India’s Central Bureau of Investigation (CBI) has revealed that it has arrested six individuals and dismantled two illegal call centers that were found to be engaging in a sophisticated transnational tech support scam targeting Japanese citizens.
The law enforcement agency said it conducted coordinated searches at 19 locations across Delhi, Haryana, and Uttar Pradesh on May 28, 2025, as part of an initiative called Operation Chakra V, which aims to combat cyber-enabled financial crimes.
The cybercrime syndicates, per the CBI, defrauded foreign nationals, mainly Japanese citizens, by masquerading as technical support personnel from various multinational corporations, including Microsoft.
“The syndicate operated call centers designed to appear as legitimate customer service centers, through which victims were deceived into believing that their electronic devices were compromised,” the agency said. “Under this pretext, victims were coerced into transferring funds into mule accounts.”
Authorities said they worked together with the National Police Agency of Japan and Microsoft, allowing them to track down the perpetrators of the scheme and its operational structure. In addition, valuable evidence in the form of computers, storage devices, digital video recorders, and phones has been seized.
The CBI said the operation criminal enterprise leveraged advanced social engineering techniques and “technical subterfuge” to deceive victims and extract money under false pretenses.
“With the growth of cybercrime-as-a-service, connectivity among cybercriminals has increased and become more global,” Microsoft’s Steven Masada said. “We must continue to look at the full ecosystem in which these actors operate and coordinate with multiple international partners to meaningfully address cybercrime.”
The tech giant further said it has been closely working with the Japan Cybercrime Control Center (JC3) to uncover the fake technical support scam, enabling it to take down approximately 66,000 malicious domains and URLs globally since May 2024.
The cross-sector collaboration, Redmond added, made it possible to identify the broader network behind these operations, which includes pop-up creators, search-engine optimizers, lead generators, logistics and technology providers, payment processors, and talent providers.
“These actors used generative AI to scale their operations, including to identify potential victims, automate the creation of malicious pop-up windows, and perform language translations to target Japanese victims,” Masada said.
“This activity highlights the increasingly sophisticated tactics employed by cybercriminals and underscores the importance of proactive global collaboration to protect victims. “
The action comes shortly after Reuters reported that the recently disclosed data breach at Coinbase has links to India-based customer support representatives TaskUs, who the threat actors bribed to steal customer data from the cryptocurrency exchange.
The breach is said to have been first identified in January 2025, with TaskUs stating that it had fired two employees after they illegally accessed information from a Coinbase around the same time. Coinbase has since terminated its contract with the company.
The developments also follow the arrest of 20 suspects across 12 countries between March and May 2025 in an international operation on charges of creating and distributing child sexual abuse material (CSAM).
“Spanish authorities arrested seven suspects, including a healthcare worker and a teacher,” INTERPOL said. “The healthcare worker allegedly paid minors from Eastern Europe for explicit images, while the teacher is accused of possessing and sharing child sexual abuse material via various online platforms.”
Another 10 suspects have been arrested from different Latin American countries, including three in El Salvador and a teacher in Panama. The remaining arrests took place in Europe and the United States. INTERPOL said that 68 additional suspects have been identified and further investigations are currently ongoing globally.
