Most people, if they think about fraud operations at all, imagine something improvised. A person with a burner phone, a story, and enough nerve to keep talking until someone believes them.
That picture is not entirely wrong — those operators exist. But they represent the bottom of a labor market, not the whole of it. And increasingly, they work for someone.
The organizational structures behind large-scale fraud operations vary by geography, by fraud type, and by the ambitions of whoever built them. But certain functional components appear consistently enough that they can be mapped with reasonable confidence. What emerges looks less like a criminal conspiracy and more like a mid-sized company with an unusually high tolerance for risk and no HR department worth mentioning.
Recruitment
Every large fraud operation has a recruitment function — people whose job is finding other people to do the work. At the lower end, this looks like trolling job boards and social media platforms for individuals willing to receive and forward money, often under the guise of legitimate remote employment. At the higher end, it involves active sourcing of individuals with specific skills — language fluency, financial knowledge, technology expertise, or simply the kind of interpersonal confidence that holds up under pressure.
In Southeast Asia, recruitment has taken a darker and more coercive form. Workers — often from Vietnam, China, Thailand, and neighboring countries — have been lured to Cambodia, Myanmar, and Laos with promises of legitimate employment in hospitality, customer service, or technology. What they found upon arrival was something else entirely. Their passports were confiscated. Their movement was restricted. And they were put to work running fraud operations under threat of violence, debt bondage, or sale to another compound. The United Nations Office on Drugs and Crime estimated in 2023 that hundreds of thousands of people were being held in these facilities across Southeast Asia. The operations Meta and global law enforcement disrupted earlier this year — disabling more than 150,000 accounts and contributing to 21 arrests — were connected directly to this network. Some of the voices on the other end of those fraud calls were not criminals. They were prisoners.
Training
Operators in serious fraud organizations don’t just pick up the phone and improvise. They are trained. Scripts are developed, tested, and refined based on what actually works — which objections come up most frequently, which responses overcome them, which emotional appeals produce the fastest results. New recruits go through onboarding that covers the script, the cover story, the target profile, and the escalation path when a call gets complicated.
In the scam compounds of Southeast Asia, survivors have described training periods lasting days or weeks before they were permitted to begin working. Those who didn’t perform were punished. Those who met their quotas were rewarded. The structure would be recognizable to anyone who has worked in a call center — because in many functional respects, that is exactly what these facilities are.
Operations and Supervision
Fraud operations at scale are supervised. Operators work shifts. Performance is tracked — calls made, conversations initiated, money obtained. Supervisors monitor calls, provide real-time coaching, and intervene when an operator is struggling or a target seems close to converting. Quota structures create pressure that mirrors any commission-driven sales environment.
The sophistication of this supervision varies. In some operations it is relatively informal. In others, purpose-built software tracks every interaction — call duration, conversation stage, amounts discussed, follow-up scheduling — with a level of operational visibility that legitimate sales managers would find familiar. These are not hunches and handshakes. They are managed processes.
Scripting and Psychology
The scripts that drive fraud operations are not written casually. In well-resourced organizations they are developed with genuine attention to behavioral psychology — which emotional triggers produce compliance, how to manufacture urgency without triggering suspicion, when to apply pressure and when to back off and rebuild trust. Romance scam scripts, for instance, are often detailed enough to cover months of conversation — establishing connection, managing the progression of manufactured intimacy, and timing the eventual financial request to a moment of maximum emotional investment by the target.
IRS impersonation scripts are engineered around a specific and well-documented human response: most people have a deeply conditioned reluctance to challenge government authority, particularly when the stakes feel high and the timeline feels compressed. The script doesn’t need the target to believe everything. It just needs them to be uncertain enough, and frightened enough, to act before they think.
Technology Teams
Behind the operators is an infrastructure layer that most fraud awareness conversations never reach. Caller ID spoofing — presenting a call as originating from a legitimate institution’s actual phone number — requires technical capability that didn’t exist in consumer-accessible form until relatively recently. Fake websites built to mimic banks, government agencies, investment platforms, and law firms require design and development work. Some operations maintain their own technology teams for this purpose. Others purchase these capabilities as services from a criminal ecosystem that has developed its own vendor market, not unlike legitimate software-as-a-service.
The more sophisticated the operation, the more developed the technology layer. Voice over IP infrastructure routes calls through multiple jurisdictions to complicate tracing. Virtual private networks and anonymizing services obscure operator locations. Encrypted communications platforms coordinate between team members. And increasingly, artificial intelligence tools augment what human operators do — generating synthetic voices, managing target research, and optimizing scripts based on what the data says works.
The Financial Intelligence and Money Movement Operation
This is the dimension that receives perhaps the least attention in public fraud discussions, and it is worth slowing down on.
In targeted fraud operations — those aimed at specific high-value individuals rather than random mass dialing — there is frequently a research phase that precedes any contact with the target. Financial intelligence work: understanding approximately what the target is worth, what institutions they use, what financial events they may have recently experienced, and what approach is most likely to find traction. Publicly available information feeds this research significantly. Property records, business filings, professional profiles, social media, and data obtained through breaches all contribute to a targeting profile that informs how and when the approach is made, and what story is most likely to be believed.
On the back end, once money has been obtained, the challenge becomes moving it in ways that make recovery and tracing difficult. This is where the financial operation earns its complexity. Proceeds may move through a sequence of domestic bank accounts before crossing borders. Cryptocurrency conversion adds a layer of pseudonymity. Shell companies in permissive jurisdictions provide additional distance. Money service businesses — some unwitting, some complicit — provide yet another layer. The goal is the same as in any money laundering operation: by the time the money reaches its destination, its origins are obscured enough to be functionally untraceable.
The people doing this work are not generalists. In mature fraud organizations they are specialists — individuals with genuine knowledge of financial systems, banking infrastructure, and the specific vulnerabilities in cross-border money movement that create usable gaps. Some have backgrounds in legitimate finance. The skill set transfers.
Witting and Unwitting Participants: The Mule Network
No discussion of fraud organization structure is complete without addressing the network of individuals — many of them not traditional criminals in any meaningful sense — who move money on behalf of these operations without necessarily understanding what they are part of.
Money mules fall broadly into two categories. Witting mules know, at some level, that what they are doing is not legitimate. They have been recruited and compensated to receive money into their accounts and forward it, keeping a percentage, understanding that questions are not welcome. They are a knowing part of the infrastructure, even if they don’t know its full scope.
Unwitting mules are a different and in some ways more troubling story. These are people who genuinely believe they have taken a legitimate remote job — a payment processing role, a financial assistant position, a work-from-home opportunity that found them through a job board or social media ad. They receive transfers into their personal accounts and forward them as instructed, believing they are performing a legitimate function for a legitimate employer. When law enforcement arrives, they are frequently the first people identified — because their names and accounts are the ones visible in the transaction records. The organization that recruited them is several layers removed and considerably harder to find.
The mule network extends the geographic reach of fraud operations significantly. Money moving through local accounts in the target’s own country raises fewer immediate flags than direct international transfers. It is infrastructure, and it is maintained with the same operational attention as every other part of the enterprise.