Dunia Obtains Scam Files: Cambodian Ring Tracked Victims’ Every ’Annual Leave’

PHNOM PENH — Dunia has obtained internal documents from a criminal organization that reveal how a South Korean "cyber scam" group meticulously collected the personal information of their female targets in advance to facilitate their crimes. Earlier this year, in collaboration with a local independent media outlet, Dunia secured a portion of the documents used by the South Korean cyber scam organization captured in Cambodia. According to these documents, the criminal group exhaustively collected and managed files containing not only the victims' assets, such as bank deposits, but also their private life information.

'Income, Savings, Debt, and Even Vacation Plans'... Exploiting Detailed Personal Information for Crimes

One of the internal documents obtained by Dunia and the Cambodian independent media outlet ‘Mekong Independent’ is a form used to input various personal details of those marked as targets. The form contains approximately 20 personal details. At the top of the document, basic information such as ‘Customer Name,’ ‘Date of Birth,’ ‘Contact Information,’ ‘Annual Salary,’ and ‘Company Name’ is required. Below that, there are numbered entry fields for ‘Three-Party Separation (Yes/No),’ checking and savings accounts, stocks, coins, and even the number of annual leave days.

The "customer" referred to in the ‘Customer Information’ section of the form is, of course, the individual targeted by the cyber scam organization. What is startling is that they grasped the targets' financial status—including income levels, savings amounts, and account information—in great detail and utilized this to extort money. They even identified and recorded the number of annual leave days and vacation plans. This suggests that the organization executed its crimes after precisely analyzing the target’s financial situation and securing information on the best times to contact them and their daily routines.

Stealing Information Under the Guise of 'Asset Investigation'... Systematic Management through Division of Roles

The background that allowed the cyber scam organization to collect such detailed and intimate information involved the impersonation of investigative agencies (such as the prosecution or police) and financial authorities (such as the Financial Supervisory Service), along with a tactic called "Three-Party Separation." The top of the entry form obtained by the Dunia and ‘Mekong Independent’ reporting team includes blank spaces for the names of a "Secretary" or "Police Officer," showing that members approached victims by posing as officials from investigative or financial agencies.

On January 12, Blue House spokesperson Kang Yu-jung briefed the media on the mass arrest of cyber scam members by the ‘Transnational Crime Special Response TF.’ She stated that the organization, based in Phnom Penh, Cambodia, "deceived victims into believing they were involved in crimes by impersonating the prosecution and the Financial Supervisory Service, then forced them into 'self-confinement' in accommodations to cut off external contact." She also revealed that the group obtained financial information under the pretext that an "asset investigation" was necessary.

This criminal organization also committed sex crimes, such as filming sexual exploitation videos, after continuously deceiving female victims until they were rendered unable to resist. The internal documents obtained by Dunia confirm that they created files using the asset status and private information extracted through the impersonation of authorities to facilitate their crimes.

Another noteworthy part of these internal documents is the term ‘Three-Party Separation’ (삼자 분리). In cyber scam terminology, this refers to dividing roles among three parties: the "bait" who approaches the victim to extract information, the "collector" who extorts money using that information, and the "fund manager" who handles the proceeds.

Cambodian Cyber Scam Group Extorts 26.7 Billion Won from 165 People

The Dunia and Mekong Independent reporting teams also obtained multiple actual victim files created by the arrested organization based on the personal information entry form. These files include the victim's bank accounts, credit cards, debit card information, whether they traded cryptocurrency, and family relationships. The names of the "Secretary" and "Team Leader" impersonated by the criminal organization during the scam are listed at the top.

Based on the personal information acquired this way, the cyber scam organization extorted approximately 26.7 billion KRW(approximately USD 20 million) from as many as 165 victims.

'Jonber Kim' in Criminal Documents... Suggesting Links to a Massive Criminal Cartel

In another internal document obtained by Dunia, the names of a person known as 'Jonber Kim' (Mr. Park), a figure involved in cryptocurrency fraud cases, and his accomplice Mr. Choi, were found. The document contains a handwritten memo with the names of six individuals presumed to be fund managers, along with information on banks and coin trading platforms, mixed with slang such as "Jang-ju" (account holder), "Jang-junbi" (account preparation), and "Dong-gyeol" (frozen).

This suggests the possibility that Mr. Park and Mr. Choi were deeply involved in the cash flow of the South Korean cyber scam organization arrested in Cambodia earlier this year, or that this group was a subordinate organization under Mr. Park’s command.

In cooperation with the National Intelligence Service and the South Korean Police, the Cambodian Police raided four buildings within the Borey Peng Huot housing estate in the Chbar Ampov district of Phnom Penh on January 5. They arrested 32 South Koreans who had been carrying out "Romance Scams" (a type of cyber scam) by impersonating prosecutors and other officials.

Reporting Seulki Lee - skidolma@thedunia.org

Copy Editing Chihwan Ahn - chihwan@thedunia.org