On May 28, 2025, India’s Central Bureau of Investigation (CBI), the country’s federal police service, executed raids at 19 locations across India to dismantle cyber-enabled financial fraud networks, including tech support fraud schemes. This operation, which disrupted a malicious enterprise impersonating Microsoft and targeting older adults in Japan, resulted in the arrest of six key operatives, the takedown of two illegal call centers, and the seizure of digital and physical infrastructure, such as computers, storage devices, digital video recorders, and phones.
Through close collaboration with the Japan Cybercrime Control Center (JC3), a nonprofit organization dedicated to combating cybercrime in Japan, Microsoft’s Digital Crimes Unit (DCU) identified the India-based malicious ecosystem behind these scams. The DCU alerted Japan’s National Police Agency (NPA) and CBI, helping them to take decisive action against the individuals behind the operations.
This case represents an evolution in the DCU’s disruption approach for cyber-enabled financial fraud. With the growth of cybercrime-as-a-serviceconnectivity among cybercriminals has increased and become more global. We must continue to look at the full ecosystem in which these actors operate and coordinate with multiple international partners to meaningfully address cybercrime. In the case of tech support fraud, where cybercriminals are increasingly using technology like artificial intelligence to scale their operations, we have transitioned away from focusing on individual call centers to targeting the highest levels of the operation and proactively disrupting their technical infrastructure.
The impact of cross-sector collaboration
Our collaboration with JC3 marked the DCU’s first partnership with a Japan-based organization to assist victims, proving crucial to the operation’s success. On an ongoing basis, JC3 provided actionable identifiers for malicious pop-ups that urged recipients to call fake technical support lines, believing they were contacting Microsoft. This information, coupled with additional threat intelligence and signals data, was then analyzed by the Microsoft Threat Intelligence Center (MSTIC), enabling Microsoft to proactively take down approximately 66,000 malicious domains and URLs globally since May 2024. The intelligence gathered was then integrated into Microsoft services to strengthen them against abuse.
Importantly, the information from JC3 enabled the DCU to identify the broader network behind these scams—encompassing pop-up creators, search-engine optimizers, lead generators, logistics and technology providers, payment processors, and talent providers. These actors used generative AI to scale their operations, including to identify potential victims, automate the creation of malicious pop–up windows, and perform language translations to target Japanese victims. This activity highlights the increasingly sophisticated tactics employed by cybercriminals and underscores the importance of proactive global collaboration to protect victims.
Examples of malicious pop-ups impersonating Microsoft.
Continued commitment to cybercrime prevention
Cyber-enabled financial fraud disproportionately targets older adults, and unfortunately, this growing trend is global. According to the FBI’s Internet Crime Complaint Centertech support fraud was the most frequently reported crime type reported by older Americans (over 60) in 2023, resulting in nearly $590 million in losses. The Global Anti-Scam Alliance reported that, in Japan, the majority of scams target adults over the age of 45. This was consistent with what we observed in this operation, with approximately 90% of the 200 people affected being over the age of 50.
The DCU has long been at the forefront of combatting sophisticated scams, and our ongoing collaboration with global law enforcement has led to hundreds of arrests and increasingly severe prison sentences worldwide. However, as cybercriminals continue to evolve their tactics, we too must take more aggressive action to protect those vulnerable to fraud. By leveraging cutting-edge technologies like AI and expanding collaborations with law enforcement and civil society, the DCU is intensifying its efforts to disrupt cybercrime operations from the top down. We are grateful for our ongoing collaboration partners across sectors and will continue to look for new ways to help protect people from cybercrime.
Important: Microsoft will never send unsolicited email messages or make unsolicited phone calls to request personal or financial information, or to provide technical support to fix your computer. If you have been contacted by someone claiming to be from, or associated with, Microsoft and believe it was a scam, report the incident via our online reporting tool: microsoft.com/reportascam.
Doing so assists us with our ongoing investigations with law enforcement as we take appropriate action against those targeting our customers. We also use these insights to strengthen our technology to better protect consumers from fraudulent tactics.
For more information on how individuals can protect themselves, please visit: Protect yourself from tech support scams (microsoft.com).
GIPHY App Key not set. Please check settings