India’s Central Bureau of Investigation (CBI) has announced the arrest of six individuals and the dismantling of two illegal call centers that were engaging in a sophisticated transnational tech support scam targeting Japanese citizens.
The law enforcement agency conducted coordinated searches at 19 locations in Delhi, Haryana, and Uttar Pradesh on May 28, 2025, as part of Operation Chakra V, aimed at combating cyber-enabled financial crimes.
The CBI reported that cybercrime syndicates defrauded foreign nationals, primarily Japanese citizens, by pretending to be technical support staff from various multinational companies, including Microsoft.
“The syndicate operated call centers designed to appear as legitimate customer service centers, through which victims were deceived into believing that their electronic devices were compromised,” the agency said. “Under this pretext, victims were coerced into transferring funds into mule accounts.”
Authorities announced their collaboration with the National Police Agency of Japan and Microsoft to track down the perpetrators of the scheme and understand its operational structure. Additionally, valuable evidence has been seized, including computers, storage devices, digital video recorders, and phones.
The CBI stated that the criminal enterprise operation utilized advanced social engineering techniques and “technical deception” to mislead victims and extract money under false pretenses.
“With the growth of cybercrime-as-a-service, connectivity among cybercriminals has increased and become more global,” Microsoft’s Steven Masada said. “We must continue to look at the full ecosystem in which these actors operate and coordinate with multiple international partners to meaningfully address cybercrime.”
The tech giant stated it has been working closely with the Japan Cybercrime Control Center (JC3) to uncover a fake technical support scam, leading to the takedown of approximately 66,000 malicious domains and URLs globally since May 2024.
The breach is said to have been first identified in January 2025, with TaskUs stating that it had fired two employees after they illegally accessed information from a Coinbase around the same time. Coinbase has since terminated its contract with the company.
The developments also follow the arrest of 20 suspects across 12 countries between March and May 2025 in an international operation on charges of creating and distributing child sexual abuse material (CSAM).
“Spanish authorities arrested seven suspects, including a healthcare worker and a teacher,” INTERPOL said. “The healthcare worker allegedly paid minors from Eastern Europe for explicit images, while the teacher is accused of possessing and sharing child sexual abuse material via various online platforms.”
Ten more suspects have been arrested across various Latin American countries, including three in El Salvador and a teacher in Panama. The remaining arrests came from locations in Europe and the United States. INTERPOL reported that an additional 68 suspects have been identified, and investigations are ongoing worldwide.
