Highly organized cyber fraud in South East Asia is widely run from so-called scam compounds: purpose-built or modified buildings that meet the precise requirements of this criminal industry. These compounds provide crucial infrastructure for online scams, fraud and other forms of cybercrime, housing hundreds, and sometimes thousands, of people, many of whom are held captive and forced to cheat or extort victims around the world.

Often following a similar blueprint, scam compounds sit at the epicentre of a global criminal industry. While previous research has focused on criminal groups, financial architecture and digital infrastructure, far less attention has been paid to the industries and suppliers that interact directly with these sites during their development. Many of these actors are not necessarily criminal in themselves, yet their activities are instrumental in keeping the scam industry alive.

This policy brief is the first in a two-part series that examines the role of private sector industries supplying cyber scam operations. In this first part, we focus on the pre-operational phase of cyber scam compounds, making it particularly relevant to private investors, multilateral development banks, developers, real estate companies and construction contractors. It examines how these actors may contribute to, facilitate, or be exposed to criminally funded or criminally contaminated development projects that later host cyber scam operations.

Drawing on extensive field research conducted between 2023 and 2025 in Cambodia, Laos and Thailand (at the border with Myanmar), the report documents how scam compound hubs frequently follow the same development trajectory. This repetition means potential partners can identify warning signs early, when it is still possible to distance themselves from criminal exposure.

The report outlines a spectrum of complicity among private-sector actors, ranging from companies that are unaware of how their activities benefit scam operations to those that are actively complicit. It highlights how developers and contractors involved in large-scale projects that later house scam compounds sometimes have documented histories of criminal activity or exposure that can be uncovered through rigorous background checks.

This report provides practical guidance for companies seeking to avoid entering commercial relationships with cyber scam operators. It emphasizes the importance of strengthened know your customer procedures, enhanced due diligence and background checks, and early identification of red flags that signal heightened risk.

The second policy brief will be published in early 2026 andfocus on how companies supplying or partnering with existing developments can recognize red flags and respond appropriately.