Cybercrime Now Accounts for a Third of All Crime in Parts of Asia, Interpol Warns

A sweeping Interpol investigation has documented a dramatic transformation in the nature of criminal activity across Asia and the South Pacific, with digital offences now accounting for approximately one-third of all recorded crimes in more than half the region's surveyed nations. The global law enforcement body's comprehensive cyber threat assessment, compiled from responses by 18 member states between January 2024 and March 2025, paints a picture of criminal enterprises rapidly pivoting away from traditional street crime towards online fraud and digital extortion. Among the participating countries, online scams have emerged as the dominant concern, with roughly a third reporting upwards of 10,000 cases annually utilising techniques ranging from phishing to sophisticated social engineering.

The scale of this criminal migration reflects fundamental shifts in how Asia's economies operate. As digital infrastructure has expanded across the region—from fintech adoption in Southeast Asia to e-commerce penetration in South Asia—criminals have moved in parallel, exploiting vulnerabilities at every layer. Neal Jetton, who directs Interpol's Cybercrime operations from the agency's Singapore office, characterised the evolving threat landscape as increasingly dystopian: cybercriminals now deploy artificial intelligence, ransomware-as-a-service marketplaces, and industrial-scale social engineering campaigns that operate across multiple jurisdictions simultaneously. The sophistication represents a qualitative leap from the relatively crude phishing attempts of a decade ago.

The geographic spread of scam operations particularly alarmed Interpol analysts. What was once concentrated in specific hotspots within Cambodia, Laos, and Myanmar has metastasised into a distributed global network. Rather than operating large, stationary compounds vulnerable to police raids, criminal groups have adapted their structure in response to law enforcement pressure, fragmenting into smaller, more mobile cells. These operations now flourish across unexpected locales—from parts of Africa and the South Pacific to pockets of Europe and Latin America—each location offering different regulatory vulnerabilities or operational advantages. The Sri Lankan government's recent enforcement action against suspected scam centres underscores how the problem has become genuinely transnational, presenting unprecedented coordination challenges for regional authorities.

A critical enabler of this expansion has been the availability of artificial intelligence tools, which have democratised the creation of convincing fraudulent content. Interpol's assessment highlights how AI now generates deepfake audio and video, synthetic messages, and automated interactions that mimic legitimate communications across multiple digital platforms. This technological shift means that perpetrators no longer require expensive infrastructure or large teams to launch credible mass fraud campaigns. A handful of individuals, armed with accessible AI software and basic technical knowledge, can impersonate banks, government agencies, or corporate entities with sufficient fidelity to deceive even cautious consumers. The barrier to entry for aspiring cybercriminals has collapsed.

The financial damage remains staggering. Interpol and various monitoring organisations have documented that these transnational scam networks generate tens of billions of dollars annually—figures that dwarf many legitimate industries. The money flows through informal channels, cryptocurrency exchanges, and complicit financial institutions in jurisdictions where enforcement remains weak or corrupted. Malaysian readers should note that the country's geographic position and relatively developed financial infrastructure make it an attractive transit point for laundered scam proceeds, even as Malaysian citizens themselves fall victim to these schemes at alarming rates.

Law enforcement across the region remains severely handicapped in responding to this explosion. Interpol's survey identified critical gaps in forensic tools, shortage of specialised cybercrime training, and insufficient technical capacity within many police forces. Developing nations and small island states face particularly acute resource constraints—they may lack even basic malware analysis capabilities or digital evidence preservation protocols. This creates a dangerous asymmetry where sophisticated, well-funded criminal networks operate circles around under-resourced police units. The problem intensifies in countries where cybercrime units compete for scarce funding with traditional crime fighting priorities.

Regulatory arbitrage remains a fundamental vulnerability. Even economically mature nations with reputationally strong cybersecurity defences find themselves targeted by these networks, Interpol noted, because exploitable legal gaps and regulatory ambiguities create opportunities for criminals to operate with minimal oversight. Different countries define cybercrime differently, pursue different investigative standards, and maintain different data retention policies—creating a patchwork that sophisticated operators know how to navigate. Financial institutions in developing markets often lack the compliance infrastructure of their Western counterparts, making them softer targets for fraud and infiltration.

The report raises particular alarm about identity-based attacks, which are accelerating across the region. Traditional security measures such as two-factor authentication have become insufficient due to widespread password reuse, compromised credential databases circulating on the dark web, and vulnerabilities in single sign-on systems that many organisations have rashly implemented without proper security audits. Cybercriminals now routinely purchase legitimate access credentials harvested from previous breaches, allowing them to bypass two-factor authentication by authenticating from locations and devices the victim has previously used. This highlights the fundamental weakness of static security models in a world where attackers possess both historical behavioural data and access to powerful computing resources.

Interpol advocates for a shift towards adaptive verification systems—dynamic authentication frameworks that assess user identity in real time by analysing location data, behavioural patterns, and device characteristics rather than relying on static passwords or simple two-factor codes. Such systems would flag as suspicious a login attempt from an unfamiliar geography or device, demanding additional verification. However, implementing such infrastructure requires technological sophistication and investment that many Asian institutions, particularly smaller banks and government agencies, have not yet undertaken. The gap between recommended security practices and actual implementation remains a critical vulnerability.

The report's findings carry particular significance for Malaysia and the broader Southeast Asian region. These nations occupy a complex position within global cybercrime networks—simultaneously serving as origin points for some fraud operations, transit hubs for laundered proceeds, and victim populations targeted by external threat actors. Malaysian businesses and consumers must grapple not only with local scammers but increasingly with sophisticated international operations that exploit cross-border vulnerabilities. The government's cybercrime taskforces face mounting pressure to coordinate internationally while building local capacity.

The confluence of factors documented by Interpol—distributed criminal networks, AI-enabled fraud, transnational money flows, under-resourced law enforcement, and regulatory inconsistencies—suggests that the cybercrime crisis will likely intensify before any meaningful reversal occurs. Individual nations implementing unilateral defences will achieve limited results without regional coordination and significant resource investment. The challenge demands not merely technological solutions but fundamental reforms to how governments share intelligence, harmonise legal frameworks, and pool investigative resources. Without such comprehensive approaches, the explosion in cybercrime will continue reshaping Asia's security landscape.