Top storiesNew ZealandPoliticsBusinessEntertainmentSportsWorld

Four days to make victims fall in love: How global scammers use US tech to fleece people

Sunday, 5 July 2026

Safeer Mohammed Koorimannil, who was trafficked into scamming, looks out from the window of his CM Fisheries office before starting the day, in Sulthan Bathery in the southern state of Kerala, India, in March.
Safeer Mohammed Koorimannil, who was trafficked into scamming, looks out from the window of his CM Fisheries office before starting the day, in Sulthan Bathery in the southern state of Kerala, India, in March.

The instructions were clear: He had four days to make each victim fall in love.

And there were a lot of victims. Online, Safeer Mohammed Koorimannil, who was trafficked to a scam center in Myanmar, impersonated a 28-year-old Singaporean woman named Ella. On a typical shift, he said, he chatted with more than 100 people across dozens of profiles at the same time, as supervisors prowled among the desks with electric batons.

In just a month, Koorimannil targeted some 50,000 victims from at least 17 countries, according to records he smuggled out to The Associated Press. His “clients” included a widowed tailor in Kurdistan, a pastry chef in Turkey, a sheep farmer in Kyrgyzstan, soldiers in Iraq, an engineer in Russia, a building painter in Germany, a port officer in Argentina, a student in Indonesia, a security guard in Poland and a dairy farmer in the Republic of Georgia. And he did it using software built with artificial intelligence models from American tech companies that scammers are abusing to target victims at unprecedented speed and scale.

“Everyone is a robot there,” he told AP from his home in southern India in his native Malayalam language.

Technology from American companies is being used to power a revolution in the scam industry, playing a key role in the industrialisation and globalisation of fraud in ways that have not been clear until now, an AP/Frontline investigation has found. Watchdogs say these companies have the technical capacity to do more to protect against abuse but lack the legal, regulatory and business incentives to crack down on a crime the US Federal Trade Commission estimates costs billions.

While most public scrutiny of the technology that fuels scams has focused on the social media platforms victims see, the infrastructure exploited to commit fraud begins much farther upstream, the investigation showed. American technology is present all along the digital supply chains that connect scammers with the scammed, from AI models baked into powerful new tools to optimise workflow and create more perfect fakes, to satellite dishes that enable scammers to evade internet crackdowns, to internet service providers that carry traffic from the lawless borderlands of Myanmar to the phones and computers of millions of victims.

The AP found no evidence to suggest these companies were doing anything illegal themselves. However, the abuse of their tools and tech infrastructure at scam compounds in Myanmar, as documented by the AP and Frontline, raises questions about how vigorously they are enforcing their own terms of service, which prohibit illegal activity and, in many cases, explicitly ban fraud.

Among the AP’s findings:

— American-made AI models — chiefly ChatGPT and Gemini — have been used to build specialised software that allows scammers to seamlessly work across dozens of languages, surveil workers and target victims around the world, the investigation found with the help of C4ADS, a Washington-based non-profit focused on global security.

— A sophisticated, global internet infrastructure supports Myanmar’s scam compound economy, which relies on services from AT&T, DigitalOcean and Oracle, among others. One in five signals from devices at four scam compounds linked to sanctioned entities in Myanmar was carried by a US-registered company.

— Elon Musk’ s satellite internet company, Starlink, is the number one internet service provider in Myanmar, including to scam centres, according to device data, public records and interviews — despite public pressure from Congress and a widely publicised crackdown last fall.

— At least 25 new scam compounds have been built inside Myanmar since a high-profile crackdown along the Thai border last fall, at least 13 of these outposts used Starlink IP addresses to get online between early March and the end of May, an AP analysis of device and satellite data from International Justice Mission shows.

The AP/Frontline investigation was based on tens of thousands of leaked scam centre files, videos and photos; an analysis of misuse of AI at scam centres; an examination of more than 200,000 connections made by devices over a year at four scam compounds in Myanmar linked to entities sanctioned by the US government; and interviews with 58 scam victims and three dozen current and former scammers from 19 countries.

Cybersecurity experts say internet service providers, AI companies and Starlink could do more to prevent the abuse by scammers — but lack the legal, regulatory and business incentives.

Sascha Meinrath, the Palmer chair in telecommunications at Penn State University, said the problem was “identifiable, it’s addressable — at least somewhat — but it costs something. And right now the cost of facilitating scamming is zero.”

Outside the United States, that cost is starting to rise. The United Kingdom, the European Union, Australia and Singapore have introduced new regulations that require companies to do more to prevent scams — or face financial penalties.

Meanwhile, in Washington, lawmakers and government officials have been asking American tech companies to cooperate to cut scammers off from US infrastructure, but on a voluntary basis.

People from China, Vietnam and Ethiopia, believed to have been trafficked and forced to work in scam centres, sit with their faces masked while in detention after being released from the centres in Myawaddy district in eastern Myanmar, in February 2025.
People from China, Vietnam and Ethiopia, believed to have been trafficked and forced to work in scam centres, sit with their faces masked while in detention after being released from the centres in Myawaddy district in eastern Myanmar, in February 2025.

In November, District of Columbia US Attorney Jeanine Pirro created the Scam Centre Strike Force to target scam compounds, working with Meta, SpaceX, Google and others to disrupt more than 1.4 million social media and email accounts, interrupt malicious IP address traffic, seize satellite internet terminals and decommission servers and hosting infrastructure linked to Southeast Asian scam networks.

“We will not allow criminal organisations to weaponise our own infrastructure against us or devastate the life savings of hardworking families,” Pirro said in an email to AP.

OpenAI and Google both said they have robust programs in place to proactively disrupt scammers from abusing their tools. Starlink did not respond to detailed requests for comment.

Internet service providers emphasised that they can’t see the content their networks carry or what end users are doing online — privacy by design that constrains their ability to monitor for abuse. All said they respond to valid abuse reports and cooperate with law enforcement. None would disclose specific customer information, citing privacy rules, but several said they had taken concrete action in response to AP’s reporting.

Oracle said it was “diligently working with law enforcement” on the material shared by AP. OpenAI said that based on the information AP shared, it identified and banned three accounts that had been using its models to support online scams.

OpenAI CEO Sam Altman has likened artificial intelligence to a utility, akin to electricity or water. But unlike water utilities, tech and telecom companies in the United States are generally not responsible for proactively ensuring the safety of the content they carry.

Some people believe that should change.

“This has to be like clean water,” said Matthew Moynahan, the CEO of GetReal Security, a cybersecurity firm. “Anything coming out of the tap for an end user, whether that tap is a PC, a browser somewhere, or your mobile phone, dirty water shouldn’t get to you. This is what this is.”

Almost Automated: American AI abused for industrial-scale scamming in SE Asia

The use of AI in scams is exploding so fast that many in the cybersecurity community fear fully-automated scams run by AI agents will soon become commonplace.

Already, the basic AI-powered tools Koorimannil used required scant human intervention. His job was to cut and paste responses from scripts his scam bosses generated.

Safeer Mohammed Koorimannil, right, leans on the shoulder of his brother, Jouhar Babu, while working at their CM Fisheries office in Sulthan Bathery in the southern state of Kerala, India.
Safeer Mohammed Koorimannil, right, leans on the shoulder of his brother, Jouhar Babu, while working at their CM Fisheries office in Sulthan Bathery in the southern state of Kerala, India.

Koorimannil and his best friend had answered an ad online for jobs encouraging tourism to Thailand. From the airport in Bangkok, however, a waiting black car sped them to the border with Myanmar, he said, and the next morning armed men escorted them across the Moei River to Tai Chang, a scam compound the US government sanctioned last year.

Koorimannil managed to sneak out a screenshot from his computer that AP and security nonprofit C4ADS used to identify the key to his productivity — a software platform called Kongtian Intelligent Customer Acquisition, or KT for short.

AP also identified a similar suite of software, called Global Social Traffic Navigation, or 007TG, described by a former scammer as a “one-stop shop” for running scams at industrial scale.

KT and 007TG are part of a thriving grey market for tech that has both legitimate and illegitimate uses and is widely exploited by scammers. KT and 007TG were created by for-profit businesses using AI models from leading global companies and sold to scammers — who in turn generated tens of millions of dollars in illicit profits.

OpenAI’s ChatGPT played the most prominent role, along with Google’s Gemini, though the software incorporated other AI models as well, including from Europe and China. Both KT and 007TG used ChatGPT and Gemini to generate automated replies, power a role-play chatbot, which scammers could use to develop convincing characters, and embed real-time translation in over 100 languages, C4ADS found. KT and 007TG software also tracked the performance of workers — to devastating effect, in Koorimannil’s case.

He was beaten for being bad at scamming people, leaving his body red and swollen with lashes, photographs show.

“When they came near my computer, my hands would shake and sweat,” Koorimannil told AP.

At night, he said, he and his best friend curled in the same narrow bunk, too frightened to sleep alone.

Blockchain analysis shows how powerful these tools can be. Cryptocurrency transactions are recorded on an indelible public ledger, or blockchain, which can be analysed to show the pattern and volume of cryptocurrency transactions. TRM Labs found that a single crypto wallet used by 007TG received $860,000 in payments between April 2024 and December 2025 — including transfers from at least four cryptocurrency wallets associated with known scam networks. Those scammers, in turn, raked in at least $75 million.

Stopping AI abuses at scale is challenging because scammers often use ChatGPT the same way hundreds of millions of other people do — to translate, help write messages, create content and do basic research. The intimacy, financial pressure and manipulative language in romance scams, for example, may be hard to distinguish from genuine users seeking help with a divorce. And tools like KT and 007TG can have legitimate uses, especially for Chinese businesses seeking to expand overseas.

But by tracking user behaviour over time to surface patterns of deception and manipulation, OpenAI said it detects scams with 95% accuracy and takes down 100,000 scam accounts each month. The company said it has also independently disrupted service to scam networks operating from Cambodia, Myanmar and Nigeria.

But the tools can also be used to fight back. OpenAI said people use ChatGPT millions of times a month to identify and avoid scams — up to three times more often, the company estimates, than the model is abused by scammers. With the Global Anti-Scam Alliance, OpenAI recently launched scam.org, which helps users assess the risk they are being targeted by scammers.

Chris Colocousis holds up a screenshot of the fake app where he invested his savings showing his account had more than doubled to nearly $826,000 as part of a scam in which he says he lost $400,000 at his home in Raynham, Massachusetts.
Chris Colocousis holds up a screenshot of the fake app where he invested his savings showing his account had more than doubled to nearly $826,000 as part of a scam in which he says he lost $400,000 at his home in Raynham, Massachusetts.

Google did not respond to specific questions, but said the company is “committed to developing AI responsibly” and engineers its models with safety guardrails to filter out content that promotes scams. Neither 007TG nor KT responded to requests for comment.

In the end, through a connection in Bahrain, Koorimannil and his friend found a broker who oversaw ransom payments for 21 Indians from their compound, he said.

They each had to pay 500,000 Indian rupees (NZ$9,323) for their freedom.

Missed signals: US internet service providers play outsized role in carrying scam center traffic

It took a long time for Chris Colocousis to understand the extent to which scammers around the world use American technology to prey on people like him. At first, all he saw was that the woman who reached out to him on Facebook had a New York phone number — not too far away from his home in Massachusetts — and said she worked at a well-known financial firm in Atlanta.

“Eliza” suggested a video call. And there she was — the same blond beauty as in her Facebook photos. She even had little bags under her eyes. She was too real not to be real.

Now Colocousis, a divorced man in his 60s, has no idea where “Eliza” really is, whether he was talking with her or with ChatGPT — and even if she’s a she. He does know that the $400,000 he says he “invested” under Eliza’s guidance is now gone.

“You just feel like your whole world fell apart,” he said. “I’m thinking about all this time that I invested into reaching a point where I could retire at a certain age — and it’s just gone.”

Each step of a fraud is a digital signal, said John Breyault, vice president of public policy, telecommunications and fraud at the nonprofit National Consumers League. And internet service providers are the network on which many of these services ride.

“The ISPs are in a particularly critical place in this chain,” he said.

Internet service providers have access to a trove of data that could be used to minimise illicit activity, but doing so requires significant investment, cybersecurity analysts say.

“The policy in much of the hosting world tends to be, we will take action after the fact,” said Dan Winchester, co-founder of Scamalytics, a fraud prevention company. “That’s not really very effective. What you need to be doing is proactively stopping fraud on your servers.”

Colocousis is still so shaken by a scam that took his retirement savings that he sometimes has trouble leaving his house.
Colocousis is still so shaken by a scam that took his retirement savings that he sometimes has trouble leaving his house.

In many cases, scammers in Myanmar routed their internet connections through US-based cloud services to hide where they were really located before connecting to major platforms — chiefly Meta, which owns Facebook, Instagram and WhatsApp, according to Kentik, a network monitoring firm in San Francisco. That makes it easier for scammers to appear to be somewhere else and slip past platform safety checks.

Meta said that kind of deliberate evasion is why collaboration — with law enforcement and across industry, including connectivity and technology companies — is key to disrupting bad actors at scale.

“Scammers are determined criminals who use increasingly sophisticated tactics to defraud people and evade detection on our platforms and across the internet,” it said in a statement. By analysing behavioural patterns of users, Meta said it has been able to disrupt millions of accounts tied to scam centres across Southeast Asia and the United Arab Emirates.

Colocousis said people who think scam victims like him are gullible idiots don’t understand the sophistication of criminal organizations behind online fraud.

On Jan. 25, 2025, Colocousis laid out $80,000 cash in neat rows on his table, just as the customer service representative at his crypto trading app had instructed. Eliza had told him if he just paid this last bit, he could unlock his funds and withdraw all his money.

“I will tell you that I feel a little uneasy but I know you keep telling me it’s ok,” he messaged her. She responded instantly with a string of kiss emoji.

The next morning a young man trudged across a thin layer of snow to his doorstep. Once inside, the man — who said his name was Vincent — told Colocousis to put the stacks of $50 and $100 bills in a plastic shopping bag. Vincent sent a message and the money instantly appeared in the fraudulent crypto trading account Eliza had helped Colocousis open, he said.

In this image provided by the Myanmar military in October 2025, soldiers stand next to Starlink satellite internet devices from the KK Park scam compound in Myawaddy township, Karen State, Myanmar.
In this image provided by the Myanmar military in October 2025, soldiers stand next to Starlink satellite internet devices from the KK Park scam compound in Myawaddy township, Karen State, Myanmar.

Vincent left with a big smile and a quick, amiable wave. “See you next time,” he said. “Maybe. OK. Bye-bye.”

Colocousis believes American tech companies should do more to protect people like him. He is still so shaken that he says he sometimes has trouble leaving his house.

“I’m all for capitalism, but when it’s totally ruining people’s lives, people that have worked their whole life towards a goal so that they don’t have to work anymore, only to have it just ripped out of their chest — you know, something’s wrong.”

Starlink is the most used in Myanmar, including by scammers

Today, Musk’s Starlink satellite service is the most widely used internet provider in Myanmar, including at known scam compounds, AP found — despite an ongoing congressional investigation, a November order from a US court to seize Starlink accounts from specific Myanmar scam compounds and announcements, in October and June, that Starlink had cut service to thousands of units around scam centers.

In this image provided by Ebisa, an engineer from Ethiopia, he is seen after a severe beating that left him blind in one eye at the Deko Park scam center in Myanmar where he said he was constantly punished - beaten, shocked, detained and forced to exercise for hours at a time - for failing to meet impossible performance goals.
In this image provided by Ebisa, an engineer from Ethiopia, he is seen after a severe beating that left him blind in one eye at the Deko Park scam center in Myanmar where he said he was constantly punished - beaten, shocked, detained and forced to exercise for hours at a time - for failing to meet impossible performance goals.

Sen. Maggie Hassan, a New Hampshire Democrat who is leading a bipartisan congressional investigation into the role Starlink and other companies play in the surging losses of scam victims in America, has pressed SpaceX for details on Starlink’s role in transnational fraud and urged the company to do more to prevent the criminal misuse of its devices.

“Given that SpaceX’s Starlink is the first choice of satellite internet technology for many scammers, cutting off scammers’ access to Starlink is a key way to prevent scams at the source,” she said in an email to the AP.

To be sure, Starlink has been a lifeline for schools, humanitarian groups, hospitals, media and more in Myanmar, according to Amnesty International and others. But data from the Asia Pacific Network Information Center (APNIC), the regional internet registry, indicates that scammers represent a disproportionate share of its user base.

Myanmar has become a haven for industrial-scale scam compounds, which have drafted some 300,000 people from dozens of countries, often against their will, according to the United Nations. One of those compounds is Deko Park, a conglomeration of big, blue-roofed buildings dotted with white satellite dishes near the Thai border.

Data from a sample of devices at Deko Park, provided by International Justice Mission, shows Starlink among the top internet service providers in use from Dec. 10, 2025, to Jan. 6, 2026, just after two regional telecom companies.

An Ethiopian engineer named Ebisa told AP he used Starlink at Deko Park from December 2024 through December 2025, when he managed to escape. He asked AP to only publish his first name. Ebisa’s job was to collect the WhatsApp numbers of rich, vulnerable men. He said he was constantly punished — beaten, shocked, detained and forced to exercise for hours at a time — for failing to meet impossible performance goals.

One day, he said, he got fed up and tried to evade a beating. He didn’t get very far. He said the security guards at Deko Park beat him so badly he was blinded in one eye. Photographs show his eye injuries and AP spoke with an NGO who helped him seek medical care in Thailand.

“It was hard to survive,” he told AP. “Finally, God helped us out from that hell.”

Speaking from a shelter for human trafficking victims in Thailand in December, he said he wanted to get his eye fixed before going home because his mother’s health is fragile and he worried the sight of his injury might kill her.

“It’s very shameful,” he said. “If God helps me, if I get medication, maybe I can get back my eye.”

He told AP later from his home in Ethiopia that doctors had informed him they could not save his eye. “It's been a tough reality to face,” he said. “They told me that it's too late to bring back my sight.”