China Has its Sights Set on Scammers, Just Not Those Targeting Americans
None
<p><span data-contrast="none">China may be trying to stem the tide of scams coming out of Southeast Asia, but it seems the country is doing so selectively, focusing primarily on those that affect their citizens but not the ones that target Americans.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">That’s a failing that has “led </span><span data-contrast="none">to a wave of scam center ‘alumni’ setting up shop in China,” according to a </span><a href="https://www.uscc.gov/research/protecting-americans-china-linked-scam-centers-update-emerging-trends" target="_blank" rel="noopener"><span data-contrast="none">report from the U.S.-China Economic and Security Review Commission</span></a><span data-contrast="none">. </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">The commission notes that “in 2024, Chinese authorities prosecuted approximately 78,000 people for online fraud—a 54% increase over the previous year.”</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">It’s difficult not to see China’s selective approach as anything but political, and there is some truth to that. The report says as much. </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">But it is also true that the flood of scams is too great for the country—or any country—to dam. And despite publishing a list of 100 high-level criminals wanted for scams that targeted Chinese citizens and offering a reward for information, the country is failing to stem the tide. Though the efforts did help China snare notorious scam “kingpin” Chen Zhi, who was indicted by the U.S., after the “most wanted” list and reward were posted, Chinese officials were able to get him extradited from Cambodia. “</span><span data-contrast="none">However, Beijing continues to turn a blind eye to criminal activity targeting foreigners,” the report said.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">That troubles American authorities, who saw American losses from Chinese criminal group-operated industrial-scale scam centers top $10 billion in 2024. So the U.S. government has taken matters into its own hands, sanctioning criminal leaders and creating an Interagency Scam Center Strike Force. But even that can’t pull authorities ahead of the scammers who “are embracing advanced technologies and exploiting cryptocurrency to launder stolen assets across national borders with virtual impunity,” the report said.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">And of course, AI is making it easier for the cybercriminals, who are using it to scale operations, boost the sophistication of scams, and evade tried and true detection methods. </span><span data-contrast="none">These AI-powered scams, the report found, make it difficult for even the most discerning potential victims to distinguish fact from fraud.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">Noting that “Chinese-nexus cyber activity has evolved in four phases over the past two decades,” </span><a href="https://www.darktrace.com/es/blog/how-chinese-nexus-cyber-operations-have-evolved-and-what-it-means-for-cyber-risk-and-resilience" target="_blank" rel="noopener"><span data-contrast="none">research from Darktrace</span></a><span data-contrast="none"> shows today it is “defined by scale, operational restraint, and persistence.”</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">While “attackers are establishing access, evaluating its strategic value, and maintaining it over time,” the research finds “a broader shift: cyber operations are increasingly integrated into long-term economic and geopolitical strategies. Access to digital environments, specifically those tied to critical national infrastructure, supply chains, and advanced technology, has become a form of strategic leverage for the long-term.” </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">Trey Ford, chief strategy and trust officer at Bugcrowd, says China “has built a proof of concept for adversarial industrialization: Scripted social engineering at scale, multilingual workforce expansion, and money laundering infrastructure embedded in legitimate financial systems.” </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">And that can’t be stopped by a configuration change. “What stops it is continuous human intelligence, behavioral detection at the transaction layer, and law enforcement cooperation that doesn’t depend on one actor’s domestic political incentives,” he says.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">Nathaniel Jones, vice president, security and AI strategy and field CISO at Darktrace, says the company’s </span><a href="https://www.darktrace.com/es/blog/how-chinese-nexus-cyber-operations-have-evolved-and-what-it-means-for-cyber-risk-and-resilience" target="_blank" rel="noopener"><span data-contrast="none">recent research</span></a><span data-contrast="none"> shows that Chinese-nexus activity follows two operational models–“smash and grab” and low and slow. The former “are short-horizon intrusions optimized for speed. Attackers move quickly – often exfiltrating data within 48 hours – and prioritize scale over stealth. The median duration of these compromises is around 10 days. It’s clear they are willing to risk detection for short-term gain,” he says. </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">The latter operations were less prevalent in Darktrace’s dataset, “but potentially more consequential,” with attackers prioritizing “persistence, establishing durable access through identity systems and legitimate administrative tools, so they can maintain access undetected for months or even years.”</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">The scams most dangerous to U.S. citizens are “pig-butchering (investment fraud layered on manufactured romantic trust) and crypto investment fraud, says Ford.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">But “China isn’t targeting those because the incentive structure doesn’t require it,” he explains. </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">“As one U.S.-China Economic and Security Review Commission member put it at a Senate hearing, Beijing has ‘selectively’ cracked down, “largely turning a blind eye to scam centers victimizing foreigners,” with the result that Chinese criminal syndicates have been incentivized to shift toward targeting Americans,” says Ford. “Framed differently: this is not ambivalence, it is a rational enforcement strategy calibrated to domestic political risk.”</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">While the U.S. government has taken some action, “what hasn’t happened is sustained diplomatic pressure that changes Beijing’s incentive calculation,” he says, explaining that “targeted sanctions and individual indictments do not alter the underlying governance structure that makes these operations viable.” </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">Because the U.S. leverage on China in this domain “is constrained by the same geopolitical dynamics shaping every other bilateral conversation,” Ford says, “organizations should not plan around a near-term diplomatic fix.”</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none"> Instead, he says, they should:</span><span data-ccp-props='{"335557856":16777215}'> </span></p><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="1" data-aria-level="1"><span data-contrast="none">Treat social engineering as an infrastructure problem, not a training problem. Pig-butchering attacks operate over weeks or months, building trust before any financial ask appears. Annual phishing awareness sessions don’t address that threat model.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559685":945,"335559739":0,"335559740":240}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="2" data-aria-level="1"><span data-contrast="none">Harden the financial transaction layer specifically. The terminal event in almost every investment fraud scheme is a wire transfer or crypto send that could have been interrupted with verification controls.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559685":945,"335559739":0,"335559740":240}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="3" data-aria-level="1"><span data-contrast="none">Brief employees on the specific mechanics: manufactured relationship, engineered urgency and off-platform movement to private apps. The playbook is consistent. Recognizing the pattern is the control. Most corporate trainings don’t go far enough in training how to detect these patterns.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559685":945,"335559739":0,"335559740":240}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="4" data-aria-level="1"><span data-contrast="none">For executive and high-net-worth individuals, the personal and professional attack surfaces are no longer separate. These scams increasingly target people in their personal lives to create leverage or access in their professional ones.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559685":945,"335559739":0,"335559740":240}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="5" data-aria-level="1"><span data-contrast="none">Consider continuous third-party validation of your organization’s social engineering exposure, not self-assessed controls – there is scale economy in terms of diversity of perspective, keeping content fresh, and making all of this more effective.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559685":945,"335559739":0,"335559740":240}'> </span></li></ul><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/china-has-its-sights-set-on-scammers-just-not-those-targeting-americans/" data-a2a-title="China Has its Sights Set on Scammers, Just Not Those Targeting Americans "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fchina-has-its-sights-set-on-scammers-just-not-those-targeting-americans%2F&linkname=China%20Has%20its%20Sights%20Set%20on%20Scammers%2C%20Just%20Not%20Those%20Targeting%20Americans%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fchina-has-its-sights-set-on-scammers-just-not-those-targeting-americans%2F&linkname=China%20Has%20its%20Sights%20Set%20on%20Scammers%2C%20Just%20Not%20Those%20Targeting%20Americans%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fchina-has-its-sights-set-on-scammers-just-not-those-targeting-americans%2F&linkname=China%20Has%20its%20Sights%20Set%20on%20Scammers%2C%20Just%20Not%20Those%20Targeting%20Americans%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fchina-has-its-sights-set-on-scammers-just-not-those-targeting-americans%2F&linkname=China%20Has%20its%20Sights%20Set%20on%20Scammers%2C%20Just%20Not%20Those%20Targeting%20Americans%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fchina-has-its-sights-set-on-scammers-just-not-those-targeting-americans%2F&linkname=China%20Has%20its%20Sights%20Set%20on%20Scammers%2C%20Just%20Not%20Those%20Targeting%20Americans%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>