Cybercrime Now Makes Up a Third of All Crime in Asia - And AI Just Made It Unstoppable

In February 2024, an employee at a multinational company in Hong Kong sat through a video call with people he believed were his company's CFO and several other senior executives. He authorised a payment of $25 million based on what he saw and heard on that call.

None of the executives were real. Every face and voice on that call was an AI-generated deepfake, built convincingly enough to fool someone who had presumably seen and worked with the real executives before. The $25 million was gone within hours.

A year later, in Singapore, a finance director at a different multinational sat through a similar Zoom call - fraudsters posing as the company's CEO and CFO - and authorised a transfer of more than $499 million. Half a billion dollars, moved because a video call looked and sounded real enough to trust.

These are not isolated horror stories anymore. According to a new Interpol assessment covering 18 countries across Asia and the South Pacific, cybercrime has crossed a threshold that should concern anyone who has not been paying close attention: in more than half of the countries surveyed, cybercrime now accounts for over 30% of all crime recorded nationally. Not 30% of digital crime. Thirty percent of all crime, full stop, including burglary, assault, and theft.

The Numbers That Define the New Reality

Interpol's 2025/2026 Asia and South Pacific Cyberthreat Assessment Report, covering January 2024 through March 2025, is built from data submitted by 18 member countries alongside private sector partners and operational case studies. The headline figure - cybercrime exceeding 30% of all recorded crime in more than half the surveyed nations - is the kind of statistic that takes a moment to fully register. This is not a niche category of policing anymore. In a meaningful number of these countries, more crimes now happen through a keyboard than through a weapon, a lock pick, or a physical confrontation.

The supporting data fills in a picture that is genuinely alarming in its specifics. The region recorded over 135,000 ransomware-related attacks in 2024 alone, hitting real estate, manufacturing, and financial services particularly hard. Distributed denial of service attacks - the kind that knock websites and services offline by overwhelming them with traffic - surged 92% compared to the previous year. System intrusions accounted for roughly 80% of all data breaches recorded in 2024, with malware present in 83% of those breaches and ransomware specifically present in 51%.

Phishing - the practice of tricking people into clicking malicious links or handing over credentials through fake but convincing messages - remains the single most widespread and financially damaging category of cybercrime in the region. A third of the surveyed countries reported more than 10,000 phishing cases each during the assessment period. People across Asia and the South Pacific click on phishing links at a rate of 5.5 per 1,000 individuals monthly - roughly double the global average of 2.9 per 1,000, with cloud applications the primary target for these attacks specifically.

Why AI Changed the Maths for Criminals

The Interpol report is explicit that artificial intelligence is not a side note in this story. It is one of the central forces accelerating the entire trend, and the mechanism is worth understanding clearly rather than treated as a vague background factor.

Cybercrime has always required two things in tension: technical skill and scale. A skilled hacker could write convincing phishing emails, but writing genuinely persuasive, personalised messages for thousands of potential victims took real time and language skill. A fraudster could attempt a deepfake-based scam, but producing a passable fake video or voice recording required technical expertise that most criminals simply did not have.

Generative AI collapsed both constraints simultaneously. Interpol's Cybercrime Director, Neal Jetton, described the resulting threat landscape directly: criminals are now leveraging artificial intelligence, ransomware-as-a-service models, and sophisticated social engineering techniques "on an industrial scale." That phrase - industrial scale - is doing real work in that sentence. It signals a shift from cybercrime as a craft practiced by skilled individuals to cybercrime as a manufacturing process, where AI tools do the labour that previously required scarce human expertise.

The clearest evidence of this shift in the data: discussions about deepfake technology on cybercriminal forums and Telegram channels popular among Southeast Asian threat actors increased by 600% in just five months, between February and June 2024. That is not gradual adoption. That is a criminal ecosystem rapidly discovering a new capability and sharing it amongst itself at the kind of pace that suggests genuine excitement about what the tools now make possible.

A related Interpol assessment, the March 2026 Global Financial Fraud Threat Assessment, went further still: AI-powered scams are measurably more profitable than traditional fraud techniques, and increasingly the AI is not just generating convincing content but automating entire stages of the criminal workflow - scoping out potential targets, building detailed profiles of victims, running phishing campaigns, and even managing extortion negotiations with minimal human oversight required from the criminals running the operation.

The Romance Scam Industry Powered by AI Personas

One of the most disturbing specific findings in the report concerns organised criminal operations based in Myanmar, Cambodia, and Laos, which Interpol found are using deepfake technology in what the report terms "romance baiting" scams - a more elaborate and more damaging evolution of the traditional romance scam.

The traditional version of this fraud relied on a scammer building a fake romantic relationship with a victim over weeks or months through text messages and photos, eventually requesting money for a fabricated emergency. The AI-enhanced version blends generated personas - convincing fake identities supported by AI-generated images, and increasingly AI-generated video calls - with the same long-term social engineering approach, making the fabricated relationship significantly more convincing and harder for a victim to question.

Interpol's estimate for the financial damage from this specific category of organised, AI-assisted romance scams operating out of the Mekong region: $37 billion in regional losses. That figure alone exceeds the GDP of dozens of individual countries, generated by criminal operations using consumer-accessible AI tools to manufacture fake relationships at industrial scale.

The Malware Landscape Behind the Headlines

Beyond the AI-specific acceleration, the report documents a malware ecosystem that has become considerably more sophisticated and more prevalent across the region.

Banking trojans and information-stealing malware - software specifically designed to extract login credentials, financial details, and other sensitive data from infected devices - emerged as the second most prevalent category of cybercrime behind phishing and scams. Specific malware families named in the report, including RedLine, Lumma, LokiBot, and ZBot, represent an established criminal software supply chain, where these tools are developed, sold, and deployed by different actors across an increasingly specialised and professionalised underground economy.

Between January and December 2024 alone, more than 6.5 billion individual cyber threats were detected and mitigated across the Asia and South Pacific region, according to data Interpol drew from threat intelligence partner TrendAI. That number - 6.5 billion detected threats in a single region in a single year - is difficult to process at a human scale, but it underlines how thoroughly cybercrime has shifted from occasional incidents to a continuous, ambient condition of operating any digital infrastructure in the region.

Why Law Enforcement Is Struggling to Keep Pace

The report does not shy away from documenting the gap between the scale of the threat and the region's collective capacity to respond to it, and the honesty here is part of what makes the assessment credible rather than simply alarmist.

Law enforcement agencies across the surveyed countries report significant operational and technical challenges: gaps in specialised digital forensic tools, limited access to targeted cybercrime training, and insufficient technical capacity to investigate and prosecute cases at the pace they are occurring. The disparity in cybersecurity maturity across the region compounds this problem considerably. Some countries - Interpol specifically highlighted Hong Kong and the Republic of Korea as examples - have introduced updated cybersecurity legislation and built stronger institutional capabilities. Many developing countries and smaller island states across the same region face significant resource and capacity constraints that leave them considerably more exposed.

This unevenness matters beyond the borders of any individual country, because cybercrime does not respect jurisdiction in the way physical crime does. A criminal operation based in a jurisdiction with weak enforcement capacity and ambiguous cybercrime legislation can target victims anywhere in the world with relative impunity, and Interpol's report notes that organised scam operations are increasingly splintering from large, fixed compounds into smaller, more agile operations that migrate toward exactly the regions where legal ambiguity and weak enforcement create the least resistance - a pattern the report indicates is now extending the reach of these networks toward Africa, Latin America, and Europe as well as within Asia itself.

On a more encouraging note, the response is not purely passive. Roughly two-thirds of surveyed countries - 66.7% - have adopted AI tools and systems of their own for predictive analysis, digital forensics, and threat detection, suggesting law enforcement is not simply being outpaced without any countermeasure, even if the overall trend in the data still points toward cybercrime outgrowing the current response capacity.

What This Means Beyond the Asia-Pacific Region

While the Interpol assessment focuses specifically on Asia and the South Pacific, the patterns it documents are not regionally contained, and the report itself, along with independent threat intelligence firms covering the same period, frames the trend as part of a broader global shift rather than a localised anomaly.

Bitdefender's parallel 2026 Global Scam Intelligence Report describes scams as having gone fully "omnichannel" - fraud campaigns now move seamlessly across web, SMS, social media, messaging apps, email, and voice calls as coordinated operations, with malicious content increasingly blending into ordinary social media feeds through fake promotions, sponsored posts, and content that mimics genuine platform activity. Scammers are exploiting trusted brands, spoofed caller ID, compromised business accounts, and even messages sent from the accounts of people victims already personally know and trust, having compromised those accounts first.

For anyone outside the Asia-Pacific region reading this and assuming it is someone else's problem: the deepfake-enabled corporate fraud cases described above, the AI-generated phishing content, and the romance scam personas are not techniques confined by geography. The same AI tools that powered the $25 million Hong Kong deepfake fraud and the $499 million Singapore wire transfer scam are globally accessible, and security researchers tracking these trends consistently describe the Asia-Pacific region as an early proving ground for techniques that subsequently spread to criminal operations targeting victims in Europe, North America, and elsewhere.

What You Can Actually Do About This

The practical defensive measures against this category of fraud have not changed dramatically in their fundamentals, even as the sophistication of the attacks has increased considerably. What has changed is how seriously these basic protections now need to be taken, given that the old advice to "look for obvious red flags" is measurably less reliable against AI-polished, personalised attacks than it was against the generic phishing emails of a decade ago.

Enable multi-factor authentication on every account that supports it, particularly financial accounts and email, since email compromise is frequently the entry point for broader fraud. Treat any urgent request for a financial transfer with scepticism regardless of how convincing the source appears, including video calls - establish out-of-band verification procedures for any business that handles wire transfers, meaning a second, independent communication channel to confirm unusual requests before acting on them, exactly the kind of process that would have stopped both the Hong Kong and Singapore cases described above. Be specifically sceptical of unsolicited romantic or financial relationships that develop primarily online and eventually involve requests for money, regardless of how long the relationship has developed or how genuine the other party seems through video calls or voice messages.

None of this is a complete defence against a threat landscape this sophisticated and well-resourced. But the gap between organisations and individuals who have implemented these basic protections and those who have not is precisely where most of the documented losses in this report are concentrated.

The Honest Takeaway

Interpol's report is not predicting a future threat. It is documenting a threshold that has already been crossed: in a meaningful share of one of the world's most economically dynamic regions, cybercrime is no longer a specialised concern handled by dedicated units operating alongside conventional policing. It has become a mainstream category of crime, on the same scale as the offences that have defined criminal justice systems for generations, and artificial intelligence is the single largest accelerant making this possible at the speed and scale the data now shows.

The same tools making AI assistants genuinely useful for legitimate work - generating convincing text, synthesising realistic images and video, automating repetitive tasks at scale - are, in the hands of organised criminal networks, making fraud more convincing, more scalable, and more profitable than at any point before. That is an uncomfortable truth sitting directly underneath the otherwise genuinely exciting story of what generative AI has made possible over the past several years.

Both things are true simultaneously, and pretending the second is not happening while celebrating the first is no longer a credible position for anyone paying attention to where this technology actually goes once it reaches the people willing to use it without restraint.