Written by: Natalie Grace Sierra Adi Staff of Research and Development

Just as we use AI to make life a little easier, like asking it for directions, planning our day, or even just chatting, criminals are using it too, but for all the wrong reasons. A few years ago, most online scams came as suspicious messages with fake invoices or urgent pleas from impersonated accounts. Nowadays, there are many highly organized, industrial-scale scam operations run out of guarded compounds, not just individuals. Although people with lower cyber literacy have been the “easy” targets of online scams, AI has the potential to change this trend by creating more convincing schemes that even the tech-savvy would hardly tell. Deepfakes and voice cloning can imitate the images and voices of someone you know closely. These same technologies can mimic official-looking documents, government templates, or recreate signatures on client projects.

Image 1. Illustration of Cyber Technology

What’s happening in Southeast Asia is an example of how AI is being used to systematize exploitation on a massive scale. Special Economic Zones in countries like Cambodia and Myanmar, especially the Golden Triangle SEZ, have become hotspots for scam syndicates due to weak regulation and limited financial oversight. These areas have long been linked to transnational opium and narcotics networks, and now they’re also used to run cyber scam compounds that exploit trafficked labor and AI tools to run online scams by generating fake identities, cloned voices, and phishing messages to deceive their victims. The United Nations Office on Drugs and Crime reports a 600% increase in AI-generated deepfake content linked to online scams within the region. This number tells us that a certain system is growing, spreading, and adapting (UNODC, 2024).

What Happens in ASEAN Doesn’t Stay in ASEAN
The reason why this issue matters is that this isn’t just a Southeast Asian problem. The scam industry may be concentrated in SEA, but its impact doesn’t stop at the regional level. Crackdowns have exposed scam centres and trafficking rings tied to Southeast Asian operations in countries like Peru, Montenegro, the UAE, and Namibia (GI-TOC, 2025). Asian-led scam centers have also been found operating in Africa, South Asia, the Middle East, and several Pacific Islands. Additionally, money laundering, forced labor, and trafficking rings have been identified in countries across Europe, North America, and South America (Peck, 2025).

Many of these scam operations can be traced back to Chinese-speaking communities located across Asia, especially those that migrated to SEA after Beijing’s 2000s-era crackdown on domestic gambling. These networks have since evolved into transnational crime syndicates that capitalize on lawless border zones, corruptible local authorities, and low state capacity, especially in Cambodia and Myanmar.

Criminals Love AI, and They’re Making Billions
The leverage of AI has become a trend in cyber crimes because it helps criminals run scams faster in larger numbers, especially since AI can create automated phishing attacks (Arif et al., 2024; Ratnawita, 2025). This makes it much easier for criminals to deceive people and much harder for authorities to catch the scams. On top of that, it’s often difficult to track who’s actually behind the attack, since the criminals can hide their identities using tools like firewalls, VPNs, or fake IP addresses. Their operations are also platform-based; major organized crime groups exploit under-regulated online gambling platforms and virtual asset service providers (VASPs) to move billions of stolen dollars into the financial system via underground banking systems and cryptocurrencies.

A UN report estimates that over $37 billion was lost in 2023 to AI-driven romance and investment scams originating in the region (Herzlich, 2025). Ironically, countries most affected, those with strong economies like Singapore and Malaysia, also face the largest financial losses. Malaysia lost RM 1.3 billion (US$277.4 million) through online scams, while Singapore’s losses reached SG$652 million (US$489 million), both in 2023. Of course, this is far from unintentional. Crime syndicates deliberately target wealthier nations with large online populations for maximum financial gain, while choosing to operate in places like Cambodia and Myanmar, where law enforcement is weak.

What’s Really Letting These Centres Survive
Then why are these centres still standing? A big part of the answer lies in state failure. Local authorities in the Mekong region are either under-resourced, complicit, or both. There’s little political incentive to go after networks that often have deep ties to military elites, border forces, or corrupt officials. In some cases, local officials benefit financially from allowing these operations to continue. Numerous investigations by Humanity Research Consultancy have linked Cambodian politicians to criminal networks running crypto-fueled scam operations. They allegedly profit directly from these networks that are part of a $19 billion industry built on trafficked labour, fraud compounds, and platforms like Huione Guarantee (Vismaya, 2025).

These centres operate with impunity partly because they hide behind legitimate-looking businesses. Buildings used as scam compounds often follow a recognizable pattern, namely repurposed casinos, villas, or hotels, sometimes located in remote areas, and other times shielded in urban settings by local elites and security forces. Casinos and nightclubs function as both physical cover and money-laundering fronts. The scam operations continue undetected or unpunished, while the people forced to run them remain invisible to the legal system.

Image 1. Schematic of A Scam Compound
Source: GI-TOC

Another reason these scam centres are so hard to shut down is their mobility. A UNODC Representative for Southeast Asia and the Pacific, Benedikt Hofmann, put it bluntly: “It spreads like cancer. Authorities treat it in one area, but the roots never disappear; they simply migrate” (Mcpherson, 2025). He’s not wrong. Whenever one operation gets busted, their entire setup simply crosses into the next country. This kind of cross-border mobility is a defining trait of SEA’s cybercrime networks. In some cases, moves are triggered by external factors, like law enforcement crackdowns or political changes. When Cambodia banned online gambling in 2019 and later launched raids in Sihanoukville in 2022, many of these operations packed up and left the area. Some relocated to other parts of Cambodia, while others moved into Myanmar and Lao PDR, before slowly trickling back once the pressure eased (UNODC, 2025).

What Happens to Victims of Human Trafficking as Scammers
Many of the people working inside scam centres didn’t choose to be there. Most of these trafficking victims come from developing countries where many young people are desperate for work and are trying to support their families. Crime syndicates try to exploit this vulnerability and lure them in with promises of financial security by offering seemingly legitimate overseas work opportunities. Once they arrive, they’re forced to scam others under threats of violence and confinement. Syndicates treat these individuals as disposable labour. They would isolate them from the outside world, give them scam quotas, and the workers would often endure inhumane conditions, including constant psychological abuse.

In some compounds, women and LGBTQIA+ individuals face even more brutal abuse. Survivors have reported sexual violence by high-ranking figures known as “big bosses”. One Vietnamese trans woman rescued from O’Smach in Cambodia recalled being targeted specifically because of her gender identity. Female workers assigned to impersonate “models” in online scams are frequently forced to engage in explicit video calls with targets, and in some cases, these include sexual interactions. Women who underperform or owe debts to the syndicate are coerced into sexual exploitation. Many compounds also run entertainment spaces that profit off women by “offering” them to criminal bosses, clients, or even fellow workers.

To make matters worse, when authorities conduct raids, they often treat trafficked workers as criminals instead of protecting them. Many governments in SEA still fail to distinguish victims from perpetrators properly. Ideally, this is where ASEAN could play a stronger role in setting common standards for the region’s main intergovernmental body. Yet to this day, there is no binding non-punishment clause in any ASEAN declaration, working group agreement, or even its own Trafficking in Persons (TIP) instruments. This means that, on paper, ASEAN acknowledges the existence of trafficking. But in practice, it still allows victims to be treated like offenders. Many are thrown into detention centers as if they masterminded the entire operation. In Laos’ Golden Triangle SEZ, the International Justice Mission (IJM) has urged their government to implement a victim identification process so that they won’t be mistaken as criminals. Without a clear non-punishment clause in ASEAN or national anti-trafficking laws, these workers may face jail time, fines, or deportation for crimes committed under duress.

ASEAN Has No Legal Defense
SEA is facing an AI-assisted cybercrime crisis with no collective strategy to fight back. Because these crimes are transnational, they require a coordinated regional response. ASEAN, as the primary regional organization that brings Southeast Asian states together, is in a position to lead such efforts. But so far, neither ASEAN nor its member states has developed a clear legal or institutional response to AI-enabled threats. There is currently no ASEAN-level framework that specifically addresses the role of AI in cybercrime. Key regional documents such as the ASEAN Cybersecurity Cooperation Strategy remain non-binding. None of them seriously account for the scale, speed, and sophistication brought by AI.

 In contrast, countries like France and Canada are already adapting their laws. France passed the LOPMI law in January 2023, which allows prosecutors to hold tech platform operators, such as Telegram’s CEO, criminally liable if their platforms facilitate organized crime or illegal transactions. France also amended its Penal Code in May 2024 to criminalize the distribution of AI-generated content that mimics someone’s image or voice without consent, with penalties including a maximum of 10-year sentence and a 500,000 euro ($556,300) fine. Meanwhile, Canada is advancing the Artificial Intelligence and Data Act (AIDA) under Bill C‑27, which creates specific criminal offenses for using AI to cause harm or defraud the public.

These developments show that legal action can begin, yet ASEAN has no equivalent policies or regulations addressing AI’s role in cybercrime. Countries like Singapore have started conversations about AI governance in general, but most member states have not passed laws that address AI’s use in criminal operations, let alone its use in trafficking or scam centres. This legal gap has allowed transnational criminal groups to operate with almost no resistance. Many developing countries in ASEAN lack the technical expertise, cyber infrastructure, and resources to properly regulate AI-related threats. ASEAN’s long-standing principle of non-interference discourages collective pressure or intervention, even in the face of cross-border cybercrime. Its consensus-based approach and non-binding declarations make it difficult to coordinate a strong regional response. As a result, regional action is often delayed, watered down, or completely absent.

Conclusion
Cybersecurity experts across the region have called for a more aggressive adoption of AI into public safety and security sectors. In theory, AI could also be used as a counter to help detect deepfakes, trace scam patterns, and identify criminal networks faster than traditional surveillance methods. However, without legal mandates, resource allocation, or cross-border coordination, these solutions remain theoretical. Until SEA countries and ASEAN treat AI-enabled crime as a regional security threat, the current frameworks will continue to fall short. Crime networks will only get smarter and harder to stop.

Given Indonesia’s position as one of the “driving seats” in ASEAN, Jakarta should step up by turning its leadership into concrete action. Indonesia needs to push for AI-based cybercrime discussions at the ASEAN level, invest in local digital forensics capacity, and work closely with frontline states like Cambodia, Laos, and Thailand. If Indonesia stays passive, its own citizens will also become vulnerable to these scams while failing to utilize its strategic role in ASEAN.

References
Arif, A., et al. (2024, Oktober 1). An overview of cyber threats generated by AI. International Journal of Multidisciplinary Sciences and Arts, 3(4). Retrieved from https://doi.org/10.47709/ijmdsa 

Chambers and Partners. (2025, May 22). Artificial Intelligence 2025. Retrieved from https://practiceguides.chambers.com/practice-guides/artificial-intelligence-2025/france

Global Initiative Against Transational Organized Crime. (2025, May 29). Compound Crime: Cyber Scam Operations in Southeast Asia. https://globalinitiative.net/analysis/compound-crime-cyber-scam-operations-in-southeast-asia/ 

Herzlich, T. (2024, Oktober 7). Southeast Asia cyber scammers stole $37B in 2023 as AI-driven crimes soar: UN report. New York Post. Retrieved from https://nypost.com/2024/10/07/business/southeast-asia-scammers-stole-up-to-37b-last-year-report/ 

ISED Canada. (n.d.). The Artificial Intelligence and Data Act (AIDA) – Companion document. Retrieved from https://ised-isde.canada.ca/site/innovation-better-canada/en/artificial-intelligence-and-data-act-aida-companion-document

Mcpherson, P. (2025, April 22). Billion-dollar cyberscam Industry Spreading Globally: Says UN. Reuters. Retrieved from https://www.reuters.com/world/china/cancer-billion-dollar-cyberscam-industry-spreading-globally-un-2025-04-21/ 

Peck, G. (2025, April 21). UN researchers warn that Asian scam operations are spreading Across the rest of the world. AP News. Retrieved from https://apnews.com/article/asian-scam-operations-cybercime-fraud-united-nations-494b1832f330d6a9690b083411809f93 

Ratnawita. (2025, February). Cybersecurity in the AI Era Measures Deepfake Threats and Artificial Intelligence-Based Attacks. Journal of The American Institute. Retrieved from https://doi.org/10.71364/s3emxx77 

Southeast Asia Public Policy Institute. (2024, March 20). Policy State of Play – Online fraud in Southeast Asia. Retrieved from https://seapublicpolicy.org/work/policy-state-of-play-online-fraud-in-southeast-asia/ 

United Nations Office on Drugs and Crime. (2024, October 7). Billion-dollar cyberfraud industry expands in Southeast Asia as criminals adopt new technologies. Retrieved from https://www.unodc.org/roseap/en/2024/10/cyberfraud-industry-expands-southeast-asia/story.html 

United Nations Office on Drugs and Crime. (2025, April). Inflection Point: Global Implications of Scam Centres, Underground Banking and Illicit Online Marketplaces in Southeast Asia. Retrieved from https://www.unodc.org/roseap/uploads/documents/Publications/2025/Inflection_Point_2025.pdf 

V., Vismaya. (2025, May 27). Cambodia’s $19 Billion Financial Scam Empire Fueled by Crypto, Says Watchdog Group. Decrypt. Retrieved from https://decrypt.co/322106/cambodias-19-billion-financial-scam-empire-fueled-by-crypto-says-watchdog-group