Microsoft helps India break up AI-driven tech-support scam

On 6 June 2025 India’s Central Bureau of Investigation (CBI), working with Microsoft and Japan’s National Police Agency, raided 19 sites in Delhi, Haryana and Uttar Pradesh (Operation Chakra V). Six suspects were arrested and two illegal call-centres shut down. The syndicate posed as Microsoft support, targeting Japanese computer users with fake pop-ups and phone calls, then coercing victims into transferring money to “mule” accounts. Microsoft says the gang relied on generative-AI tools to create malicious pop-ups and translate scripts. The collaboration has so far helped disable around 66,000 malicious domains and URLs worldwide and exposed a wider ecosystem of SEO specialists, payment processors and logistics providers behind the scam.

What happened
India’s elite investigators have smashed two bogus call-centres accused of scamming thousands of Japanese citizens out of vast sums by posing as Microsoft’s tech-support desk.

Operation Chakra V
• Nineteen premises searched; six people arrested.
• Centres ran “customer-service” calls and on-screen pop-ups claiming a device was infected.
• Victims were tricked into sending money to laundering accounts.
A global effort

Microsoft, Japan’s National Police Agency and the CBI pooled threat-intel to trace the racket. The wider network included:
• Pop-up designers and search-engine optimisers.
• Logistics and talent agencies supplying equipment and staff.
• Payment processors funnelling the cash.

The AI factor
Investigators say the gang used generative-AI to scale up—auto-creating fake alerts, translating scripts into Japanese and identifying new targets.

Impact so far
• 66,000 malicious domains and URLs dismantled since May 2024.
• Seizure of PCs, phones and DVRs expected to yield more leads.
• Operation highlights how low-cost AI now supercharges classic social-engineering fraud.

Staying safe
• Treat pop-ups urging you to call “support” with extreme scepticism.
• Never allow remote-access tools unless you initiated the session.
• Use browser and DNS filtering to block known tech-support scam domains.