Federal authorities seized 127,271 Bitcoin, valued at approximately $15 billion, from Chen Zhi, the alleged leader of a sprawling cybercrime network based in Cambodia, the Justice Department said Tuesday. Officials said it’s the largest financial seizure on record.

“Today’s action represents one of the most significant strikes ever against the global scourge of human trafficking and cyber-enabled financial fraud,” Attorney General Pamela Bondi said in a statement.

Officials said Chen, a 38-year-old United Kingdom and Cambodian national who has renounced his Chinese citizenship, built a business empire under the Prince Group umbrella headquartered in Phnom Penh, Cambodia, that constructs, operates and manages scam compounds that rely on human trafficking and modern-day slavery. 

A criminal indictment against Chen was also unsealed in the U.S. District Court for the Eastern District of New York. He remains at large and the FBI is seeking information about his whereabouts. Chen faces up to 40 years in prison for his alleged crimes.

Chen is accused of founding and running Prince Group since 2015, resulting in a global expansion that has brought the cybercrime network’s operations to dozens of entities spanning more than 30 countries. 

Officials said Chen was directly involved in managing the scam compounds and committed violence against people in the forced labor camps where schemes targeted victims around the world, including in the United States. One network based in Brooklyn, New York, scammed more than 250 people in New York and across the country out of millions of dollars, according to the indictment.

Authorities in the U.S. and U.K also imposed coordinated sanctions against the Prince Group’s cybercrime networks in Southeast Asia accused of long-running investment scams and money laundering operations. 

Officials said the sanctions against people and organizations involved with the Prince Group transnational criminal organization and its severing of Huione Group from the U.S. financial system mark the most extensive action taken against cybercrime operations in the region to date.

“The rapid rise of transnational fraud has cost American citizens billions of dollars, with life savings wiped out in minutes,” Treasury Secretary Scott Bessent said in a statement. 

The agency’s Office of Foreign Assets Control imposed sanctions on 146 people and organizations participating in Prince Group TCO, while the Financial Crimes Enforcement Network issued a rule under the USA PATRIOT Act to sever Cambodia-based financial services conglomerate Huione Group from the U.S. financial system.

OFAC also sanctioned a network of 117 illegitimate businesses affiliated with Prince Group. The agency published a complete list of people and entities sanctioned as part of the sweeping action.

Authorities said Prince Group is prolific and remains a dominant player in Cambodia’s scam economy, responsible for billions of dollars in illicit financial transactions. U.S. government officials estimate Americans lost more than $10 billion to Southeast Asia-based scam operations last year, noting that U.S. online investment scams surpass $16.6 billion.

Huione Group has allegedly laundered proceeds from cyberattacks initiated by North Korea and transnational criminal organizations in Southeast Asia responsible for virtual currency investment scams, authorities said. The organization laundered more than $4 billion in illicit proceeds between August 2021 and January 2025, the Treasury Department said. 

The U.K.’s Foreign, Commonwealth, and Development Office also participated in the crackdown by imposing sanctions on Prince Holding Group, its alleged leader Chen and key associates. 

“Today, the FBI and partners executed one of the largest financial fraud takedowns in history,” FBI Director Kash Patel said in a statement.

The post Officials crack down on Southeast Asia cybercrime networks, seize $15B appeared first on CyberScoop.

Authorities arrested 260 cybercrime suspects during a two-week operation spanning 14 African countries, Interpol announced Friday. The globally coordinated summertime crackdown dubbed “Operation Contender 3.0” targeted criminal networks that facilitated romance scams and sextortion, officials said. 

Interpol said total losses attributed to the scam syndicates amounted to about $2.8 million, involving almost 1,500 victims. Authorities seized USB drives, SIM cards, forged documents and dismantled 81 cybercrime infrastructure networks across the continent.

“Cybercrime units across Africa are reporting a sharp rise in digital-enabled crimes such as sextortion and romance scams,” Cyril Gout, acting executive director of police services at Interpol, said in a statement. “The growth of online platforms has opened new opportunities for criminal networks to exploit victims, causing both financial loss and psychological harm.”

Authorities in Ghana arrested 68 people, seized 835 devices and identified 108 victims who lost a combined $450,000, $70,000 of which was recovered. The suspects allegedly used fake profiles, forged identities and stolen images to deceive victims using multiple schemes, including fake courier and customs shipment fees, and sextortion for blackmail.

Police in Senegal arrested 22 suspects who allegedly defrauded 120 victims on social media and dating platforms of about $34,000 combined. 

In Cote d’Ivoire, police arrested 24 suspects and identified 809 victims who were allegedly manipulated to share intimate images before they were blackmailed. Angola authorities arrested eight people for allegedly scamming 28 domestic and international victims via social media. 

Group-IB and Trend Micro assisted in the investigation, and other countries participating in the effort included Benin, Burkina Faso, Gambia, Guinea, Kenya, Nigeria, Rwanda, South Africa, Uganda and Zambia.

“By working closely with our member countries and private sector partners, we remain committed to disrupting and dismantling the groups that prey on vulnerable individuals online,” Gout said.

Operation Contender 3.0 occurred, in part, during a much larger Interpol cybercrime crackdown in Africa that resulted in the arrest of 1,209 alleged cybercriminals. Authorities said financial losses attributed to cybercrime rings disrupted during Operation Serengeti 2.0 neared $485 million from almost 88,000 victims.

The post Interpol operation disrupts romance scam and sextortion networks in Africa appeared first on CyberScoop.

Federal authorities on Monday imposed sanctions on 19 people and organizations allegedly involved in major cyberscam hubs in Burma and Cambodia.

“Criminal actors across Southeast Asia have increasingly exploited the vulnerabilities of Americans online,” Secretary of State Marco Rubio said in a statement. “In 2024, Americans lost at least $10 billion to scam operations in Southeast Asia, according to a U.S. government estimate.” That’s a 66% increase from the prior year, officials said. 

People who staff these scam centers are often victimized as well. Criminal organizations in Southeast Asia recruit workers under false pretenses and use debt bondage, violence, and threats of forced prostitution to coerce them to scam strangers online via messaging apps or text messages, authorities said.

The Treasury Department’s Office of Foreign Assets Control levied sanctions against nine targets operating in Shwe Kokko, Burma, which it described as a “notorious hub for virtual currency investment scams under the protection of the OFAC-designated Karen National Army.” KNA was sanctioned as a transnational criminal organization in May. 

Tin Win, Saw Min Min Oo, Chit Linn Myaing Co., Chit Linn Myaing Toyota Co., Chit Linn Myaing Mining & Industry Co., Shwe Myint Thaung Yinn Industry and Manufacturing Co., She Zhijang, Yatai International Holdings Group and Myanmar Yatai International Holding Group Co. were all sanctioned for their alleged involvement in these scam centers near Burma’s border with Thailand.

She Shijiang and Saw Chit Thu, the leader of the KNA who was previously sanctioned in May, are accused of transforming a small village in Shwe Kokko into a city built for gambling, drug trafficking, prostitution and a compound of scam centers. Tin Win and Saw Min Min Oo allegedly control property that hosts the scam centers and personally run organizations that support the operations.

“Southeast Asia’s cyber scam industry not only threatens the well-being and financial security of Americans, but also subjects thousands of people to modern slavery,” John K. Hurley, under secretary of the Treasury for terrorism and financial intelligence, said in a statement.

The Treasury Department also sanctioned four people and six organizations for their alleged involvement in forced labor compounds in Cambodia that operate virtual currency investment scams targeting victims in the United States, Europe, China and elsewhere. 

T C Capital Co., K B Hotel Co., K B X Investment Co., M D S Heng He Investment Co., Heng He Bavet Property Co., HH Bank Cambodia, Dong Lecheng, Xu Aimin, Chen Al Len and Su Liangsheng were all sanctioned for their alleged involvement in scam centers in Cambodia. 

“These sanctions protect Americans from the pervasive threat of online scam operations by disrupting the ability of criminal networks to perpetuate industrial-scale fraud, forced labor, physical and sexual abuse, and theft of Americans’ hard-earned savings,” Rubio said.

The post Treasury Department targets Southeast Asia scam hubs with sanctions appeared first on CyberScoop.

June 15th was World Elder Abuse awareness day. I’d like to expand that from a mere day to declaring every day National Scam day. I am getting increasingly concerned about friends and acquaintances that fall for scams, ranging from clickbait to photos that aren’t real and to stories on social media that are just flat-out […]

In recent years, the landscape of cyber scams has evolved, targeting even the tools designed to protect consumers. One such concerning development involves the exploitation of trusted services to mislead and scam users. This article explores a specific case in which scammers may have taken advantage of these services to deceive users into divulging sensitive information, leading to potential financial losses and identity theft.

The Mechanics of the Cyber Scams

At the core of this issue lies a highly sophisticated cyber scam that exploits the trust consumers place in services that were designed to alert users regarding suspicious activities or data breaches. In this case, however, scammers have managed to breach the very systems intended to safeguard user identities. Here’s how the scam operates:

1. Compromised Alerts: Users receive seemingly legitimate alert emails from a trusted organization, notifying them of potential security issues. These emails include clickable links that direct users to what appear to be secure websites.
2. Redirects to Malicious Sites: Upon clicking the link, users are redirected to malicious domains designed to look like legitimate websites or are taken directly to scam sites hosted on platforms like Telegram. These sites may request further sensitive information under the guise of security checks or offer downloads that contain malware.
3. Exploitation of User Trust: The effectiveness of this scam lies in its exploitation of user trust. Since the alerts originate from a trusted source, users are more likely to click on the links without their usual level of scrutiny. This bypasses standard phishing detection mechanisms, which often filter out emails from suspicious or unknown sources.

Indicators of Deceptive Practices

Several red flags were identified during the investigation into these compromised alerts:

• Clickable Links in Alerts: Unlike more secure practices adopted by other identity protection services, some alerts include clickable links. This practice is risky because it can easily be exploited to redirect users to malicious sites.
• Use of Scam Domains: The domains used in these alerts were found to be registered for the explicit purpose of hosting scam operations. For example, one domain redirected users to a Telegram channel that further directed them to malicious downloads or additional scams.
• High Click-Through Rates: Analysis of traffic to these scam domains revealed a substantial number of users clicking through from these alerts. This suggests a significant exploitation of these alerts, driving traffic to malicious sites and potentially resulting in a high number of compromised users.

Potential Implications and Risks of Cyber Scams

The consequences of this scam could be far-reaching:

• Financial Loss: Users deceived by these scams might inadvertently provide sensitive information such as banking details, leading to financial fraud or unauthorized transactions.
• Identity Theft: The exposure of personal information can lead to identity theft, where attackers use the information to open new accounts, make purchases, or engage in other forms of fraud.
• Malware Infections: Users who download files from these scam sites could infect their devices with malware, further compromising their security and potentially leading to data loss or additional breaches.

Conclusion: How Constella Intelligence Leads the Way in Combatting These Threats

At Constella Intelligence, we’ve recognized the growing sophistication of scams targeting identity protection services and have implemented advanced mechanisms to safeguard our users.

Our systems incorporate a robust verification and curation process, designed to detect and mitigate these types of fraudulent attacks before they reach our customers. In line with the rigorous standards we detail in our blog Verifying the National Public Data Breach, we employ advanced data validation and monitoring techniques to ensure every alert is legitimate and free from manipulation. By continuously monitoring for suspicious patterns and ensuring that all alerts are authentic, we provide the most secure identity protection available on the market. As the leading identity protection provider, we’re committed to staying ahead of emerging threats and maintaining the trust our users place in us to protect their personal information.

Recommendations for Users

To safeguard against potential scams and enhance online security, consider the following steps:

1. Avoid Clicking on Links in Emails: Even if the email appears to be from a trusted source, manually navigate to the company’s official website instead of clicking on links in the email. This reduces the risk of being redirected to a malicious site.
2. Use a Password Manager: A password manager can help generate and store complex, unique passwords for each of your accounts, reducing the risk if one service is compromised.
3. Monitor Your Accounts Regularly: Frequently check your bank statements and credit reports for any unauthorized activity. Early detection of suspicious activity can prevent more significant financial losses.
4. Enable Multi-Factor Authentication (MFA): Whenever possible, use MFA on your online accounts. This adds an additional layer of security by requiring multiple forms of verification.

By following these recommendations, users can better protect themselves from the increasingly sophisticated tactics employed by scammers to exploit even the most trusted services.