Scam factories: trafficking, slave labour and sophisticated stealing

These compounds operate highly sophisticated scams in various languages, enabling them to target specific markets internationally. UNODC Deputy Regional Representative for Southeast Asia and the Pacific described a scam factory in the Philippines as resembling a technology company, much like they exist in Silicon Valley, with dormitories, workplaces, and a dining area. The workers are not free to leave, however, and many have been tricked into entering the compound through recruitment advertisements and agencies that promise well-paid jobs in Thailand or elsewhere, before transporting the victim across the border, taking their identification documents, and exposing victims to threats, physical punishment, and minimum daily scam successes.

The UNODC regional expert described the compounds, especially those in the Mekong region (bordering Laos, Thailand and Myanmar) as originally operating as casinos, typically used for money laundering the proceeds of criminal activity, including drug, sex, and human trafficking. Mid-pandemic, these casinos transitioned into cyberfraud operations as international travel became impossible.

According to the UN, Indonesian victims of scam factory kidnappings and forced labour found job advertisements on social media to work in a company overseas. Some people were recruited by their relatives, including family members, close friends, and neighbours. The victims are required to work and must achieve certain targets for their wages to be paid. Typically, workers are required to fulfil 16 hours per day.

The targets of these scam syndicates are usually male, aged 18 to 35 years, educated individuals, technology-savvy, and most are from the middle-income families but face limited employment opportunities in their place of origin.

Australia suffers scam losses

Between January 2024 and the end of February 2025, the ACCC’s Scamwatch reports losses of just over $384.2 million. Investment scams far outpaced other types of scams in terms of financial losses caused ($225.7m), followed by romance scams ($29.3m), and phishing ($29m). People most commonly fell victim to email scams, followed by text messages and phone calls. Between 2024 and February 2025, NSW reported 77,239 scams (second to QLD at 53,557).

Both the UNODC and the Center for Strategic & International Studies (CSIS) have pointed to Chinese criminal groups as the major operators in setting up and benefiting from scam factories, having first established casinos in Southeast Asia that attracted international gamblers pre-pandemic. The United States Institute of Peace investigates organised crime in Southeast Asia, and reported that Americans lost $US3.5 billion in 2023 as a result of scams originating in Southeast Asia alone. Both the FBI and US Department of Treasury issued alerts and warnings in late 2023. USIP claimed that cyber scams in Southeast Asia reap more than $43.8 billion yearly, often channelled back into drug manufacturing and trafficking, weapons trading, and funding militias like the Myanmar military junta. The USIP reported in May last year that over 300,000 people are forced to work as scammers in the Mekong region.

Deepfake technology, enabling scammers to disguise themselves as police officers, other authorities, celebrities, or potential romantic partners has been relied upon by scam operations, along with ChatGPT and other large language models (LLMs), which craft scripts that sound more authentic and targeted towards particular victims. These technologies are simple enough for scammers with minimum training to use quickly and easily.

Jasmina Ceic, Partner at Nyman Gibson Miralis, is an expert in cybercrime. She tells LSJ what federal and state laws in Australia enable authorities to investigate and prosecute the operators of these scam factories.

“The Australian cybercrime framework is primarily governed by the Criminal Code Act 1995 (Cth) (Criminal Code), which has universal application throughout all states and territories of Australia,” she says.

Key Commonwealth offences that criminalise cybercrime are contained in Parts 10.6 and 10.7 of the Criminal Code, including:

• Section 474.14 – Using a telecommunications network with intention to commit a serious offence.
• Section 477.1 – Unauthorised access, modification or impairment with intent to commit a serious offence.
• Section 477.2 – Unauthorised modification of data to cause impairment.

In addition to the Criminal Code, there are other federal and state/territory laws relevant or applicable to cyber security. These include:

• Privacy Act 1988 (Cth)
• Crimes Act 1914 (Cth)
• Security of Critical Infrastructure Act 2018 (Cth)
• Telecommunications (Interception and Access) Act 1979 (Cth)
• Corporations Act 2001 (Cth)
• Freedom of Information Act 1982 (Cth)
• Crimes Act 1900 (NSW)
• Surveillance Devices Act 2007 (NSW)

Perpetrators can be punished

Where scam operators in Southeast Asia can be identified, governments can place sanctions, travel bans, and freeze assets on those individuals. In December 2023, the UK, US and Canada combined forces to collectively sanction nine individuals and five entities involved in operating scam factories in Cambodia, Laos and Myanmar. The entities included ZhengHeng Group Co Ltd, Heng He Casino, Pacific Real Estate Management Co., and Golden Sun Sky Entertainment Co., Ltd.

In February 2025, the AFP announced that in alliance with the US and UK, Australia had imposed sanctions on Russian individuals and a cybercriminal infrastructure provider, ZServers, which was responsible for the Medibank Private breach in October 2022. The AFP partners with the Department of Foreign Affairs and Trade (DFAT) and Australian Signals Directorate (ASD), to investigate cyber scams, enabling the Australian government to impose cyber sanctions.

In September 2024, then-Assistant Treasurer Stephen Jones announced the planned Scam Code Act (also known as the Scams Prevention Framework Bill 2024), requiring companies – such as banks, telecommunications companies, and social media platforms – to introduce measures to disrupt financial scams under mandatory industry and company codes. On February 13, 2025, Parliament passed the Scams Prevention Framework Bill 2025, The Bill acts as an amendment to the Competition and Consumer Act 2010, introducing powers for the Minister to designate “regulated sectors” and “regulated entities”, sector-specific codes that may be obligated to implement anti-scam strategies, or trace scams once scam intelligence is received. Businesses failing to comply with obligations could face fines of up to $50 million.

The International Justice Mission (IJM) Australia lauded the news as a significant tool to combat the $2.7 billion yearly scam losses suffered by Australian victims (according to ACCC figures.

Ceic explains that “Australian federal and state laws primarily criminalise behaviour that occurs within Australia. As a result, there is a relatively small number of law enforcement actions associated with scam factories in Australia as frequently scammers are based overseas.” However, there are certain offences under Part 10.7 of the Criminal Code (Divisions 477 and 478) that have extraterritorial application.  Prosecution by Australian law of crimes committed outside Australia is possible where the crime involves conduct both inside and outside Australia; the crime results in harm within Australia; the offender is an Australian citizen, or a corporation incorporated in Australia; and/or the crime is related to another crime that occurred in Australia.

“According to the Australian Government’s 2023–2030 Australian Cyber Security Strategy, Australia will “continue to work with [its] international partners to crack down on cyber criminals, including close collaboration with the Five Eyes and international law enforcement partners via [its] existing network of AFP liaison officers’ and that Australia ‘will continue to advocate for global legal frameworks that effectively combat cybercrime in addition to frameworks that protect human rights, fundamental freedoms and the rule of law. This includes supporting global efforts to adopt and implement the Council of Europe Budapest Convention on cybercrime.”

Avenues to hold traffickers criminally liable

Ceic says, “Australian authorities have a raft of measures available to locate and obtain the release of Australians that are suspected or known to have been trafficked.”

These include:

• Interpol: As noted above, Australia works with Interpol and through this can assist with investigations, sharing intelligence and resources to locate victims of trafficking.
• MLATs: under MLATs, Australian authorities can request assistance from foreign countries to locate and release victims of trafficking. Difficulties can arise when Australia does not have an MLAT with the country where it is suspected that the victim is located.
• The Australian Federal Police launched Operation Firestorm, a global operation targeting organised crime networks scamming Australians, with a particular focus on cyber criminals and human trafficking targets in Southeast Asia and Eastern Europe.  Operation Firestorm is supported by AFP cybercrime liaison officers in Pretoria, London, The Hague, Belgrade and Washington. In South-East Asia, the AFP has 30 permanently-based members who are working with local law enforcement to combat these issues.

“With respect to holding the traffickers criminally liable, Australia criminalised slavery and human trafficking,” Ceic says.

“The offences are contained within section 270 and 271 of the Criminal Code, respectively. The slavery offences have extraterritorial reach, so they apply whether or not the conduct occurred within Australia. The maximum penalty for slavery is 25 years imprisonment and 12 years imprisonment for trafficking.”

Scam factory criminality

Jacob Sarkodee is the CEO of Global Counter-Trafficking Group.  He tells LSJ Online, “we work to strengthen partnerships that disrupt trafficking networks around the world and protect people from exploitation.”

Sarkodee views Australia’s attitude towards trafficking as defensive, where a proactive approach diplomatically, financially, and bilaterally would serve both national interests and international human rights. Presently, Australia’s international counter-slavery measures accord with the National Action Plan to Combat Modern Slavery 2020-25.

“Scam factories are less ‘factories’ and more ‘compounds’. They often have five-metre high razor wire walls, impenetrable security, like prisons, with people locked up in multiple storeys,” he says.

“Australia has multiple mechanisms by which it can support countries facing trafficking, and that’s primarily through bilateral engagement. Many of these countries have laws that criminalise trafficking, but they don’t have the resources to enforce those laws and they’re washing their hands of this responsibility.

“On the whole, Australia is not really using all the incredible assets of public and private sector to cooperate on prevention of trafficked labour. There are ASEAN conventions on slave labour, but nobody is holding countries accountable or coming to the table offering partnerships to work with those countries.”

Not one conviction has occurred for individuals at senior level involved in scam factories. Sarkodee says. “Organised criminals behind these factories also run the drugs trade, and put money into the Australian property market, so we know that we feel the effect beyond direct losses to scams. This is a strategic issue, you need to get in and support vulnerable nations.”