AI supercharging online scams across Asia, warns Interpol’s cybercrime chief

AI supercharging online scams across Asia, warns Interpol’s cybercrime chief A new Interpol cyberthreat report found that cybercrime now accounts for more than 30 per cent of all recorded crime in over half of the countries surveyed across Asia and the South Pacific. SINGAPORE: Artificial intelligence is enabling cybercriminals to operate at an unprecedented scale across Asia, with law enforcement struggling to keep pace, according to Interpol’s cybercrime chief. "Criminals are always going to be able to leverage these technologies quicker," the global policing agency’s cybercrime director Neal Jetton told CNA on Friday (Jun 19). “AI is not necessarily creating brand new crime types. What it’s doing is increasing the scale, scope, and efficiency of the crime types that already exist.” Generative AI tools are already being used to create highly convincing phishing emails, while deepfake and voice-cloning technologies are helping criminals impersonate public officials, company executives and trusted individuals in increasingly sophisticated scams. Jetton’s warning comes as Interpol’s latest cyberthreat assessment paints a concerning picture of the growing scale of cybercrime across the region. The report found that cybercrime now accounts for more than 30 per cent of all recorded crime in over half of the countries surveyed across Asia and the South Pacific. Based on responses from 18 member countries and intelligence from private-sector partners, the assessment identified online scams, phishing and ransomware as among the most prevalent threats facing the region. It also highlighted a rise in AI-enabled deepfake scams, industrial-scale fraud operations and infostealer malware campaigns. More than 6.5 billion cyberthreats were detected and blocked across Asia and South Pacific in 2024, according to data from cybersecurity firm Trend Micro, one of Interpol’s private-sector partners. The report also found that more than 135,000 ransomware attacks were recorded across the region in the same period, targeting industries including manufacturing, real estate and financial services. Meanwhile, 5.5 out of every 1,000 individuals clicked on phishing links each month – roughly twice the global average – with cloud-based applications emerging as the primary targets. Discussion of deepfakes on cybercriminal forums and Telegram channels used by Southeast Asian threat actors rose 600 per cent from February to June 2024. ORGANISED CRIME GOING DIGITAL Interpol warned that organised crime groups are increasingly incorporating AI into cyber-enabled operations across Southeast Asia, including large-scale scam compounds that exploit both victims and trafficked workers. Jetton described this evolution as the "industrialisation of cybercrime". “You used to have to be very technically savvy to commit cybercrimes, but that is not the case anymore. With AI, you can generate phishing emails that look very tailored and legitimate,” he said. “With the digitisation of society … we are all potential targets for cybercrime.” Jetton pointed to widespread smartphone ownership, social media presence and online banking usage as factors creating an ever growing pool of potential victims and expanding the attack scope for cybercriminals. While the report focuses on Asia and the South Pacific, Jetton stressed that phishing and online scams are now among the most common forms of cybercrime worldwide. However, he acknowledged that industrial-scale scam operations in parts of Southeast Asia have become a significant contributor to the region's cybercrime problem. The report identified Cambodia, Laos, Myanmar and the Philippines as locations where transnational organised crime groups have expanded operations involving online fraud, illegal gambling and labour exploitation. According to estimates cited in the report, these criminal enterprises generate close to US$40 billion annually through schemes such as romance scams, fake investment platforms and illegal online gambling operations. With enforcement crackdowns across the region, many of these networks have adapted by relocating operations and changing tactics, creating fresh challenges for authorities. GAPS IN CYBER DEFENCES Jetton also highlighted significant differences in cyber resilience across the region, with some countries possessing mature cybercrime capabilities while others have only recently established dedicated cybercrime units. He said this disparity remains one of the region's biggest vulnerabilities. "(There are) countries that are very well resourced, but across the region, (there are) countries that have just created cybercrime units two years ago, so they're very, very behind the curve," he said. To tackle sophisticated cybercrime networks, Jetton called for a "whole-of-society" approach involving governments, law enforcement agencies, banks, telecommunications companies and cybersecurity firms. “Even Interpol, with all of our resources and reach, doesn't have all the answers. It requires all of us to work together … on prevention as well as campaign awareness,” he said. As cybercrime becomes increasingly transnational, stronger cross-border cooperation and faster intelligence-sharing between governments and the private sector will also be essential, he added. Jetton noted that differing legal frameworks remain a challenge, with activities classified as cybercrime in one country not necessarily considered criminal in another. He called for greater cooperation between governments, including agreements and legal frameworks that enable faster investigations and enforcement against transnational cybercrime networks.