Back to Insights
Threats4 min read18 July 2026

314 Arrested as Phone Fraud Factories Take Root 700 Kilometres from Darwin

Timor-Leste police dismantled fortified scam compounds in Dili during June and July 2025, seizing thousands of SIM cards, laptops, and Starlink units from operations that targeted victims across the region.

t2s
train2secure NewsdeskSecurity awareness team
Photoreal aerial editorial shot at dusk of a row of nondescript residential houses behind high concrete walls topped wit

Timor-Leste police arrested 314 people across four raids conducted over three weeks in June and July 2025, dismantling phone fraud compounds operating from the heart of the capital, Dili.

A Small Nation, a Massive Criminal Industry

The scale of the global scam-centre industry is staggering. The UN Office on Drugs and Crime estimates that operations in Cambodia, Myanmar, and Laos alone generate more than $50 billion in annual profits. That number is not a typo. It represents a criminal economy larger than the GDP of most small nations, funded almost entirely by deceiving ordinary people over the phone.

Timor-Leste was not chosen by accident. Criminal networks that ran large operations in Cambodia and Myanmar have faced increasing pressure from those governments, which have conducted their own crackdowns under international scrutiny. The same networks responded the way any business might: they looked for new locations with lower overheads and fewer obstacles. Timor-Leste, a young democracy still building its legal and enforcement institutions, fit the criteria.

Michael Rose, an adjunct professor at the University of Adelaide who has visited scam centres in Timor-Leste, told ABC News Australia that these groups specifically seek governments they expect to be easy to manage. What they found here, he said, was a government willing to push back hard.

Inside the Compounds

Police raided three heavily fortified compounds during a five-day operation in July 2025, arresting 253 workers. A separate raid conducted in late June had already brought in 61 more suspects, bringing the total to 314. The suspects, predominantly Chinese and Indonesian nationals along with some Cambodian workers, appeared in court on two consecutive days facing charges of money laundering, illegal online gaming, and criminal association.

The compounds were not warehouses or industrial units. Several were large residential homes rented from local landlords. At least one landlord told local media he had genuinely believed his Chinese tenants were in Dili to support construction of a convention centre. He only learned the truth when police called him to the property.

Inside, officers found the standard toolkit of a modern phone fraud operation:

  • Thousands of SIM cards, which allow callers to rotate through hundreds of different phone numbers, making it nearly impossible for victims to recognise or block repeat contact
  • Multiple laptops loaded with calling scripts, victim databases, and communication tools
  • Several Starlink satellite internet units, the commercial service that provides fast, reliable connectivity independent of local infrastructure

That last item matters. Timor-Leste has some of the slowest average fixed internet speeds in the world. Satellite access was not a luxury for these operations. It was a technical prerequisite.

Passport Confiscation: The Clearest Sign of Coercion

More than 50 of the 314 people arrested had no passport on them at the time of their arrest. This detail is significant. Confiscating identity documents is a well-documented control tactic used in scam centres across Southeast Asia to prevent workers from leaving. The UN and multiple human rights organisations have documented the practice extensively. Workers are often recruited under false pretences, sometimes offered legitimate technology jobs, then effectively trapped once they arrive.

This means the people sitting at those laptops are not always willing participants. Some are victims themselves, coerced into committing fraud against other victims. That complexity does not erase legal responsibility, but it does change how investigators and social services need to respond.

Which Controls Failed, and What Defenders Should Learn

From a cybersecurity and fraud-prevention standpoint, these operations thrive because they exploit the weakest point in any security architecture: human trust. There is no software patch for a person who believes they are speaking to a police officer. There is no firewall that stops a victim from voluntarily reading out their bank details. The entire attack surface is social.

This is precisely why organisations that dismiss security-awareness training as a checkbox exercise misunderstand the threat. The callers in Dili were working from polished scripts designed to trigger fear, urgency, and compliance. Counteracting those scripts requires people who have been trained to recognise the emotional manipulation before it works, not after. A single well-run phishing and social-engineering awareness programme can measurably reduce the success rate of exactly these attacks.

The technical toolkit seized in Dili also highlights a pattern defenders should internalise. SIM rotation defeats simple caller-ID blocking. Satellite internet defeats geographic filtering. These are not sophisticated zero-day exploits. They are commodity tools assembled to maximise call volume and anonymity. The sophistication is in the social engineering, not the technology. That means the primary defensive investment should match the primary attack vector: training people to slow down, verify independently, and refuse to act under artificial urgency.

Organisations should also examine their own internal controls. Vishing attacks, where a caller impersonates a bank, government body, or internal IT team, regularly succeed against employees who have never practised the scenario. The Verizon 2024 Data Breach Investigations Report found that the human element was a contributing factor in 68 percent of breaches. Phone-based social engineering sits squarely inside that statistic.

What Ordinary People Should Do Right Now

If you receive an unexpected call from someone claiming to be a police officer, a government official, or a fraud team from your bank asking you to transfer money or confirm personal details, hang up immediately. Do not press any options. Do not engage.

Then call the organisation back using a number you locate yourself from the official website, not a number the caller gave you. Legitimate agencies do not demand instant payment over the phone. They do not threaten arrest if you fail to comply immediately. They do not ask you to stay on the line while you withdraw cash.

Timor-Leste police say further targets are already identified and more raids are planned. The crackdown is welcome. But enforcement alone does not stop the next call from reaching someone who does not know what to look for.

How awareness training reduces the damage from vishing and phone fraud

  • Train employees to recognise urgency and authority as manipulation triggers, not reasons to comply, before a real call arrives.
  • Run simulated vishing scenarios so staff practise the pause-and-verify habit in a safe environment where a mistake costs nothing.
  • Establish a clear internal reporting channel so employees who receive suspicious calls can flag them immediately, helping security teams identify active campaigns targeting your organisation.

Train2Secure's security-awareness programmes are built around exactly these real-world attack patterns, so your people are practised before the phone rings.

Start free, no card required

Frequently asked questions

Why are phone scam operations moving into countries like Timor-Leste?

Criminal networks follow the path of least resistance. As Cambodia and Myanmar increased enforcement pressure, the same operators relocated to smaller nations with less developed legal frameworks and limited experience investigating transnational cybercrime. Timor-Leste offered cheap accommodation, relatively open borders, and, critically, Starlink satellite internet that bypassed the country's slow local infrastructure.

How do thousands of SIM cards help scammers avoid detection?

Each SIM card gives a device a unique phone number. By rotating through hundreds or thousands of numbers, callers prevent victims from recognising repeat attempts and make it practically impossible for telecoms providers or law enforcement to block all outbound calls from a single operation. It is a volume and anonymity play, not a technical exploit.

What should I do if I receive a suspicious call from someone claiming to be a police officer or government official?

Hang up without engaging. Find the official phone number of the organisation yourself using a trusted website or directory, then call that number directly to verify whether any real contact was attempted. Never transfer money, provide card details, or share personal information based on an inbound call you did not initiate.

Were the arrested workers all willing participants?

Not necessarily. More than 50 of the 314 people arrested had no passport, which strongly suggests their documents had been confiscated by employers, a coercion tactic widely documented in Southeast Asian scam centres. Many workers are recruited under false pretences and then effectively trapped. The situation involves both criminal actors and trafficking victims within the same population.

Ready to Reduce Your Human Cyber Risk?

Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.

train2secure analytics dashboard showing training completion stats and user progress