Policymakers Should Protect Consumers from Scammers’ Phishing Hooks

Millions of Americans receive messages daily about unpaid tolls or emails about compromised accounts. Most delete these messages, but those who do not may unknowingly fall victim to scams designed to steal their money or private information. In 2024 alone, scammers stole $16.6 billion from U.S. consumers, channeling the profits into transnational criminal organizations. While U.S. agencies and tech companies have disrupted botnets, raised public awareness, and launched enforcement actions, scam networks based in Southeast Asia continue to grow. To counter this threat, the United States should strengthen public-private coordination through bipartisan legislation—such as the Foreign Robocall Elimination Act and the Scam Compound Accountability and Mobilization (SCAM) Act—and deepen multilateral partnerships across the Indo-Pacific.

Scams targeting Americans increasingly originate from compounds in Myanmar, Cambodia, Laos, and other parts of Southeast Asia. These facilities often resemble call centers, but the workers are frequently trafficked or coerced. Recruiters lure them with promises of high-paying jobs, then confiscate passports and threaten families if they try to escape. Workers are forced to engage in “smishing”—phishing messages sent via SMS—impersonating banks and government agencies, and directing victims to credential-stealing sites.

Criminal networks funnel stolen funds through crypto mixers (which obfuscate the origins of cryptocurrencies) and shell companies (which obfuscate the owners of assets), reinvesting profits into recruitment and infrastructure. These operations thrive in countries where weak governance, widespread corruption, fragmented law enforcement, and porous borders. Even when authorities disrupt operations, scam centers simply relocate and shift tactics. For example, when China temporarily took action during the COVID-19 pandemic against scams targeting its citizens, scammers began targeting U.S. consumers instead.

The U.S. government has taken steps to counter these networks. The Justice Department’s Scam Center Strike Force unites prosecutors, investigators, and financial-crime specialists to counter Southeast Asian scam centers. Through cross-border investigations, indictments, and rapid information sharing with financial institutions and tech platforms, the task force tracks illicit flows, freezes assets, and seeks restitution for victims.

The State and Treasury Department have also used diplomatic and sanctions tools against groups and individuals tied to scam operations. These initiatives, combined with the Treasury Department’s Office of Foreign Assets Control’ssanctions, the Federal Trade Commission’s consumer alerts, and the Department of Homeland Security’s trafficking and illicit‑finance probes, represent a coordinated approach, but one constrained by inconsistent foreign government cooperation.

Private-sector action has also attempted to counter scammers. Microsoft has spent a decade dismantling botnets through legal actions and seizing criminal infrastructure such as servers and websites. Google has deployed AI systems that scan billions of messages for indicators of financial scams, block suspicious links, and authenticate legitimate senders to prevent spoofing. Lawsuits targeting operators and hosting services, such as Google’s recent phishing text scam case, have caused criminals to abandon malicious domains and lose payment. However, private-sector efforts alone cannot fully counter scam centers that rapidly adapt and exploit permissive jurisdictions.

Congress now has an opportunity to close the gap between private-sector capability and federal authority. The Foreign Robocall Elimination Act requires the Federal Communications Commission to establish a task force charged with creating an annual report recommending solutions for combating scam centers, such as imposing penalties on perpetrators and encouraging greater foreign government involvement. By bringing agencies together under this task force, the legislation creates an opportunity for interagency collaboration, which could lead to improved coordination, enhanced call traceback capabilities, and stronger enforcement against overseas robocalls.

The SCAM Act would allow the United States to directly target scam-compound operators, freeze assets, and assist U.S scam victims. Together, these bills empower joint disruption campaigns—between agencies and tech companies—against operators, infrastructure, and financial networks.

However, legislation alone isn’t enough. The United States should pair new authorities with sustained international cooperation through the Association of Southeast Asian Nations (ASEAN). The Philippines’ upcoming chairmanship creates an opportunity for the United States to closely work with its long-time ally to shape the bloc’s 2026 agenda by expanding cross-border investigations, strengthening cybercrime units, enhancing financial-tracking mechanisms, and encouraging ASEAN states to crack down on scam compounds.

The United States should also strengthen cooperation with NGOs, such as Operation Shamrock, which develops approaches to disrupt scams and reduce criminal groups' recruitment ability. Building on these ad hoc NGO-government partnerships, the United States should establish a permanent public-private partnership that institutionalizes efforts such as intelligence sharing and coordinated responses.

Transnational scam networks have become billion-dollar enterprises, exploiting the digital economy and international enforcement gaps. Despite significant progress, the U.S. government and private companies still struggle to dismantle criminal organizations operating from foreign safe havens. The United States should pair bipartisan legislation with deeper public-private integration and sustained multilateral cooperation. Without a global coalition aligned through law, diplomacy, and technology, scammers will simply migrate to regions with weak governance—continuing to threaten the integrity of the digital ecosystem.