If you have made a phone call in India recently, it is likely you have heard this recorded message: “Careful! If you are getting a video call from the police, customs, the CBI or a judge through an unknown number, don’t be afraid. They might be cybercriminals. Report them on the national cyber helpline number 1930 immediately.”
The message is from the home ministry. The reason why the government is warning Indians about cyberfrauds is because they have exploded exponentially.
From 71 cybercrime complaints registered every day in 2019, the number shot up 87 times in 2024 to 6,175 complaints a day.
Indians lost Rs 11,333 crore to cyberscams in just nine months last year, according to the Indian Cybercrime Coordination Centre, an agency attached to the home ministry. That’s $1.3 billion.
While this number looks mind-boggling, it is just a small fraction of the global cyberscam industry’s estimated annual takings of nearly $40 billion.
At the helm of this industry are Chinese crime syndicates that operate out of Southeast Asia, mainly Cambodia, Myanmar and Laos. They run highly-equipped “scam compounds” staffed with people from across Asia and Africa who are lured with fake job offers. These people are then threatened and forced into scamming people back home by assuming fake online identities as globe-trotting women, bank employees and police officials.
According to a report released by the United States Institute of Peace in May 2024, the annual returns from cyberscams are estimated at $12.5 billion in Cambodia, $15.3 billion in Myanmar, and $10.9 billion in Laos – nearly 40% of the combined GDP of the three countries.
In this special series, we track the full arc of this terrifying story in which even the scamsters are victims. We report on people who lost their lifetime savings to cyberfrauds, as well as the Indians who went to Southeast Asia and were trapped as cyberslaves to carry out these scams. In the final part of the series, we take you to ground zero of the cyberscam industry – the first ever such report in the Indian media.
But first, essential background on how the industry sprung up and evolved – and how Indians became its targets.
The Chinese hand
The story starts in Cambodia, according to Nathan Paul Southern, who works at the Eye Witness Project, a research consultancy that investigates organised crime and corruption.
In the mid-2010s, the country saw a massive influx of Chinese investment as part of the Belt and Road Initiative, a geopolitical strategy aimed at increasing China’s influence across Asia and Africa. This created an opportunity for gambling businesses in China, where online gambling is banned, to move to Cambodia where they opened casinos in cities like Sihanoukville.
Between 2014 and 2019, the number of casinos in Cambodia increased from 57 to 150, according to the United Nations Office on Drugs and Crime.
Chinese crime syndicates linked to online gambling operators also entered the fray, using the high volume of cross-border money transfers in Cambodia’s casinos to launder illicit funds.
In 2019, Cambodia banned online gambling – a setback for the casinos. Months later, the Covid-19 pandemic followed, forcing the casinos to shut down. “Criminal organisations did not have a way to make revenue,” Southern said. “They quickly turned this empty real estate into cyberscam compounds.”
In cities like Sihanoukville, syndicates pay up to a million dollars a month in rent to casinos for running scam centres inside these premises, according to a Cambodian journalist, who spoke on the condition of anonymity.
Many of these compounds, according to extensive reporting in the international media, are owned by oligarchs close to Hun Sen, president of the Cambodian People’s Party, who has been in power since 1979.
This partly explains why the Cambodian government has turned a blind eye to the rise of organised cybercrime in the country, Southern told Scroll. The government initially dismissed reports of trafficking and confinement as mere “labour disputes”. But international pressure forced it to crack down on some of the scam compounds in 2022.
And yet, as we found on the ground, cybercrime still flourishes in Cambodia. More about this in the final part of the series.
Cambodia is not the only Southeast Asian country to succumb to the blood money of cybercrime. Myanmar and Laos have followed in its footsteps.
In 2021, Myanmar witnessed a coup, with the military dislodging a democratically-elected government. Emboldened by these developments, armed groups allied to the military widened their human trafficking and cyberscam rackets in the country’s border towns, according to the United States Institute of Peace.
Scam compounds flourished in Shan state, bordering China, and in Karen state, bordering Thailand. In late 2023, under pressure from the Chinese government, an armed group in Shan cracked down on Chinese cybercriminals and repatriated them to China. As a result, cyberscam operators from Shan were forced to move to Karen state in the south, or to Cambodia and Laos.
Today, Karen is a hotbed of scam compounds where hundreds of Indians have been trafficked since 2022. Historically, the Myanmar military has had little control over the province. It has governed it by proxy, through an ethnic armed group called the Karen Border Guard Force, or BGF, which runs an illicit economy of mining and trade in the province.
Another armed group operating scam compounds in the region is the Democratic Karen Benevolent Army, or DKBA. An official at the Indian Embassy in Yangon said that the DKBA has a fraught relationship with the Myanmar military, unlike the BGF, making the rescues of Indians harder from their territory. Their compounds also report higher instances of assault and torture, the official added.
In Laos, the Golden Triangle Special Economic Zone, an enclave built over 7,000 acres at the intersection of Laos, Myanmar and Thailand, became the hub of cyberscam operations, partly due to its tax incentives, trade benefits and easy regulations.
The enclave was created in 2007 by the Laos government in partnership with a corporate group registered in Hong Kong and owned by Chinese businessman Zhao Wei. Despite facing US sanctions for “drug trafficking, human trafficking, money laundering, bribery, and wildlife trafficking”, Wei has been recipient of several national honours by the Laotian government.
Borders and elites
There is a reason why compounds in Cambodia, Myanmar and Laos came up mostly in regions along the Thailand border. “It is easy to traffic foreign workers into Myanmar, Laos, Cambodia through major hubs like Bangkok,” Jacob Sims, an expert on transnational crime and human rights in Southeast Asia, told Scroll.
“The Myawaddy compounds in Myanmar have all likely been constructed via materials brought over from Thailand,” he added. “Historically, they were also getting their internet and electricity from Thailand.”
Southern said that scam compounds across these three countries are “interconnected and run similarly”. “The bosses of compounds in Laos, Cambodia and Myanmar are on the same Telegram groups,” he said. “They sell and exchange people for the scam operations and discuss services like money laundering.”
In 2023, the UN Human Rights Office estimated that nearly 2.2 lakh people “may be held in situations where they are forced to carry out online scams” in Cambodia and Myanmar. This includes thousands of Indians.
Law enforcement agencies in these countries have been lax in cracking down on these criminal groups because the incentives were stacked in their favour. “Ample evidence suggests that protection of the scamming industry is now of strategic interest to the ruling elites in Myanmar, Cambodia, and other countries in the region due to the industry’s profitability and the nature of state involvement,” said the United States Institute of Peace report.
Targeting Indians
While the scam industry has flourished in Southeast Asia since 2020, India became a target more recently. This is partly because public outrage in China forced Chinese law enforcement to clamp down on cyberscam operations in Southeast Asia. China’s crackdown pushed the syndicates to expand their horizons to other countries, including India.
“What the Chinese have actually said is that these operations need to stop targeting the Chinese back in China,” explained Southern. “So the criminal groups evolved and started targeting English-speaking countries, specifically the US, UK, and also India.”
The shift is evident in the data: cybercrime shot up in India starting 2022.
According to the Indian Cybercrime Coordination Centre, the agency functioning under the home ministry, 45% of the 12 lakh cyberscam complaints registered between January and September 2024 dealt with crimes originating from Southeast Asia.
The most terrifying of these crimes is the ‘digital arrest’ scam, where scammers pose as law enforcement officials over the phone and isolate their victims by putting them under ‘digital arrest’ on the pretext of a fabricated crime. They then demand a huge sum to release them.
Although it only made headlines in India in 2024, this type of scam was used to target Thai citizens as far back as 2022.
Recruiting Indians
To scam Indians, Southeast Asia’s cybercriminals have had to recruit people from India. This has proved to be rather easy. India’s vast English-speaking population, combined with high unemployment levels and lack of quality jobs for educated youth, makes Indians extremely vulnerable to human trafficking.
The syndicates rely on local recruitment agents to lure people to scam compounds with fake jobs, government officials trying to combat Southeast Asia’s cybercriminals told Scroll. “I am surprised by how well [the scamsters] know India’s laws, especially banking and taxation,” an official said, on the condition of anonymity. “The syndicates hire Indian consultants who help them solve problems, like how to launder scam proceeds to their region.”
The official added that individuals connected to the syndicates also travel to India to groom recruiters.
In November 2024, Scroll got in touch with a recruiter working for a scam compound in Laos. He was an Indian man from Delhi who was looking for a “computer operator” for a firm called Unity Services in the Golden Triangle SEZ.
The position came with a monthly pay of Rs 65,000-Rs 70,000 and offered accommodation, meals and “medical coverage”, among other things. The terms and conditions of the job listed a probationary period of one year and proficiency in English.
Recruiters have three distinct methods to trap their victims. First is through social media platforms. The recruiter in Laos posts job openings on Facebook through a front company. He uses fake accounts pretending to be young women and posts in groups meant to connect employers with potential employees, like “Madhya Pradesh Jobs”, “Pune Job Seekers” and “Overseas Jobs Consultancy”. The posts are regularly deleted and new ones are put up.
Once in touch, interested employees are asked to share a minute-long video introduction in English. If they qualify, they must share their passport details, a local ID and a photograph and their educational qualifications. The recruiter shares an offer letter, books the tickets, and the employee has to join within weeks.
The second way is recruiters duping neighbours, friends and acquaintances. Scroll interviewed seven victims in Uttar Pradesh and Kerala who had been rescued after being trapped in compounds in Southeast Asia. All of them personally knew their recruiters, who were their former colleagues, neighbours or school friends.
They were sold on lucrative jobs in Thailand and Malaysia, but were instead transported to notorious casino towns in neighbouring Myanmar and Cambodia.
The third method involves compromised travel agencies. Traditionally, these agencies place their clients in firms across the world, like Canada or West Asia. The compromised agencies advertise quality jobs in Southeast Asia and instead pack away their clients to scam compounds.
For instance, in October 2024, the National Investigation Agency chargesheeted five men for using a firm called Ali International Services in Sarai Julena, Delhi, as a front for a “cyber fraud and human trafficking racket” in Laos, where their victims were forced to target Europeans and Americans through cyber scams.
Embassy rescues
As the volume of online cyberscams soared in India, the country’s embassies in Southeast Asia battled the other end of the crisis: they were besieged with calls seeking their help in rescuing Indians trapped in cyberscam centres.
Between 2022 and 2024, the Indian government rescued 2,358 Indians from scam compounds in Southeast Asia, according to data presented by the Ministry of External Affairs in the Rajya Sabha in November 2024 – 1,091 of them were rescued from Cambodia, 770 from Laos and 497 from Myanmar.
The first Indian embassy to sound a public alarm was the one in Yangon. In an advisory issued in July 2022, it said that it had “observed in the recent past” that technology companies in the “remote eastern border areas of Myanmar” were entrapping Indian workers “on the pretext of potential employment opportunities in the IT sector”.
In September 2022, the embassy in Phnom Penh said that there had been a “gradual increase” in Indians getting trapped by criminal syndicates in Cambodia and forced to commit online fraud, often under “constant physical and mental torture”.
But it was only after the exponential growth in cybercrime in 2024 that New Delhi went into high gear. In May 2024, the home ministry published an alert on “digital arrest” scams which it said were “learnt to be operated by cross-border crime syndicates”. Days later, the I4C chief, Rajesh Kumar, summoned journalists in Delhi and briefed them about India’s latest cybersecurity crisis.
India also brought up the issue in international forums. In July 2024, External Affairs Minister S Jaishankar met U Than Swe, deputy prime minister of Myanmar, on the sidelines of a foreign ministers’ retreat. He tweeted that he had “pressed strongly for the early return of Indians unlawfully detained by cyber scam gangs”.
The same month, while attending an ASEAN forum, Jaishankar said he had taken up the matter with the Laotian Prime Minister and the foreign ministers of Cambodia and Thailand.
In October 2024, Prime Minister Narendra Modi warned about digital arrest scams in a Mann Ki Baat broadcast. “There is no system like digital arrest in the law, this is just a fraud, deceit, it is a lie, a gang of criminals and those who are doing this are enemies of society,” he said.
And yet, New Delhi remains cautious in how it navigates the cybercrime crisis with Southeast Asian countries. According to observers, India’s larger priority in the region is to compete with a dominant Beijing, and is keen to not upset Myanmar, Laos and Cambodia.
On the ground in Cambodia, an Indian official spelt out the dilemma: “While it is not our intention to depict Cambodia in a poor light, we are forced to take all possible steps to prevent young Indians from being trapped in cyber crimes and cheat thousands of other Indian nationals of their hard earned money.”
But the bigger challenge for the Indian government lies at home, not outside. “Unemployment in India is a bit too much,” a young man from Uttar Pradesh told us. He was trafficked to Myanmar, where he was tortured and forced to scam Indians over several months before he managed to escape.
He explained why young people like him were willing to take up risky jobs in Southeast Asia. “My father is getting old and I want to be able to support my family,” he said. “Do you think someone who makes Rs 15,000 a month can survive easily?”
This is the first in a four-part series on Indians being targeted by Southeast Asia’s cybercrime syndicates.
