Author: Bex Bailey
Our 2025 Phishing By Industry Benchmarking Report examines why organizations across Asia face some of the highest levels of cybersecurity risk worldwide.
In fact, Forrester reveals that organizations in Asia Pacific (APAC) experience an average of 3.5 breaches within a 12-month period versus 2.8 globally. Organizations in the region also experience a cumulative cost of US$2.8 million against the global mean of US$2.7 million.
There are numerous factors that contribute to this elevated risk – from rapid, yet incredibly uneven, digital transformation, to an over-reliance on third-party suppliers (who are also undergoing their own digital transformations). Other regions face similar challenges to these: organizations in Africa and South America, for example, also operate within complex maps of digitalization.
However one factor we highlighted in the report is Southeast Asia’s incredibly unique status as “Ground Zero” for cybercrime.
In October 2024, the United Nations Office on Drugs and Crime (UNODC) published a report stating that transnational organized crime in the region is evolving faster than ever before, with cyber-enabled fraud highlighted as one of two areas experiencing intense growth. In fact, the UNODC estimates that victims in East and Southeast Asia have experienced financial losses between US$18 billion and US$37 billion related to cyber-enabled fraud.
Notably, the UNODC also states that a “predominant proportion” of these losses were attributed to scams run by organized crime groups also located in Southeast Asia.
Several countries in Southeast Asia, particularly those in the Mekong, have become a “testing ground” for transnational criminal networks, with Asian crime syndicates diversifying their “business lines” to now include malware, generative AI, and deepfakes into their operations.
In a second report, published in April 2025, the UNODC describes how cyber-enabled fraud and scam centers have reached “industrial scale”. Underpinning these activities are sophisticated and interconnected networks of money launderers, human traffickers, data brokers, and other specialist service providers.
Common Fraud Scams in Southeast Asia
There are several common scams targeting victims in Southeast Asia. All involve socially engineering targets to carry out specific actions – which, in these cases, result in financial payments to cybercriminals.
Business email compromise (including CEO fraud) makes organizations a major target, with cybercriminals posing as trusted third parties to convince victims to transfer funds to fraudulent accounts. Similarly ransomware attacks can result in large paydays for cybercriminals, with organizations paying to regain system access.
Individuals are frequently targeted with a range of attacks from pig butchering and investment or loan scams, to virtual kidnapping and sextortion. A more unusual type of attack involves fake employment, with victims carrying out tasks to earn a flat rate of commission and having to pay their employer to unlock a higher level. These job scams can also be used to harvest sensitive information from victims to further exploit them and, in some cases, use targets as money mules who are asked to process fund transfers using their personal bank accounts.
The screws can then be turned further. All victims of initial attacks – whether business or individuals – can be retargeted for asset recovery scams. Usually aimed at those who have transferred cryptocurrency (normally in loan scams), these attacks charge an upfront fee for help recovering stolen funds. Asset recovery scams can be conducted by the original cybercriminals or the victims’ details are sold to others.
In themselves, these attacks are not unique to the region. What is unique is the intense targeting of victims in Southeast Asia by crime syndicates in the region and the complex transnational infrastructure that lies beneath these cyberattacks.
Cyberattacks Powered by an Unprecedented Criminal Infrastructure
One blog post can’t do justice to the complexity of the transnational criminal network expanding across Southeast Asia. It’s why the UNODC Regional Office for Southeast Asia and the Pacific has published numerous reports and articles analyzing this topic – many that are hundreds of pages long. However, here is an overview of some of the complex systems that underpin cyber-fraud in Southeast Asia.
The UNODC labels Asian crime syndicates as the “definitive market leaders” in cyber-enabled fraud, money laundering, and underground banking globally. In recent years, Asian cybercrime groups have grown rapidly while adapting to – and taking advantage of – changes in political and business environments and gaps in governance and regulations. They have also developed advanced physical and digital infrastructures while pivoting to new business models and technologies.
Washing the Proceeds of Cybercrime
Money laundering is a crucial aspect of fraud-based cybercrime: once a cybercriminal has acquired a victim’s funds, they need to move it into untraceable accounts that they can subsequently access and use within the legitimate financial system. Asian cybercrime syndicates use a web of different laundering techniques – from shell companies and cryptocurrency solutions to unregulated (or underregulated) third-party payment companies, often operating from hotel bedrooms above casinos (set up like trading floors with hundreds of employees facilitating transactions). They can exploit weaknesses in financial systems or utilize cutting-edge technologies that law enforcement are less – or entirely – unfamiliar with. “Laundering-as-a-service” and underground markets have both expanded to wash the proceeds from cybercrime.
Even real estate and luxury assets can be used. In May 2025, a luxury hotel in the Silom area of Bangkok became the center of a money laundering scandal involving two Chinese criminals. The pair are accused of using the purchase of the hotel to launder approximately US$153 million, with the case coming to light due to information from a fraud suspect in Bangkok prison (who reported being defrauded by his former business associates). This case is one of many that signals a shift from traditional bank-led money laundering to more complex investment-based schemes.
For a more in-depth and truly fascinating look at money laundering and cybercrime in Asia, the keynote talk given by investigative journalist Geoff White at KB4-CON Orlando 2025 is now available on demand.
Tracking People Into Scam Centers
Human trafficking is a second major aspect underpinning cybercrime in Southeast Asia. While the cybercriminal stereotype is someone who’s chosen a life of crime (often while wearing a hoodie) – the reality can be vastly different.
Targets are trafficked to so-called scam centers, where they are forced to work between 12 – 20 hours per day. Initially, a person believes they are applying for a legitimate job – whether through a referral from a friend or acquaintance or via an online advert. Consequently, there’s no set profile for victims of this form of trafficking: they can be any age and gender, and many are formally educated and skilled professionals.
The individual may go through several rounds of interviews – each utterly convincing – as well as visit the seemingly legitimate website of their future employer. Once they’ve accepted the job offer, their travel is organized and paid for by the company. Sometimes Visas are organized in advance; at other times, they’re promised once the target has taken up their new role.
Once they land, they are usually met at the airport by a company representative. From here, they are often compelled to cross borders illegally without proper documentation and taken to scam centers. Their passports, other documents and mobile phones are confiscated, and the compounds can be heavily guarded, making it difficult (or impossible) to leave. Individuals are forced to run scams, often needing to hit a daily quota or face punishment (such as electrocution/tasering, food deprivations, or beatings).
These activities have led to the creation of robust, multi-lingual workforces, encompassing hundreds of thousands of trafficked victims and complicit individuals.
Outsourced Skills and Services
As referenced above, different cybercriminals can offer specialist services, such as data brokerage (selling information stolen in other attacks or scraped from online services), and crime-as-a-service marketplaces mean gangs can access anything – from fully templated phishing kits and malware to more data – for the right price.
From Ground Zero to Global Attacks
While the majority of their activities target Southeast Asia, gangs operating in the area are extending their global reach.
In 2023, it was estimated that Americans lost US$3.5 billion to attacks originating from Southeast Asia, while Canadians were estimated to have lost US$350 million.
US authorities have tipped the scamming industry to rival fentanyl as the largest risk posed to the US from Asian criminal networks, warned citizens about the dangers of being trafficked into scam syndicates, and stated that the US is the top target for the criminal networks’ financial crimes.
The response to this growing threat needs to come from government, corporate and personal levels.
The transnational nature of this crime requires a transnational response, with law enforcement working together to identify and bring down syndicates operating across the region. Governments also need to address the loopholes and underregulation that these cybercriminal gangs exploit. Additionally, advice for governments is to offer a proportionate response to those trafficked into cybercrime, often avoiding punishment for these individuals who were forced to take part in these schemes.
Supplementing this, increased awareness of the types of cyberattacks – particularly those that defraud victims – can help people both at home and at work to avoid falling victim to cyber-enabled fraud and other attacks. We explore how organizations can achieve this – and lower phishing click rates – through best-practice cybersecurity training in the 2025 Phishing By Industry Benchmarking Report. Download your copy now to learn more.
