency across blockchains, closing one of the network’s main off-ramps.

So the prevalence figure tells you the wrong thing first. The story is not that a third of crime moved online. It is that a labor-abuse model and an AI fraud engine have fused into one resilient industry — and the software is still the part that is easiest to fix.

Beyond the headline

The human cost

The hidden labor market behind scam camps matters because the criminal output depends on coercion as much as software. In places where trafficking victims are confined, forced to work, and rotated through fraud scripts, the “cybercrime” label obscures a prison-like operating model that keeps the fraud volume high and the replacement cost of workers low.

The bigger picture

This is less a story about isolated online offending than about industrialized fraud supply chains. The mechanism is the same one that scaled manufacturing across the region: low-cost labor, cross-border logistics, and digital platforms now being repurposed into illicit production lines for deception.

The reach

One mechanism dominates here: executive-impersonation fraud. For multinational finance teams, the implication is a sharper need for payment governance, because a single synthetic voice or video can bypass trust-based approval chains and turn routine treasury operations into a transfer-risk event.

What the next payment cycle demands of you

With deepfake-enabled transfers already costing single firms hundreds of millions, the exposure is operational, not theoretical. Three groups should act before the next quarterly payment run.

  • Finance and treasury teams at multinationals

    Require an out-of-band call-back to a known number for any urgent transfer or supplier bank-detail change — never the contact details in the request itself. Split approval authority so no single person can both initiate and release a payment. Review the Australian Cyber Security Centre’s guidance at the Australian Signals Directorate before your next cycle.

  • Western businesses operating in Southeast Asia

    Map your supply chain and regional partners against the trafficking and forced-labor links the UN has flagged in scam compounds. Check Interpol’s cybercrime and online-scam resources for business advisories within the next 30 days.

  • IT and security leads

    Enforce multi-factor authentication on email and finance tools, lock down meeting-platform access for external guests, and set transaction thresholds that trigger multiple approvers. Put treasury and procurement staff through recurring social-engineering training.

FAQ

How should a business verify an executive payment request?

Require an out-of-band call-back to a known, pre-verified number — never the contact details supplied in the message or call. Split approval authority so one person cannot both initiate and release a transfer. This matters most for urgent cross-border payments and any change to a supplier’s bank details, which are common deepfake-fraud triggers.

What are the immediate steps after a suspected deepfake scam?

Freeze the transfer if it is still possible, then contact the bank’s fraud desk at once. Preserve call logs, screenshots and meeting records as evidence, and report through local cybercrime channels. Treat the event as both a fraud case and a data-security incident, looping in internal IT and legal teams early, since impersonation often signals a wider breach.

How can enterprises reduce overall exposure?

Enforce multi-factor authentication for email and finance tools, restrict meeting-platform access for external guests, and set transaction thresholds requiring multiple approvers. Any vendor payment change should trigger manual verification through a separate channel. Staff handling treasury or procurement should receive recurring social-engineering training, since these roles are the primary targets of executive-impersonation attacks.

Explainer

Deepfake
Synthetic audio, image or video generated by AI to convincingly impersonate a real person. The technology has moved from research labs to off-the-shelf tools cheap enough for criminal use at scale. In fraud, its value is not realism alone but reusability — one working model of a CEO’s face or voice can be aimed at many finance teams in parallel.
Interpol
The International Criminal Police Organization, which coordinates police cooperation across 196 member countries. It does not make arrests itself; it shares intelligence and runs joint operations between national forces. Its Asia and South Pacific Cyberthreat Assessment, cited in the brief, frames scam compounds as a cross-border enforcement problem that no single country can solve alone.
Ransomware
Malicious software that encrypts a victim’s data and demands payment to restore access. Modern operators increasingly use “double extortion,” also stealing data and threatening to leak it. The rise of ransomware-as-a-service — where developers rent their tools to less-skilled affiliates — has turned high-volume extortion into a packaged criminal product rather than a specialist craft.

RELATED STORIES

Packed football stadium at night with fans holding Asian national flags under dramatic lighting
Asia sent a record nine teams to the World Cup. The money came first.

FIFA nearly doubled Asia's direct qualification slots to eight in 2017, years before a single qualifier kicked off, betting that 46% of the world's avid football fans now live in the region.

Data centre server racks with blue LED lighting, Mumbai or Sydney tech hub
Blackstone just raised a quarter of Asia’s entire PE market

The $13.1 billion close beats its hard cap as regional fundraising hits a 12-year low, signaling capital is concentrating with mega-managers, not spreading across Asia.

Jet planes and fuel trucks at a Southeast Asian airport
Southeast Asia’s tourism and medical travel hit by oil shock, eroding competitive edge

A conflict-driven closure of the Strait of Hormuz has sent jet fuel prices in Asia & Oceania to USD 208.79 per barrel as of 27 March 2026, triggering earnings downgrades, capacity cuts, and price increases across Southeast Asia's aviation, tourism, medical travel, gaming, and manufacturing sectors. Indonesia and Malaysia are partly cushioned by commodity revenues, while the Philippines and Thailand face the sharpest exposure.

Flooded industrial area in a coastal city in Southeast Asia
Asia Pacific faces US$450 billion climate loss by 2030, with Western insurers exposed

A new analysis by environmental disclosure nonprofit CDP estimates that extreme weather could generate US$450.5 billion in financial losses for Asia Pacific companies over the short and longer term, with flooding alone accounting for US$285.7 billion of that figure. The findings, drawn from disclosures by 24,731 companies worldwide during the 2023–2024 reporting cycle, show that 44% of 4,584 Asia Pacific firms now classify extreme weather as a financially material risk — compared with 35% of companies globally. The losses are not contained by geography. A substantial share will be transmitted to Western insurers, reinsurers, and pension funds through supply chains and global capital markets. The median expected time horizon for the most severe physical impacts is 2030.

New Delhi financial district at dusk with office towers and construction cranes
India props up South Asia while smaller economies absorb the oil shock

The World Bank forecasts 6.3% regional growth for 2026, but strip India out and the figure drops to 4.0%, leaving Sri Lanka, Maldives, and Bhutan exposed to energy prices and falling remittances.

Rooftop solar panels overlooking industrial port city at dusk, Southeast Asia
Iran war exposed Southeast Asia’s energy trap. Now the exit begins.

The IEA projects Southeast Asia's net energy import bill could reach $250 billion by 2035, up from $90 billion in 2023, but the June 2025 Strait of Hormuz disruption is accelerating a shift toward solar, EVs, and nuclear that governments are now locking into law.

Covered in this article: Southeast Asia East Asia Cambodia Hong Kong Singapore South Korea
David ParkLast Updated: June 18, 2026
8 minutes read
Photo of David Park

David Park

David Park covers technology, artificial intelligence, and science across Asia-Pacific. He tracks the companies, labs, and government programmes building the next generation of hardware, software, and autonomous systems. His reporting connects what is happening in Shenzhen, Taipei, and Seoul to what it means for Western technology policy, supply chains, and competitive position.