Scam centers in the Mekong region: a strategic challenge for the European

[samlot chit]

Scam centers in the Mekong region: a strategic challenge for the European Union

Note de la FRS

Note de la FRS 
Simon Menet: 
May 21, 2026 

:n°14/2026:https://www.frstrategie.org/en/publications/notes/scam-centers-mekong-region-strategic-challenge-european-union-2026

Southeast Asia-based scam centers have emerged as a major transnational criminal industry with direct implications for the European Union (EU). What often appears in Europe as dispersed online fraud cases is increasingly linked to a larger and organized system, becoming as profitable as drug trafficking.

 An estimated 442 billion USD was lost to scams in 2025, according to the annual State of Scams Report by the Global Anti-Scam Alliance (GASA).

Across the Mekong region, large-scale scam compounds, run mostly by Chinese criminals, have developed sophisticated, technology-driven fraud schemes that combine digital tools with a vast trafficked labor force. An estimated 300,000 individuals are currently forced to work in these compounds, often under conditions of coercion, violence, and severe psychological abuse.

 This exploitation underpins a highly scalable and resilient criminal economy capable of targeting victims worldwide. Southeast Asia-based scams cost Americans an estimated 10 billion USD in 2024, marking a 66 percent year-on-year increase,

 while in East and Southeast Asia, the United Nations Office on Drugs and Crime (UNODC) puts annual losses as high as 37 billion USD.

 Scams also represent a broader strategic challenge that affects regional stability, governance, and the balance of external influence in the Indo-Pacific.

The EU has begun to pay more attention to this issue, but its response remains limited, fragmented, and largely reactive compared with that of other actors, including China, the United States, Japan, South Korea, and Australia. A more coherent European approach should treat Mekong scam centers not as a niche law-enforcement issue, but as a cross-cutting challenge involving internal security, digital governance, foreign policy, and human rights.

Understanding the “scam center model”

Scam operations in mainland Southeast Asia can be traced back to the early 2010s, when telecom fraud networks spilled over from mainland China to the northern Myanmar area of Kokang.

 Since then, they have evolved into a complex enterprise of cyber-enabled crime, including investment fraud, kidnapping for ransom, sextortion, and other deceptive practices. The most notorious form, commonly referred to as “pig butchering” or “romance baiting”,

 involves prolonged manipulation of victims through social media or messaging platforms, followed by inducement into fraudulent investment schemes.

What distinguishes this model from ordinary online fraud is its industrial scale, organizational sophistication, and a supporting criminal ecosystem at the juncture of human trafficking and money laundering. Operations are mostly conducted in large, purpose-built compounds, often located in border areas with weak governance or in special economic zones with regulatory exemptions such as the Thmor Da SEZ in Cambodia (see Figure 1 below). These compounds function like corporations, with hierarchical management, specialized teams, and clear divisions of labor.

Figure 1. Satellite imagery of the MDS Thmor Da SEZ, located in Pursat Province, along the Thai-Cambodia border. Established in 2010 and owned by Cambodian tycoon Try Pheap and Chinese investors, this zone first emerged as an illegal logging area, before turning into a massive scam hub, with several compounds. One of them, known as “Pursat 16 Bureau” (菩萨十六局) is reportedly run by Chinese criminals who fled from northern Myanmar and targets Chinese nationals in Europe and in the United States.

Most operations are run by Chinese criminal networks, many originating from the Fujian province, as well as Hong Kong triads and Taiwanese gangs such as Bamboo Union and Celestial Alliance. Their activity relies on a wide range of enablers: administrative facilitators, intermediaries for money laundering, and political and economic elites in host countries for protection. Reported links include Cambodian officials such as Neth Savoeun, Deputy Prime Minister and former National Police Chief, and U.S.-sanctioned Senator Ly Yong Phat,

 members of Thailand’s Bhumjaithai party, and armed groups in Myanmar such as the United Wa State Army (UWSA) and Border Guard Forces.

Corruption and human trafficking are central to sustaining this system.

 An estimated 300,000 individuals are forced to work in scam compounds across the Mekong in conditions that amount to modern slavery.

 Victims are exposed to violence, torture, and, in some cases, killings. One source suggested that 200 people were killed in a single scam compound located in O’Smach at the Thai-Cambodia border.

 The site allegedly hosted 3,000 to 4,000 foreigners, supervised by about 200 Chinese criminals and a handful of Cambodians.

The reach of the scam compounds trafficking networks is global. Interpol recorded victims from nearly 80 countries located in all continents,

 with a majority coming from Asian and African countries (individuals from Kenya, Madagascar, Nigeria, Uganda, Cameroon, Togo, Sierra Leone, etc. are increasingly trafficked, often driven by limited economic opportunities at home). The diversity of nationalities, compounded by uneven consular capabilities and diplomatic reach from home countries, significantly complicates victim support and reintegration.

The scam compound economy is also embedded in money laundering networks.

 Many hubs in Cambodia, Laos, and Myanmar originated in casinos and online gambling operations, which have served as primary conduits for illicit proceeds into the legal economy. Cryptocurrencies now play a central role in these flows. The United States’ forfeiture of nearly 15 billion USD in crypto, allegedly linked to the scam kingpin Chen Zhi 陈志,

 highlights both the scale and impunity of this system.

Technology has further accelerated the expansion of the model. Scam networks massively deploy up-to-date tools ranging from satellite internet systems such as Starlink to generative artificial intelligence.

 Large language models such as ChatGPT are used to personalize social engineering techniques, generating multilingual scripts and refining victim engagement strategies at scale.

 Scam operations also employ automated systems to monitor worker performance, mirroring practices found in legitimate firms.

Some groups have merged fraud into cybercrime activities with near state-level capabilities, including the provision of “malware-as-a-service”, whereby access to malicious software and infrastructure is sold to other criminal actors.

 In 2026, Infoblox and Chong Lua Duo linked an Android banking Trojan affecting victims in at least 20 countries, including Spain, to the K99 Triumph City compound located in Sihanoukville and reportedly tied to U.S.-sanctioned Cambodian senator Kok An.

Why the EU should care about Mekong scams centers

European exposure is growing

European citizens are not peripheral to this threat landscape. Operators in Southeast Asia increasingly target non-Chinese and non-American markets, driven by stronger enforcement pressure from China and the United States and enabled by automated translation and sophisticated social-engineering tools that allow scams to scale across languages. A survey by the International Organization for Migration (IOM) found that Europeans accounted for 14 percent of the targets of Myanmar-based scams.

 Recent crackdowns have also revealed operations focusing on selected EU member states.

 This is consistent with known Telegram channels and groups tailored for German, French, and other national profiles.

European exposure extends beyond fraud losses. Media reporting and field evidence indicate that some Europeans have been trafficked via Thailand into scam compounds through deceptive recruitment schemes. Documented cases include nationals from France, Germany, Italy, and Spain subjected to forced scamming and sexual exploitation.

 Although these cases remain fewer than those involving Asian or African nationals, they highlight the significant consular and social implications for EU member states.

The Mekong: a laboratory for the global scam industry

The Mekong region matters strategically because it functions as an innovation hub for globalized fraud. Criminal actors test methods there, refine payment channels, professionalize laundering systems, and distribute tools that can later be sold or replicated elsewhere through “scam-as-a-service” (SaaS) arrangements.

SaaS functions like a business-to-business marketplace for cybercrime, where instead of selling a product, criminal networks offer complete, ready-to-use systems for committing fraud. Using the dark web and end-to-end encrypted platforms like Telegram, these marketplaces connect vendors that provide phishing kits, stolen data, malware, hacked accounts, evasion tools, and scam guides with buyers looking to run their own operations. One example, depicted below, is the Telegram channel “Tiancheng Guarantee” (天成担保), in which the owner acts as a guarantor by vetting vendors, holding payment in cryptocurrency, and releasing funds only once the buyer confirms delivery (see Figure 2).

There is currently limited evidence directly linking Southeast Asian SaaS systems to European criminal actors, but the broader European market is already exposed to similar service-based scam schemes. In October 2025, for instance, a Europol-led operation involving Austrian, Estonian, and Latvian investigators dismantled a scam-as-a-service network in Latvia that caused at least 5 million EUR of losses across two countries.

 This suggests that the criminal logic emerging in Southeast Asia is not geographically confined and may already be diffusing into Europe.

Figure 2. Screenshot of the Tiancheng Guarantee Telegram channel via TGStat.com displaying what looks like an advertisement for a technical service designed to enable mass SMS-based scams, often referred to as “SMS blasting”. The service is specifically for “collection text message ports” (催收短信口), which are used to send large volumes of text messages, likely for debt collection scams, phishing (smishing), or other fraudulent campaigns.

This evolution matters for European policymakers because criminal fragmentation can push threats closer to home. Criminal groups are rapidly adapting to the often selective and performative crackdowns taking place across mainland Southeast Asia,

 relocating across borders and reorganizing into more flexible structures. While large scam compounds continue to dominate in weak-governance areas like northern Myanmar, criminals are shifting toward smaller and nimble scam cells that resemble Europe’s call centers. Assisted by artificial intelligence, they can target more victims with fewer personnel while operating from discreet locations such as apartments, hotel rooms, or office spaces.

These smaller cells are already a major feature of law enforcement operations across maritime Southeast Asia, including in Malaysia and Indonesia, and similar structures have been identified closer to Europe, notably in Dubai, Ukraine, the Balkans, and Spain. For law enforcement agencies, this represents a major challenge, as these networks are decentralized, highly scalable, and much more difficult to detect and disrupt.

Scam centers as drivers of regional instability

The 2026 State of Southeast Asia survey by the ISEAS Yusof Ishak Institute ranked “global scam operations” as the second most important geopolitical concern in ASEAN, second only to perceptions of the “U.S. leadership under Donald Trump”.

 The issue has also moved to the forefront of domestic politics, as illustrated during Thailand’s February 2026 elections. Far from being a niche criminal phenomenon, scam centers represent a systemic regional challenge with implications for Indo-Pacific stability, and indirectly, for European economic and security interests.

Scams are eroding public trust and reshaping economies across the region. In Cambodia, Prime Minister Hun Manet warned that scam centers are “destroying” the kingdom’s economy.

 With revenues estimated to be the equivalent of as much as 60 percent of Cambodia’s GDP,

 they have become deeply intertwined with the illicit and licit economies altogether. Large compounds provide employment and sustain local livelihoods in areas with few alternatives. Meanwhile, they fuel entrenched corruption, distort the economy, and shatter the business environment.

This entanglement creates a difficult policy dilemma. Crackdowns are necessary, but they can generate economic shocks and social unrest. Numerous protests have followed the closure of scam compounds,

 as contractors and workers are left unpaid and distraught.

Beyond their economic impact, scams centers are actively fueling conflict and instability across Southeast Asia. In Myanmar, they generate significant revenue streams for both ethnic armed groups and the military junta, thereby prolonging the civil war. Scam operations have likewise contributed to escalating tensions along the Thai-Cambodian border.

 In December 2025, the Thai military carried out strikes against compounds in Cambodia, including in O’Smach, claiming that these sites served dual civilian and military purposes. Since then, Thailand has maintained control over several Cambodian border areas and showcased some of these sites to international delegations.

 Bangkok has also intensified legal pressure on prominent figures linked to the ruling Cambodian People’s Party, including through arrest warrants and Interpol Red Notice.

 

These developments are best understood through the lens of “state-embedded transnational organized crime”.

 The involvement, whether direct or permissive, of political elites, government officials, and state agencies enables the protection and expansion of scam operations while constraining effective law enforcement responses. This embeddedness also creates opportunities for geopolitical instrumentalization, blurring the boundary between criminal activity and statecraft.

The ecosystem surrounding scam centers further reinforces this convergence. Financial infrastructures underpinning these operations increasingly intersect with state-linked and transnational illicit networks. The case of the Huione Group, a Cambodian financial institution identified as a major laundering platform for scam proceeds, illustrates this dynamic given its reported links to North Korean cybercriminal networks.

Intensifying security competition in scam governance

Scams are reshaping the regional security architecture. Beijing has elevated scams as a top national security priority since 2021 and has doubled down on law enforcement cooperation with Mekong countries at bilateral and regional levels. The United States launched an interagency Scam Strike Force in November 2025 and has imposed sanctions on numerous entities and individuals, including the transnational criminal organization Prince Group in Cambodia. South Korea, Japan, Australia, and the United Kingdom have also stepped up their engagement through technical and operational support.

Since 2018, China has steadily expanded its law enforcement presence in the Mekong in response to the scam epidemic. This has included frequent high-level visits by the Ministry of Public Security, in particular by Assistant Minister Liu Zhongyi 刘忠义, who played a key role in pushing governments in the region to act. Significantly, he was in Cambodia shortly before the February 2026 crackdown started.

China has also deepened operational cooperation. Joint actions led to the deportation of nearly 60,000 Chinese nationals from Myanmar-based scam compounds between 2023 and 2025.

 In 2025, the MPS has deployed officers in Mae Sot, along the Thai-Myanmar border, as part of trilateral transnational operations. This marked a notable shift from Thailand’s long-standing reluctance to allow Chinese police personnel to operate on its territory.

 Additionally, the MPS has maintained a police presence north of Laos’ Golden Triangle SEZ, as well as in Phnom Penh and reportedly in Sihanoukville through its consulate.

 In 2019, Cambodia and China agreed to establish Beijing’s first police cooperation center abroad to tackle Chinese organized crime. However, the center appears to have shifted in recent years toward transnational repression and control of Chinese diasporas,

 highlighting the risks of extraterritorial surveillance and rule-of-law abuses.

Chinese policing engagement operates through both bilateral channels, such as police attachés, and multilateral frameworks like the Lancang-Mekong Integrated Law Enforcement and Security Cooperation Center (LM-LECC) in Kunming. The latter facilitates intelligence-sharing, warrants, and capacity-building, particularly with Cambodia, Laos, and Myanmar.

While Mekong countries generally welcome Chinese support, they do so selectively and on their own terms. For instance, Cambodia, often described as closely aligned with China, has diversified its partnerships by establishing joint scam task forces with these countries. Moreover, the normalization of China’s police presence has yet to lead to a Chinese-led “community of security”:

 cooperation remains narrowly focused on Chinese national interests, prioritizing the repatriation of Chinese nationals over dismantling the broader scam ecosystem, a dynamic that has generated growing frustration among regional partners.

For the EU, this evolving landscape creates a mixed strategic environment. Competition over regional security influence is intensifying, but space still exists for a credible and complementary European role.

What could the EU do about it?

Over the past two years, the European Union has devoted more attention to scams. The issue has gained visibility within the European External Action Service (EEAS). An action plan on fraud is currently under review. The ESIWA+ project

 has convened workshops across Southeast Asia and facilitated law-enforcement exchanges. In parallel, several member states, especially France, have increased their engagement on scams, notably through regional conferences, bilateral visits, and operational dialogue.

This is an encouraging shift. However, EU efforts remain limited in scale and fragmented across institutions and member states. Given the growing strategic implications of scam centers for Indo-Pacific stability and European security, the EU requires a more coherent and operational response.

Strengthen research and information-sharing

A major challenge lies in developing a clearer and more comprehensive understanding of the scam ecosystem across borders and its growing links with Europe. Substantial research has been produced by the UNODC, the Global Initiative Against Transnational Organized Crime (GI-TOC), the Cyber Scam Monitor, private companies like Infoblox and ChainInfo, independent researchers, and academics. Law enforcement agencies in the Asia Pacific have also developed national datasets and monitoring capabilities.

However, accessible and up-to-date data remain limited on key indicators such as the financial cost of scams, the number of victims trafficked into scam compounds, and the geographical distribution of targets. For example, it is unclear whether the widely cited estimate of 300,000 trafficked workers across the Mekong still holds after the wave of crackdowns in the region. If it does, that would have major implications for assessing both the effectiveness and the sustainability of current enforcement strategies. Similarly, there is growing evidence of scam compounds specifically targeting European countries, as well as cases involving European victims of forced criminality, but the overall picture is incomplete.

Another major limitation is the absence of effective transnational datasets, both within ASEAN and between ASEAN and the EU. Due to jurisdictional constraints, political sensitivities, and the fragmented nature of law enforcement cooperation, regional governments have yet to establish comprehensive cross-border information systems. Although ASEANAPOL is reportedly working towards such an initiative, it remains primarily a coordination platform without the institutional infrastructure required to support large-scale intelligence integration. Interpol provides valuable datasets and communication channels, but access is restricted. An effective information architecture should combine and cross-reference data from law enforcement agencies, civil society organizations (CSOs), international organizations, and private-sector actors. Understanding how scam networks evolve in the Mekong would allow the EU to better anticipate emerging trends, adapt its regulatory and operational responses, and design more effective prevention campaigns.

In the short term, the EU could support agile, targeted, and cost-efficient research initiatives focused on specific aspects of the scam environment. Over time, these efforts could evolve into a broader information fusion center modeled on existing maritime security mechanisms in the Indo-Pacific, notably those based in Singapore, Madagascar, and India. Supported by the EU and selected member states, such a center could bring together European and Asian experts while serving as both a data-sharing and training platform, comparable in some respects to the LM-LECC in Kunming. Bangkok would provide a suitable location, given its logistical centrality in the Indo-Pacific and Thailand’s commitment to countering cyber-enabled fraud.

Improve coordination internally and with partners

A second priority is coordination. Sources consistently point to a lack of coherence in the EU response. Messaging across institutions is not always aligned, coordination among member states remains uneven, and there is no comprehensive overview of ongoing initiatives by the EU and like-minded partners. As a result, it is difficult to identify synergies or connect EU efforts to existing regional frameworks.

Adding to this problem is the EU’s tendency to launch parallel initiatives rather than building on what already exists. New workshops and formats can duplicate work, dilute resources, and limit local ownership. The EU would add greater value by embedding itself or supporting existing structures and by coordinating more closely with partners like South Korea, Japan, and Australia. In this regard, EU support for the Thailand-led global alliance against scams, as well as EU-Thailand workshops on cyber-enabled fraud, represent positive steps forward.

Expand operational capacity-building

Capacity-building efforts need to be accelerated and coordinated. Current responses in the Mekong are hindered by limited intelligence-sharing capabilities and different legal frameworks. Evidence collection remains uneven and complicated. In Myanmar, for example, the military authorities have repeatedly destroyed scam compounds in places such as Myawaddy rather than preserving digital evidence, thereby undermining ongoing investigations by regional partners. At the same time, criminal groups routinely erase or reset digital devices prior to law enforcement raids, which further complicates forensic work.

In this context, European actors have a clear added value. Thai authorities, for instance, currently rely on the FBI for technical support. EU law enforcement agencies and private firms could provide valuable alternatives, particularly in crypto-tracing, digital forensics, financial investigations, and cybercrime analysis. Europol, in particular, is seen as a reference model by Asian partners, including China. Existing mechanisms such as EMPACT

 and Europol’s operational agreements

 could provide useful foundations for deeper engagement. Europol’s existing partnership with ASEANAPOL could also be strengthened, especially as ASEANAPOL works to harmonize the regional response to scams.

EU-ASEAN cooperation on scams should be understood as a two-way street. The EU can contribute expertise, tools, and institutional experience to Southeast Asian partners. At the same time, these countries bring a wealth of knowledge of criminal networks, institutional settings, and operational responses. Singapore is one of the most advanced nations globally, with its Anti-Scam Center (ASC), dedicated legislations like the Online Criminal Harms Act and the Protection from Scams Act, and innovative prevention tools such as the ScamShield App and Scam Me If You Can quiz. Established in 2019 under the Singapore Police Force, the ASC coordinates public- and private-sector actors in real-time and has inspired similar initiatives elsewhere in the region, including Thailand’s Anti Cyber Scam Center (ACSC).

Where bilateral cooperation is politically sensitive, a subregional Mekong framework could provide a more neutral and effective entry point. A Mekong-wide capacity-building initiative could help develop a network of competent, trusted, and responsive officers across Myanmar, Cambodia, and Laos, while also creating a more sustainable platform for regional cooperation.

Apply political and legal pressure when needed

Political pressure matters and the EU is currently underutilizing this lever. Recent crackdowns in countries such as Cambodia have largely been driven by coordinated pressure from major actors, particularly China and the United States. A key turning point was the joint U.S.-U.K. sanctions against Prince Group and indictment targeting the Chinese-Cambodian tycoon Chen Zhi. These measures were subsequently reinforced by asset seizures and legal actions undertaken by Japan, South Korea, Taiwan, and Singapore, before culminating in China’s successful extradition request.

The EU has not demonstrated the same level of coordinated action, despite the fact that key suspects reportedly held a Cypriot passport. This highlights a broader gap in the EU’s use of sanctions, legal tools, and diplomatic pressure against actors linked to the scam economy.

Support civil society and investigative actors

Much of the most valuable intelligence on scam operations comes from CSOs, investigative journalists, and independent researchers. In Cambodia, outlets such as the Mekong Independent play a critical role in exposing scam networks, often with limited financial and institutional support. Similarly, organizations like EOS Collective and Blue Dragon provide essential assistance to victims rescued from scam compounds, while also documenting trafficking patterns and criminal structures.

These actors are, however, under growing financial and operational strain following cuts in donor support and increased political pressure. Supporting them is therefore not only a human rights imperative, but also a strategic investment.

Conclusion

Scam centers in the Mekong region are no longer a peripheral concern for the European Union. They are part of a rapidly evolving criminal system that targets Europeans, exploits vulnerable workers, destabilizes partner countries, and reshapes security cooperation across the Indo-Pacific. In doing so, they sit at the intersection of cybercrime, human trafficking, corruption, illicit finance, conflict dynamics, and geopolitical influence.

The EU does not need to replicate the approaches of China or the United States to become relevant. But it does need a more coherent strategy: one that improves knowledge production, strengthens coordination, expands technical and operational cooperation, applies targeted pressure on key enablers, and protects the civil society actors who make accountability and victim support possible. Without such a shift, European engagement will remain reactive, while the scam economy continues to adapt faster than the policies designed to confront it.