Online scams are a huge business. More than that, they have become a full industry with sophisticated supply chains of services, equipment and labor. Key groups in this sector also have direct connections to nations such as Russia, China and North Korea. What has long seemed just a lot of low-level crime has grown into a global, geopolitical problem.
You are still your own best defense against losing money to online scammers, but the volume and sophistication of attacks are only increasing. Governments must do more to help defend their people, companies and institutions.
Cybercrime is a national security issue, and the entire system from major hacking attacks to everyday phishing should be taken as seriously as drug trafficking or terrorist financing.
Illustration: Mountain People
To be fair, the problems have not been completely ignored, but national efforts have tended to focus on large-scale and direct ransomware attacks on states themselves, or their biggest services, such as healthcare.
However, these are just the tip of a massive iceberg.
Worldwide losses are hard to track, but potentially huge. The Global Anti-Scam Alliance, a group formed of technology and finance companies as well as specialist consultants, estimates that in the past couple of years consumers collectively have lost more than US$1 trillion each year to scammers. That is the same as Switzerland’s GDP.
“The amounts being lost and the harm being done grows every year,” alliance managing director Jorij Abraham tells me. “The proceeds are used to fund other types of crime but also are reinvested in better technologies to improve the scam, using for example AI [artificial intelligence], or to increase the reach of the scam, with marketing budgets of millions being used to advertise scams.”
The Google Threat Intelligence Group, part of Alphabet Inc, reported on the links between cybercriminal groups and state interests for this month’s Munich Security Conference. Some state-sponsored groups have crime as a sideline to supplement their budgets and some crime organizations are used by government on a casual basis for specific, larger-scale attacks, data thefts or espionage. All are part of the same underground industry.
In the past few years, Abraham says researchers have seen a sharp rise in crime syndicates across the globe with a strong specialization in one type of scam, for example online shopping, investment, romance, subscriptions and many others. Criminals continuously improve their schemes and document how they can best be executed. Then they export the tools, scripts and methods around the world.
Victims can often get hit repeatedly, too. In 2020 and 2021, while talking to victims of binary options trading scams, one truly shocking aspect I often heard was people’s stories of being contacted by supposed law firms with offers to help recover their losses, which turned out to be yet another drain on the savings of those who fell for it.
At that time, Abraham’s group was gathering reports about a then-new trend of mainly Taiwanese and Chinese being duped by offers of well-paid work in Southeast Asia, only to find themselves trafficked as indentured labor for scam groups.
“On arrival, their passports are taken, and they are sold to different groups and forced to work in offices running illegal phone or online scams,” Abraham’s global scam report for 2022 notes. “Taiwan authorities say almost 5,000 citizens have been recorded traveling to Cambodia and not returning.”
Things have gotten worse: A recent podcast series from The Economist interviewed people who had been trafficked from the Philippines, countries in Africa and elsewhere, who described their lives in a walled-off “scam town” deep in the countryside of Myanmar. Relatively well-off Westerners being bilked out of their savings are not the only victims.
Part of the reason governments and security services have been slow to react might be that most fraud cases are individually small, so the cost of investigating them is not worth it.
However, those small incidents still add up to big profits for the industry. In the UK, for example, about 82 percent of cases are worth less than £1,000 (US$1,260) each, but in total they still account for 12 percent of all losses, according to data from UK Finance, a trade group.
Meanwhile, cases worth more than £10,000 make up less than 3 percent by number, but nearly 60 percent of proceeds.
A major worry is that AI tools will make all of this easier and cheaper for criminals — and will make large-scale high-value scams even more difficult to stop. Last year, an employee at a Hong Kong-based company was tricked into sending US$26 million to thieves that used an AI filter on a video call to disguise themselves as the company’s chief financial officer.
Battling scams has mainly been left up to banks, which have spent heavily on compensating customers and investing in education and warning systems in places like the UK.
Finance companies in turn have been crying out for more help from internet and social media companies to track and block bad actors. AI and the spread of crypto are making these efforts less effective.
The Google Threat Intelligence Group’s recommendations for governments include stronger education and awareness campaigns to help people defend themselves, as well as potentially more powers for banks and technology companies to act directly against criminal groups. In truth, countries need to start treating scams and other cybercrime like they do drug trafficking and terror. That means international cooperation on intelligence and enforcement where possible, as well as choking the financial flows through banking networks and crypto exchanges.
What is most troubling is that just as the US is turning its back on exactly this kind of cooperation and enforcement, it is also promising to unshackle crypto and potentially diluting banks’ defenses against dirty money. Other countries will be tempted to follow suit. If that continues, criminals and unfriendly states will get rich and win, while US citizens and other countries will foot the bill.
Paul J. Davies is a Bloomberg Opinion columnist covering banking and finance. Previously, he was a reporter for the Wall Street Journal and the Financial Times. This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
Trying to force a partnership between Taiwan Semiconductor Manufacturing Co (TSMC) and Intel Corp would be a wildly complex ordeal. Already, the reported request from the Trump administration for TSMC to take a controlling stake in Intel’s US factories is facing valid questions about feasibility from all sides. Washington would likely not support a foreign company operating Intel’s domestic factories, Reuters reported — just look at how that is going over in the steel sector. Meanwhile, many in Taiwan are concerned about the company being forced to transfer its bleeding-edge tech capabilities and give up its strategic advantage. This is especially
US President Donald Trump’s second administration has gotten off to a fast start with a blizzard of initiatives focused on domestic commitments made during his campaign. His tariff-based approach to re-ordering global trade in a manner more favorable to the United States appears to be in its infancy, but the significant scale and scope are undeniable. That said, while China looms largest on the list of national security challenges, to date we have heard little from the administration, bar the 10 percent tariffs directed at China, on specific priorities vis-a-vis China. The Congressional hearings for President Trump’s cabinet have, so far,
For years, the use of insecure smart home appliances and other Internet-connected devices has resulted in personal data leaks. Many smart devices require users’ location, contact details or access to cameras and microphones to set up, which expose people’s personal information, but are unnecessary to use the product. As a result, data breaches and security incidents continue to emerge worldwide through smartphone apps, smart speakers, TVs, air fryers and robot vacuums. Last week, another major data breach was added to the list: Mars Hydro, a Chinese company that makes Internet of Things (IoT) devices such as LED grow lights and the
The US Department of State has removed the phrase “we do not support Taiwan independence” in its updated Taiwan-US relations fact sheet, which instead iterates that “we expect cross-strait differences to be resolved by peaceful means, free from coercion, in a manner acceptable to the people on both sides of the Strait.” This shows a tougher stance rejecting China’s false claims of sovereignty over Taiwan. Since switching formal diplomatic recognition from the Republic of China to the People’s Republic of China in 1979, the US government has continually indicated that it “does not support Taiwan independence.” The phrase was removed in 2022
RSS