When a fraudster sends a message to their next target, they are hoping for a specific outcome: a reply, a conversation and eventually a payment. On the surface, the scam can look simple - just another phishing attempt or romance fraud scheme.
That simplicity is the point. Scam compound operators want businesses to focus on the message, not the system behind it.
Often, the person sending the message is one small part of a wider cybercrime machine run by transnational organized crime groups. Behind a single fraudulent payment is a network of coercion and infrastructure: trafficked workers forced to target victims for 12 to 16 hours a day, digital tooling designed to evade common security controls and payment routes that disappear into money laundering networks.
Across Cambodia, Laos, Myanmar and Thailand, scam compounds have evolved into industrialized fraud. These operations are well-funded, technologically supported and, in many cases, protected by corruption and uneven enforcement.
To reduce the flow of money into these networks, finance leaders need to zoom out. The risk is not only a scammer behind a keyboard. It is the payment fraud infrastructure that makes scam compounds scalable.
What is driving scam compound economics
Scam compound operators do not work in isolation. Their success relies on a wider network of businesses, platforms and digital assets that help them recruit, control and get paid.
As investigators and journalists have peeled back layers of Southeast Asia cybercrime rings, one name has surfaced repeatedly: Huione Group.
Huione Group: a legitimate front with illicit gravity
Huione Group is a Cambodia-based financial conglomerate with a legitimate footprint, including consumer payment services. Investigations and enforcement actions have alleged it has also played an enabling role in laundering and facilitating fraud-linked flows. For example, the U.S. Financial Crimes Enforcement Network (FinCEN) issued a final rule to sever Huione Group from the U.S. financial system, describing it as a key node for laundering and criminal activity tied to cyber-enabled fraud. Read FinCEN's final rule summary on Huione Group.
Crypto-tracing firm Elliptic has reported that a Huione-linked escrow marketplace (often referred to as Huione Guarantee) has facilitated more than $27 billion in transactions since launching in 2021. See Elliptic's analysis of Huione Guarantee activity.
In late 2025, Cambodia's central bank ordered Huione's payment services arm to shut down, according to investigative reporting that cited the license revocation and related events. Read ICIJ reporting on Huione Pay and the shutdown.
Telegram: where criminal services are brokered
Encrypted messaging platforms can become a coordination layer for fraud. Reporting and research into scam compound ecosystems describes how channels and groups are used to connect operators with money launderers, buy tools that support coercion and access scam tooling at scale.
For finance leaders, the takeaway is practical: the fraud supply chain can sit in plain sight across mainstream platforms, even when the underlying activity is illicit.
Cryptocurrency: fast movement, weak recovery odds
Digital assets can make funds easier to move across borders and harder to recover once they have been converted and dispersed across wallets. One common laundering method is rapid movement between wallets and chains to increase distance from the original transaction.
Crypto is also used earlier in the fraud itself. Victims may be pushed toward crypto-based investment platforms or online gambling schemes that primarily accept digital currencies. When targets have limited experience with crypto transactions, they are easier to mislead.
How the money moves in a typical executive-targeted scam
Media coverage often focuses on the compounds and the human toll. The payment pathway matters just as much, because it is where businesses can intervene.
1) Initial outreach
From the compound, operators send high volumes of outreach messages via email, text or social platforms. The approach often mimics a professional introduction or commercial opportunity.
2) Social engineering and trust building
If the target engages, the operator builds rapport and credibility. This may include polished documents, fabricated references or AI-enabled content designed to look legitimate.
3) The pitch
Once trust is established, the operator introduces a deal: a vendor relationship, an investment opportunity or a partnership that appears aligned to business needs.
4) Fund extraction
The operator sends an invoice or agreement that prompts payment, often via wire transfer or cryptocurrency. Once the payment is sent, laundering mechanics kick in quickly.
5) Money laundering and mule accounts
Funds are routed to accounts controlled by mules or intermediaries and moved across borders. The goal is speed and fragmentation, not long-term custody.
6) Crypto conversion and layering
Funds may be converted into digital assets and moved through wallets and services that increase distance from the original payment. Each step reduces recovery likelihood and increases investigation complexity.
At this stage, the financial loss is only part of the risk. If criminals gain insight into payment workflows, approval patterns or vendor processes, follow-on targeting becomes more likely.
Why enforcement often falls short
Research and reporting have repeatedly flagged how scam compounds persist in environments with weak enforcement, regulatory gaps and corruption risk. Amnesty International has accused Cambodia's government of deliberately ignoring widespread abuses connected to scam compounds. Read Amnesty International's findings on scam compounds in Cambodia.
International action has increased. In addition to FinCEN's rule regarding Huione Group, the U.S. Treasury has announced sanctions targeting wider networks tied to cyber-enabled fraud in the region. Read the U.S. Treasury announcement.
Red flags finance teams should treat as high-risk
Stronger payment controls start before a scam attempt. Even mature vendor management processes can be bypassed when criminals apply pressure, speed and social engineering.
- Hidden ownership and shell structures that make it hard to identify who ultimately controls the entity
- Crypto-only payment demands or sudden requests to change payment method or currency
- Routing through jurisdictions associated with weak enforcement or known scam compound activity
- Requests to split payments into smaller amounts to bypass approval thresholds
Five actions CFOs can take now
Scam compounds depend on fragmented regulation and uneven controls. CFOs can reduce exposure by tightening outbound payment governance across people, process and technology.
To structure your approach, Eftsure's five-point framework can help you pressure test controls end to end. Read Eftsure's five-point framework for strengthening payment controls.
1. Assessment: map where money leaves
Build a clear view of outbound payment flows. Document payment methods, who can initiate payments and where cross-border transactions are concentrated.
2. Technology: automate vendor verification
Reduce reliance on manual checks. Automation can validate bank details, flag anomalies and detect changes to vendor information sooner.
3. Process: standardize bank detail changes
Require verification via a known, trusted channel. Do not accept new contact details at face value. Confirm changes using a number or contact path you have used before.
4. People: make diligence the default
Urgency is a security risk. Train teams to slow down, escalate early and treat unusual requests as signal, not noise.
5. Partnership: test the security of your network
Your payment risk includes third parties. Ask banks, insurers and key vendors how they verify change requests and detect payment fraud. If their controls are weak, your exposure increases.
Seeing the system - and your organization's role in it
Scam compounds and their enablers form a payment fraud infrastructure that extends far beyond isolated scams. The practical question for finance leaders is not whether these networks exist. It is whether your payment controls can resist the combination of social engineering, speed and laundering routes designed to make recovery unlikely.
By improving governance across people, process and technology, finance teams can reduce the chances of funding these networks - and limit follow-on risk if an attempted scam reaches your organization.
Download the Cybersecurity Guide for CFOs 2026 to strengthen payment controls and reduce fraud risk.
