Just three months into 2026, national governments, private sector actors, and law enforcement agencies are undertaking significant efforts to step up the fight against online scams. In January, Cambodia extradited the head of Prince Group, Chen Zhi, to China to face prosecution for his criminal activities. In February, the UK rolled out a collaborative initiative with Microsoft and other tech companies to establish a deepfake detection and evaluation framework. In March, U.S. President Trump’s Executive Order on Combatting Cybercrime, Fraud, and Predatory Schemes Against American Citizens laid out a clear set of activities to prosecute criminals involved in cyber-enabled fraud, provide restoration for victims, and partner internationally on enforcement. Just days after the announcement, the Thai Royal Police — in collaboration with the United States, Canada, nine other countries, and Meta — closed down 150,000 false online profiles and arrested 21 people for running online scam operations.
These are just a few of the headlines that show the momentum for countering online scams, but they highlight the need for clear, coordinated responses to a rapidly evolving situation. The transnational organized crime organizations running scams show flexibility, shifting operations to new locations or diffusing into smaller remote cells in response to crackdowns. Sudden crackdowns, such as in Cambodia, leave thousands of trafficked workers stranded, vulnerable to being re-trafficked, and risk the loss of valuable human intel into how scam centers operate. Moreover, criminal organizations increasingly adopt new technologies in ways that often outpace regulation.
On March 2-3, 2026, the Stimson Center’s Cyber and Southeast Asia programs brought together more than 20 experts from the private sector, civil society, academia, international organizations, and government to identify specific ways that legal frameworks can be utilized or updated to counter cyber-enabled fraud and scams. This workshop wrapped up nearly two years of online dialogue among participants from more than 10 countries and from communities working to counter scams through the lenses of trafficking-in-persons, cybercrime, and money laundering and other financial crimes. Allison Pytlak and Courtney Weatherby co-led the dialogue and deep-dive analysis, while Kathleen Scoggin and Steve Ross helped run interactive discussions and collect key takeaways.
Workshop Takeaways
While many sector-specific suggestions and insights emerged around individual legal frameworks on trafficking, cybercrime, and financial crimes, some themes were cross-cutting and came up in almost every discussion:
- Scams are not isolated crimes, but rather sophisticated and criminal money-making business models developed as part of a market ecosystem. Countering them thus requires a systematic and strategic approach. Cyber-enabled fraud is often treated socially as a one-off incident of an individual being scammed and legally as a unique criminal instance, but these individual crimes are part of much more complex web of criminal activity. Individual scams are often perpetrated by people who are themselves victims of trafficking, trapped in scam compounds, and forced to commit cybercrimes on an industrial scale. There is an entire ecosystem of digital tools, many enabled by artificial intelligence, to increase efficiencies and scale up scam outreach, track targets across multiple platforms, provide near real-time translation, and monitor a workforce of trafficking victims. Understanding the scale of the problem and the range of actors involved and sharing information across silos are necessary for building effective legal cases against an increasingly professionalized set of criminals operating a complex and tech-driven business enterprise. Doing so requires a structured, strategic, coordinated, and well-resourced response that considers crimes at a systematic scale and through multiple lenses.
- Enforcement without disruption of the overall criminal organizations and processes is not effective, as the human and technological infrastructures that underpin the fraud industry can simply relocate. The recent crackdowns in Myanmar and Cambodia have had real impact on specific physical scam compounds, but despite some high-profile arrests, the kingpins and middle managers have often moved quickly and adapted to protect their core business model. Existing enterprises have shifted among new and existing localities in Laos, Cambodia, and Myanmar, and to countries outside the region. The business model is evolving to include smaller, distributed cells of actors as well as physically identifiable large compounds. Future investigations and enforcement actions should aim towards senior leadership in order to disrupt the organizations overall.
- While legal frameworks are intended to be complementary, some are in tension with one another when it comes to implementation. Cyber-scams include a multitude of criminal activities, but investigators and prosecutors often focus on one aspect of the crime when building a case due to resourcing, expertise silos, and incentive structures. For instance, leveraging cybercrime laws to prosecute individuals associated with scam compounds often means that the non-punishment principle, which is core to anti-trafficking frameworks, is not observed.
- Effective legal frameworks exist across different vectors of the scam lifecycle — trafficking of workers, cybercrime involved with the act of online fraud, as well as the laundering of illegally acquired funds. The core issue is not a lack of laws or legal frameworks but rather the constraints on effective implementation and enforcement. Major challenges identified fell into one of a few categories:
- Resource constraints. For trafficking, law enforcement agencies often have insufficient resourcing and training for officers to appropriately screen scam compound workers to identify trafficking victims. Similarly, digital forensics and tracing of funds across numerous bank accounts, cryptocurrencies, and other investments to build legal cases on cyber or financial crimes require technical expertise and significant work hours. Such activities are expensive and require more human and time resources than most countries in Southeast Asia currently have available.
- Limited prosecutorial attention or bandwidth to pursue complex cases against key actors when multiple factors of criminality are involved. In many cases, even when there was a trafficking victim identified or a clear instance of fraud, there was no coordination on how that single instance of criminal activity ties into a broader criminal network, or on tracing the funds to identify the actual beneficiaries of illicit activities. A willingness to break out of silos and the resourcing to work across multiple vectors of crime and investigation across multiple cases are key to disrupting networks of actors.
- Incentives on the ground are misaligned and can be implemented in ways that protect bad actors. In many cases, laws exist on paper. But when there is elite capture by transnational organized crime, implementation of laws often targets small-scale actors — for instance, money mule account owners or trafficking recruiters — and not the ultimate beneficiaries and drivers of scam operations. These dynamics allow for some targeted disruption of cyber scams even as scams continue to proliferate, and key organizations simply adapt and move.
- Harmonization of laws, criteria, and indicators across national borders is crucial to support collaboration on countering scams. There are significant disparities between cybercrime laws of ASEAN member states and other countries affected by cyber-enabled fraud and scams. This has created a patchwork that hinders cross-border cooperation and generates loopholes that can be exploited by cyber criminals. Relatedly, there are disparities in how a cybercrime or a cyber-enabled crime is defined across jurisdictions, or in the criteria for someone to be defined as a trafficking victim in different localities. Harmonizing laws across ASEAN countries has been encouraged but is challenging due in part to cultural differences that lead to a variation in the types of law and constitutions in each country.
- As the scam industry scales up, a holistic approach to prevention is necessary. Law enforcement is, of necessity, reactive to a crime that has already occurred. With the rapidly increasing scale and complexity of scam operations and other cybercrimes, improving collaboration between law enforcement agencies and relevant private sector actors to leverage technological innovation to prevent scams and foster collaboration across countries and sectors to disrupt scam activities will be key.
Next Steps
The threat of online scams is evolving rapidly, and many countries are currently reviewing and updating laws, policies, and responses to cybercrime and online scams. Drawing on insights from our virtual roundtables and in-person workshop in Bangkok, the Cyber and Southeast Asia teams will over the next two months publish summary analysis on the cross-cutting themes discussed above, as well as sector-specific gaps in existing legal frameworks and potential recommendations.
Click Here For The Original Source.
