The instructions were clear: He had four days to make each victim fall in love.
And there were a lot of victims. Online, Safeer Mohammed Koorimannil, who was trafficked to a scam center in Myanmar, impersonated a 28-year-old Singaporean woman named Ella. On a typical shift, he said, he chatted with more than 100 people across dozens of profiles at the same time, as supervisors prowled among the desks with electric batons.
In just a month, Koorimannil targeted some 50,000 victims from at least 17 countries, according to records he smuggled out to The Associated Press. His “clients” included a widowed tailor in Kurdistan, a pastry chef in Turkey, a sheep farmer in Kyrgyzstan, soldiers in Iraq, an engineer in Russia, a building painter in Germany, a port officer in Argentina, a student in Indonesia, a security guard in Poland and a dairy farmer in the Republic of Georgia. And he did it using software built with artificial intelligence models from American tech companies that scammers are abusing to target victims at unprecedented speed and scale. “Everyone is a robot there,” he told AP from his home in southern India in his native Malayalam language.
Read more: US and Iran negotiators head to Doha, but meeting uncertain
Technology from American companies is being used to power a revolution in the scam industry, playing a key role in the industrialization and globalization of fraud in ways that have not been clear until now, an AP/”FRONTLINE” investigation has found. Watchdogs say these companies have the technical capacity to do more to protect against abuse but lack the legal, regulatory and business incentives to crack down on a crime the Federal Trade Commission estimates cost Americans nearly $200 billion in losses in 2024.
While most public scrutiny of the technology that fuels scams has focused on the social media platforms victims see, the infrastructure exploited to commit fraud begins much farther upstream, the investigation showed. American technology is present all along the digital supply chains that connect scammers with the scammed, from AI models baked into powerful new tools to optimize workflow and create more perfect fakes, to satellite dishes that enable scammers to evade internet crackdowns, to internet service providers that carry traffic from the lawless borderlands of Myanmar to the phones and computers of millions of victims.
he AP found no evidence to suggest these companies were doing anything illegal themselves. However, the abuse of their tools and tech infrastructure at scam compounds in Myanmar, as documented by the AP and “FRONTLINE,” raises questions about how vigorously they are enforcing their own terms of service, which prohibit illegal activity and, in many cases, explicitly ban fraud.
Among the AP’s findings:
- American-made AI models — chiefly ChatGPT and Gemini — have been used to build specialized software that allows scammers to seamlessly work across dozens of languages, surveil workers and target victims around the world, the investigation found with the help of C4ADS, a Washington-based nonprofit focused on global security. Scammers who purchased these tools took in tens of millions of dollars, according to blockchain analysis by TRM Labs at the request of AP/”FRONTLINE.”
- A sophisticated, global internet infrastructure supports Myanmar’s scam compound economy, which relies on services from Cogent Communications, AT&T, DigitalOcean and Oracle, among others. One in five signals from devices at four scam compounds linked to sanctioned entities in Myanmar was carried by a U.S.-registered company, according to an AP analysis of more than 200,000 device connections provided by International Justice Mission, an anti-trafficking nonprofit.
-
- Elon Musk’ s satellite internet company, Starlink, is the number one internet service provider in Myanmar, including to scam centers, according to device data, public records and interviews — despite public pressure from Congress and a widely publicized crackdown last fall.
- At least 25 new scam compounds have been built deep inside Myanmar since a high-profile crackdown along the Thai border last fall, new satellite imagery shows. Scammers from at least 13 of these outposts used Starlink IP addresses to get online between early March and the end of May, an AP analysis of device and satellite data from International Justice Mission shows.
- The AP/”FRONTLINE” investigation was based on tens of thousands of leaked scam center files, videos and photos; an analysis with C4ADS of misuse of AI at scam centers; an examination of more than 200,000 connections made by devices over a year at four scam compounds in Myanmar linked to entities sanctioned by the U.S. government; and interviews with 58 scam victims and three dozen current and former scammers from 19 countries.Cybersecurity experts say internet service providers, AI companies and Starlink could do more to prevent the abuse by scammers — but lack the legal, regulatory and business incentives.
“If there’s no disincentive to continuing this, if there’s no cost to actually facilitating scamming, then why would I spend a dollar to prevent scamming?” said Sascha Meinrath, the Palmer chair in telecommunications at Penn State University. “This is the problem. It’s identifiable, it’s addressable — at least somewhat — but it costs something. And right now the cost of facilitating scamming is zero.”
Outside the United States, that cost is starting to rise. The United Kingdom, the European Union, Australia and Singapore have introduced new regulations that require companies to do more to prevent scams — or face financial penalties.
Meanwhile, in Washington, lawmakers and government officials have been asking American tech companies to cooperate to cut scammers off from U.S. infrastructure, but on a voluntary basis.
