Cross-Border Crackdown: International Operations Dismantle Tech Scam Networks and Digital Crime Syndicates

India's Central Bureau of Investigation (CBI) has successfully dismantled a complex international fraud scheme, arresting six suspects and shutting down two fraudulent call centers that orchestrated sophisticated technical support scams primarily targeting victims in Japan.

The enforcement action, designated as Operation Chakra V, involved simultaneous raids across 19 locations in Delhi, Haryana, and Uttar Pradesh on May 28, 2025. This initiative represents part of India's broader strategy to combat cyber-enabled financial crimes with international dimensions.

Sophisticated Deception Tactics

The criminal organizations operated elaborate facades, establishing call centers that convincingly mimicked legitimate customer service operations. These fraudsters impersonated technical support representatives from major technology companies, particularly Microsoft, to build credibility with their targets.

The scammers employed advanced social engineering methods combined with what authorities described as "technical subterfuge" to manipulate victims. Their standard approach involved convincing targets that their electronic devices had been compromised or infected, creating a sense of urgency that prompted victims to seek immediate assistance.

Once trust was established, the perpetrators would guide victims through processes that ultimately resulted in unauthorized money transfers to accounts controlled by the criminal network. These "mule accounts" served as collection points for the stolen funds before they could be laundered or transferred elsewhere.

International Collaboration Yields Results

The successful operation emerged from extensive cooperation between multiple international agencies and private sector partners. The CBI worked closely with Japan's National Police Agency and Microsoft Corporation to trace the criminal network's operations and identify key participants.

This collaborative approach enabled investigators to map the complete organizational structure of the fraud scheme, leading to the seizure of substantial evidence including computers, data storage devices, digital video recorders, and mobile phones that will support ongoing investigations and potential prosecutions.

Microsoft's involvement proved particularly valuable, as the company had been tracking similar scam operations globally. Steven Masada from Microsoft highlighted the increasingly interconnected nature of modern cybercrime, noting that "cybercrime-as-a-service" models have facilitated greater coordination among criminal organizations worldwide.

Technology-Enhanced Criminal Operations

The investigation revealed that these criminal enterprises have embraced cutting-edge technology to enhance their operations' scale and effectiveness. Notably, the scammers incorporated generative artificial intelligence tools to streamline various aspects of their fraudulent activities.

AI technology was deployed for multiple purposes within the criminal operation:

• Identifying and profiling potential victims for targeting
• Automating the creation of malicious pop-up advertisements and warnings
• Providing real-time language translation services to effectively communicate with Japanese-speaking victims

Microsoft's analysis of the broader threat landscape uncovered an extensive ecosystem supporting these fraudulent operations. The company identified approximately 66,000 malicious domains and URLs connected to fake technical support scams since May 2024, working in partnership with the Japan Cybercrime Control Center (JC3) to neutralize these threats.

The criminal network encompassed various specialized roles including pop-up creators, search engine optimization specialists, lead generators, technology infrastructure providers, payment processors, and recruitment personnel - demonstrating the sophisticated business model underlying these operations.

Related Cybersecurity Incidents Highlight Ongoing Threats

Coinbase Data Breach Linked to Indian Contractors

The tech support scam arrests coincide with recent revelations about a separate cybersecurity incident involving major cryptocurrency exchange Coinbase. According to Reuters reporting, the exchange suffered a data breach with connections to India-based customer support contractors.

The breach, initially detected in January 2025, involved employees of TaskUs, a customer support outsourcing company. Investigation revealed that threat actors had successfully bribed two TaskUs employees to illegally access and steal customer information from Coinbase's systems.

TaskUs responded to the incident by terminating the two employees involved in the unauthorized data access. Subsequently, Coinbase ended its contractual relationship with TaskUs entirely, highlighting the significant trust and security implications of such breaches for business partnerships.

International Child Exploitation Network Disrupted

In a separate but concurrent international law enforcement effort, authorities across 12 countries collaborated to arrest 20 individuals involved in creating and distributing child sexual abuse material (CSAM) between March and May 2025.

The operation demonstrated the global reach of modern criminal networks and the necessity of international cooperation in addressing serious cyber-enabled crimes. Spain led arrests with seven suspects, including individuals in positions of trust such as a healthcare worker and educator.

The healthcare worker allegedly engaged in the exploitation of minors from Eastern Europe, paying for explicit imagery, while the teacher faced charges related to possessing and distributing illegal material through various online platforms.

Additional arrests occurred across Latin America, with three suspects apprehended in El Salvador and one teacher arrested in Panama. European and American authorities also made arrests as part of the coordinated effort.

INTERPOL, which coordinated the international response, indicated that investigations remain active with 68 additional suspects identified for potential future enforcement actions.

Implications for Global Cybersecurity

These concurrent international operations underscore several critical trends in modern cybercrime:

Increasing Sophistication: Criminal organizations are adopting advanced technologies including AI to enhance their operations' effectiveness and scale.

Global Coordination: Modern cyber-criminals operate across national boundaries, requiring unprecedented levels of international law enforcement cooperation to combat effectively.

Insider Threats: The Coinbase incident highlights vulnerabilities created by outsourced operations and the potential for employee compromise through bribery or coercion.

Multi-Vector Attacks: Criminal enterprises are diversifying their tactics across various forms of fraud, exploitation, and data theft, requiring comprehensive defensive strategies.

The success of these operations demonstrates that international cooperation between law enforcement agencies, private sector partners, and cybersecurity organizations can effectively disrupt sophisticated criminal networks, even when they operate across multiple jurisdictions and employ advanced technological tools.