As digital adoption accelerates across Southeast Asia, Cambodia, Laos, and Brunei are witnessing a surge in scams and online fraud incidents, each shaped by unique national contexts. In Cambodia, the digital economy is expanding rapidly, with 67.5% internet penetration and users spending over 3.5 hours online daily. In the first half of 2024 alone, online fraud led to losses exceeding USD 40 million. Laos, while having a more modest digital footprint (66.2% internet penetration, 2 hours average daily use), has also experienced rising scam activity, prompting enforcement and cross-border action. Brunei, with near-universal internet penetration (99%), reported USD 2.3 million in losses in 2023 and has proactively implemented institutional responses.

Despite varying levels of digital maturity, the three countries face similar challenges: fraudulent websites, social engineering tactics, mobile-based phishing, and fake promotional campaigns. These growing threats underscore the need for regional coordination, particularly as scams transcend borders and exploit platform vulnerabilities.

Participants 

1. Tina Lim Keasberry, Assistant Chief Executive, Market Regulation Group, Authority of Info-communications and Technology Industry of Brunei Darussalam (AITI)
2. Siti Zaraura Binti Haji Mohammad, Senior Manager, Consumer, Standards & Postal, Market Regulation Group, Authority of Info-communications and Technology Industry of Brunei Darussalam (AITI)
3. Nurhayati Binti Haji Mokim, Acting Senior Manager, Legal and Enforcement Unit, Authority of Info-communications and Technology Industry of Brunei Darussalam (AITI)
4. Nur Syamimi Binti Suhaimi, Manager, Content Regulation, Market Regulation Group, Authority of Info-communications and Technology Industry of Brunei Darussalam (AITI)
5. Kikeo Vorlavongsa, Deputy Director General of Competition Division, Ministry of Industry and Commerce, Lao PDR
6. Bounphama Vongkhamzao, Technical Officer at Division of Competition, Ministry of Industry and Commerce, Lao PDR
7. Pheng Vilaysack, Technical Officer of Consumer Protection Division, Ministry of Industry and Commerce, Lao PDR
8. Bounphieng Pheuaphetlangsy, Deputy Director, Division of Strategic and International Studies, Institute of Foreign Affairs
9. Vongvilai Inthasanh, Acting director of the Incident Response Team Division, Ministry of Technology and Communication
10. Kokkee Keosinthavone, Lao Computer Emergency Response Team Division, Ministry of Technology and Communication
11. Dr. Riccardo Corrado, Vice-Chairman, Italian Business Chamber Cambodia
12. H.E. Siriwat Chhem, Co-founder and President, AI Forum
13. Im Sothy, Executive Director, Youth Council of Cambodia 
14. Munny Thuon, Regional Project Officer for Southeast Asia, CORD Global
15. Dr. Bradley Jensen Murg, Senior Advisor, Cambodian Institute for Cooperation & Peace (CICP)
16. Say Puthy, Project Director, Cambodian Institute for Cooperation & Peace (CICP)
17. Dr Hafezali Bin Iqbal Hussain, Assistant Professor, University of Brunei Darussalam
18. Shamini Priya, Senior Policy Analyst, Singapore Institute of International Affairs

Key Takeaways

1. Complex Scam Tactics Demand Multifaceted Responses

Scams across Cambodia, Laos and Brunei are no longer isolated deceptions but increasingly sophisticated operations that combine social engineering with technical exploitation. Participants emphasised that scammers are targeting human behaviour and trust while deploying advanced methods to bypass conventional defences.

In Cambodia, two prominent scam types were discussed. The first involved Telegram-based social engineering, where victims were misled into sharing two-factor authentication codes. Scammers posed as acquaintances in need of help accessing their accounts, but the shared code enabled access to the victim’s own Telegram account. 

The second case concerned the use of mobile antenna spoofing, in which scammers deployed portable devices that imitated legitimate telecommunications signals. Victims’ mobile phones automatically connected to these counterfeit antennas, enabling the delivery of phishing messages. This exploitation of physical infrastructure to facilitate fraud represents a disturbing advancement in the methods employed by scammers.

In addition, Laos shared two common scams that demonstrate both technical reach and behavioural manipulation. The first was a gift scam through messaging platforms such as WhatsApp. Victims were informed they had won a prize but were required to pay a small fee to claim it. After providing payment and personal data, many saw their bank accounts emptied. 

The second involved a fake airline prize call impersonating “Lao Airlines,” where victims were told they had won free travel or cash. A follow-up link captured their personal and banking details, enabling unauthorised transactions. In one case, a domestic bank account used to collect the stolen funds was eventually frozen following investigation.

In Brunei, the focus was on romance scams, where foreign scammers targeted senior women by building emotional trust. These scams involved grooming tactics, where victims were gradually convinced to transfer significant sums of money. The cases highlighted Brunei’s enforcement response, which successfully led to arrests, but also exposed the vulnerabilities that emotional manipulation can exploit.

These examples underscore the urgent need for a comprehensive response strategy that combines technological safeguards, community education and behavioural awareness. Countermeasures must address the evolving sophistication of scams and support citizens in recognising and responding to both emotional and technical forms of deception.

2. Building Institutional Trust through Coordination and Community Engagement

Effective scam resilience requires both strong institutional coordination and community level awareness and commitment. Across Cambodia, Laos and Brunei, participants highlighted the limitations caused by fragmented or siloed national responses. In Brunei, the police take the lead in scam-related investigations, with support from the national telecom regulator. Laos has established cyber incident response teams under the Ministry of Technology and Communications, while Cambodia relies on cooperation between regulators and law enforcement. 

However, each country acknowledged the need for clearer referral systems, standardised operating procedures across agencies, and improved digital threat intelligence platforms. Stakeholders from Brunei pointed out the effectiveness of Singapore’s Anti-Scam Command (ASCom) and Scamshield which should be emulated by ASEAN member states. Beyond institutional structures, the discussions underscored the human impact of scams and the resulting erosion of public trust in digital systems. Cambodian participants shared how scam incidents led small business owners to abandon digital platforms altogether.

Participants recommended integrated approaches that connect institutional capabilities with grassroots outreach. Representatives from Laos suggested training local “scam watchers” within communities to act as the first line of defence and embedding scam awareness into digital literacy programmes. When institutional coordination is aligned with community engagement, it can create a more resilient ecosystem where citizens feel protected and informed.

3. Advancing Regional Collaboration through Intelligence and Infrastructure Solutions

Participants reiterated that regional cooperation must extend beyond basic information exchange to include shared tools, joint strategies, and scalable technological solutions. The transnational nature of scam operations, often involving foreign-based scam centres, demands an ASEAN-level response that is both coordinated and proactive.

There was strong support for establishing joint investigation protocols, a region-wide alert system, and a shared scam information database to ensure interoperability across borders. Participants also proposed a unified scam reporting framework, which would allow faster escalation and reduce enforcement gaps between countries.

Beyond procedural coordination, several practical and actionable tools were discussed. In the Cambodian context, participants introduced the concept of federated learning models to detect scam patterns across telecommunications providers. These models enable the collaborative training of machine learning systems without exposing raw user data, thereby respecting privacy while improving detection of anomalies such as phishing and spoofing activity. This approach allows for collective threat intelligence across providers without compromising national data management policies.

Cambodia also raised the use of mobile antenna detection systems. These tools help telecom regulators identify rogue signal emitters that impersonate legitimate networks. Deploying such technology as part of urban cybersecurity patrols or public infrastructure safety programs could serve as an early warning system against technical fraud.

Together, these proposals reflect a comprehensive view of regional collaboration. They combine shared cross border protocols, advanced detection technologies and empowered local communities to form a unified and responsive ASEAN approach to scam and fraud prevention.