American technology and American corporations are serving as the backbone of a rapidly expanding global scam industry, according to a sweeping investigation conducted by AP and FRONTLINE. The findings reveal that the role U.S. tech plays in enabling fraud runs far deeper than previously understood.
While most public attention has centered on the social media platforms that scam victims encounter, the investigation found that the infrastructure criminals rely on stretches much further back in the digital supply chain — through satellite internet providers, artificial intelligence platforms, and internet infrastructure companies.
Watchdog groups argue that these companies have the technical capability to do more to protect consumers, but currently face little legal, regulatory, or financial pressure to act. The Federal Trade Commission estimates that scams cost Americans close to $200 billion in 2024 alone.
Investigators found no evidence that any of these companies were acting illegally. However, the patterns of abuse uncovered raise serious questions about how thoroughly these firms are enforcing their own policies, which explicitly ban illegal activity on their platforms.
Among the most significant findings: AP identified two software packages being used by scammers operating out of compounds in Southeast Asia. OpenAI’s ChatGPT was the most heavily featured AI tool in these programs, with Google’s Gemini also playing a role. The analysis was conducted in partnership with security nonprofit C4ADS.
These software tools — which have both legitimate and criminal applications — allow scammers to communicate in dozens of languages, generate automated responses, build convincing fake identities, and monitor worker output. Blockchain analysis by TRM Labs, conducted at AP and FRONTLINE’s request, found that scammers using these tools brought in tens of millions of dollars.
Both OpenAI and Google stated they have active programs designed to detect and stop misuse of their platforms. OpenAI confirmed it banned three accounts after AP shared its findings, saying those accounts had been using its models to support online fraud.
An AP analysis of more than 200,000 device connections — provided by anti-trafficking nonprofit International Justice Mission — found that one out of every five signals coming from devices at four scam compounds tied to sanctioned entities in Myanmar was routed through a U.S.-registered company. No other non-regional country came close to that level of involvement.
Companies identified in that traffic included Cogent Communications, Oracle, AT&T, and DigitalOcean. Foreign firms with U.S.-based servers, including UpCloud from Finland and GlobalTeleHost from Canada, also carried high-risk traffic from scam operations.
All of the companies involved emphasized that they are unable to monitor the content traveling across their networks — a privacy-by-design limitation that restricts their ability to detect abuse. Each said they respond to valid abuse complaints and work with law enforcement when contacted.
Oracle stated it was actively working with law enforcement on the material AP provided. UpCloud said the inquiry prompted an internal review and improvements to its risk assessment procedures.
Elon Musk’s satellite internet service, Starlink, remains the top internet provider in Myanmar — including at scam centers — despite scrutiny from Congress and a high-profile crackdown last fall in which the company said it disconnected 2,500 kits near known scam compounds.
Despite those efforts, scammers continue to rely on Starlink, including at dozens of new sites that have emerged inside Myanmar since the crackdown. Satellite imagery and device data shared by International Justice Mission with AP identified at least 25 newly constructed sites, at least 13 of which have connected to the internet via Starlink. Investigators noted the data represents only a portion of total activity and may not capture all Starlink use at those locations.
Starlink did not respond to detailed questions from AP, but has publicly stated it cooperates with law enforcement — including a May operation with the Department of Justice’s Scam Center Strike Force — and remains committed to keeping its service operating as “a force for good.”
Cybersecurity analysts say tech companies are sitting on vast amounts of data that could be used to curb illegal activity, but taking action requires meaningful investment that companies currently have little incentive to make.
“If there’s no disincentive to continuing this, if there’s no cost to actually facilitating scamming, then why would I spend a dollar to prevent scamming?” said Sascha Meinrath, the Palmer chair in telecommunications at Penn State University. “This is the problem. It’s identifiable, it’s addressable — at least somewhat — but it costs something. And right now the cost of facilitating scamming is zero.”
Other countries are beginning to change that equation. The United Kingdom, the European Union, Australia, and Singapore have all enacted regulations requiring companies to take greater steps to prevent scams — with financial penalties for those that don’t comply.
In the United States, lawmakers and officials have been urging tech companies to work together to cut scammers off from American infrastructure, but those efforts have been voluntary rather than legally required.
“The amazing part of this tragedy is that the criminals use our own infrastructure to commit the crime,” said U.S. Attorney Jeanine Pirro, who leads the new Scam Center Strike Force working to build industry partnerships. “When fraud is detected, industry must be ready, willing and able to stop it.”
This reporting is part of an ongoing collaboration between The Associated Press and FRONTLINE on PBS, which includes an upcoming documentary.
