The Indian government said it has rescued and repatriated about 250 citizens in Cambodia who were held captive and coerced into running cyber scams.
The Indian nationals "were lured with employment opportunities to that country but were forced to undertake illegal cyber work," the Ministry of External Affairs (MEA) said in a statement, adding it had rescued 75 people in the past three months.
It also said it's working with "with Cambodian authorities and with agencies in India to crack down on those responsible for these fraudulent schemes."
The development comes in the wake of a report from the Indian Express that said more than 5,000 Indians stuck in Cambodia were forced into "cyber slavery" by organized crime rackets to scam people in India and extort money by masquerading as law enforcement authorities in some cases.
The report also tracks with an earlier disclosure from INTERPOL, which characterized the situation as human trafficking-fuelled fraud on an industrial scale.
This included an accountant from the state of Telangana, who was "lured to Southeast Asia where he was forced to participate in online fraud schemes in inhuman conditions." He was subsequently let go after paying a ransom.
In another instance highlighted by the Indian Express, one of the rescued men was recruited by an agent from the south Indian city of Mangaluru for a data entry job, only to be asked to create fake social media accounts with photographs of women and use them to contact people.
"We had targets and if we didn't meet those, they would not give us food or allow us into our rooms," the individual, identified only as Stephen, was quoted as saying.
China and the Philippines have undertaken similar efforts to free hundreds of Filipinos, Chinese, and other foreign nationals who were entrapped and forced into criminal activity, running what's called pig butchering scams.
These schemes typically start with the scammer adopting a bogus identity to lure prospective victims into investing in non-existing crypto businesses that are designed to steal their funds. The fraudsters are known to gain their target's trust under the illusion of a romantic relationship.
In a report published in February 2024, Chainalysis said the cryptocurrency wallets associated with one of the pig butchering gangs operating out of Myanmar has recorded close to $100 million in crypto inflows, some of which is also estimated to include the ransom payments made by the families of trafficked workers.
"The brutal conditions trafficking victims face on the compounds also lend additional urgency to solving the problem of romance scamming — not only are consumers being bilked out of hundreds of millions of dollars each year, but the gangs behind those scams are also perpetuating a humanitarian crisis," the blockchain analytics firm said.
According to the United Nations, more than 200,000 people from around the world have been trafficked to countries like Cambodia, Myanmar, Lao PDR, the Philippines, and Thailand to execute lucrative online scams, ranging from illegal gambling to crypto fraud.
The U.S. Department of State, in its annual Trafficking in Persons report published last June, called out China-based organized crime syndicates for posing as labor brokers to recruit people with English proficiency from Africa and Asia via social media with the promise of offering them lucrative jobs in Southeast Asia.
"Upon arrival, victims are transported to large compounds, known as 'scam factories,' located in Burma, Cambodia, Laos, Malaysia, and the Philippines, where their passports are confiscated and they experience physical and sexual violence," the report said. "Traffickers force victims to defraud strangers in online cryptocurrency and romance scams and illegal gambling operations."
News of the rescue efforts also follow research from Check Point that threat actors are exploiting a function in Ethereum called CREATE2 to bypass security measures and gain unauthorized access to funds. Details of the scam were previously disclosed by Scam Sniffer in November 2023.
The crux of the technique is the use of CREATE2 to generate a new "temporary" wallet address that has no history of being reported for criminal activity, thus allowing threat actors to make the illicit transactions to the address once the victim approves the contract and circumvent protections that flag such addresses.
"The attack method involves tricking users into approving transactions for smart contracts that haven't been deployed yet, allowing cyber criminals to later deploy malicious contracts and steal cryptocurrencies," the Israeli company said.
