Protecting Victims of Online Scams in Thailand: Legal Rights and Remedies for Foreign Residents (Part 1/3)

Thailand has witnessed a surge in technology-enabled scams in recent years, prompting robust legal reforms and enforcement efforts. Foreign retirees and businesspeople are often targeted by fraudsters through deceptive calls, texts, and online schemes. Fortunately, Thai law now provides comprehensive protection for scam victims, with new regulations to freeze fraudulent transactions, punish perpetrators, and help recover losses. This article outlines the key Thai laws that safeguard victims, the rights and remedies available, illustrative case steps, and the vital role of experienced Thai attorneys in navigating these challenges.

Thai Laws Protecting Scam Victims

Thailand’s legal framework to combat online scams spans several statutes and regulations. These laws work together to criminalize scam activities, empower authorities to act swiftly, and establish mechanisms for victims to reclaim their funds. Key provisions include a new Royal Decree on Technological Crime (2025) that enhances preventive measures, the Computer Crime Act for cyber offenses, relevant sections of the Thai Penal Code punishing fraud, the Anti-Money Laundering Act for asset freezing and recovery, and consumer protection and telecommunications regulations that hold service providers accountable.

Royal Decree on Technological Crime (No. 2) B.E. 2568 (2025)

In response to rampant phone and internet scams, Thailand enacted the Royal Decree on Measures for the Prevention and Suppression of Technological Crime (No. 2) B.E. 2568, effective 13 April 2025. This decree significantly amends the original 2023 emergency law to close loopholes exploited by scammers. Expanded Scope: The decree broadens the definition of “business operator” to cover digital asset platforms, telecom network providers, and social media services involved in financial transactions. This means cryptocurrency exchanges, e-wallet services, and even foreign platforms serving Thai users are now within reach of Thai cybercrime law. Mandatory Cooperation: Banks, e-payment providers, and telecom companies must promptly share information on suspected scam accounts or wallet addresses with authorities such as the Ministry of Digital Economy and Society, Royal Thai Police, Anti-Money Laundering Office (AMLO), Bank of Thailand, and the Securities and Exchange Commission. They are required by law to suspend or close accounts linked to technological crimes upon official instruction. Telecom operators must also block scam-related SMS messages to stop phishing texts at the source. Preventing Offshore Abuse: Authorities can block access to illicit foreign websites or unlicensed digital asset platforms used for fraud, addressing the trend of criminals transferring swindled money into overseas crypto-assets.

Asset Freezing Powers: Crucially, the 2025 decree empowers AMLO and police to act fast in choking off funds from scammers. AMLO officials may freeze or seize assets suspected to be linked to cybercrime or money laundering for an initial period up to 90 days (extendable to 180 days). This applies to bank accounts, cryptocurrencies, and other assets believed to be proceeds of scams. The decree created an oversight committee to supervise enforcement and ensure due process in these freezes. Non-compliant institutions (like banks or platforms that fail to follow freeze orders or preventive standards) face joint liability for resulting damage and can incur fines up to 500,000 THB and even imprisonment for responsible personnel. New Criminal Offenses: The law makes it a crime to misuse telecom or financial services for scams. For example, knowingly selling or allowing the use of one’s bank account or SIM card for fraud (“money mules” or “SIM mules”) is now punishable by up to five years in prison or a 500,000 baht fine. Similarly, using another person’s personal data or a deceased person’s identity for scam-related purposes can incur up to one year imprisonment, or up to five years if done for profit. These provisions discourage the common tactic of recruiting locals to open bank accounts or phone lines for criminal networks. Overall, the Royal Decree (No. 2) of 2025 significantly strengthens Thai authorities’ ability to prevent scams and protect victims by enforcing swift account freezes, mandating industry cooperation, and expanding criminal liability for fraud facilitators.

Computer Crime Act B.E. 2560 (2017) and Amendments

The Computer Crime Act (CCA) is Thailand’s cornerstone legislation for cyber-related offenses. Originally enacted in 2007 and amended in 2017, it criminalizes a broad range of activities often associated with online scams. Under the CCA, it is illegal to access a computer system without permission, intercept computer data, or hack into security measures – provisions that cover hackers who might steal personal information to execute scams. The Act also targets content-based offenses: Section 14 prohibits inputting false information into a computer system that causes damage to the public or an individual (this has been used against phishing websites and fraudulent online postings). For instance, scammers who create fake banking websites or social media profiles to deceive victims can face charges under this section for the false online representations. The CCA additionally outlaws disseminating illicit content (such as malware or obscene materials), which can apply if scammers distribute malicious apps or links. Importantly for victims, the CCA grants law enforcement procedural powers to investigate cybercrimes: Section 18 enables officials to collect traffic data and request server logs or user data from service providers with a court order. This means digital evidence of scam operations (emails, IP addresses, chat histories) can be legally obtained to build a case. The Computer Crime Act is typically used in tandem with other laws – for example, a fraudster might be charged under the Penal Code for cheating and under the CCA for publishing false information online. While the CCA’s primary aim is to punish cyber-offenders, its provisions indirectly protect victims by enabling authorities to track down perpetrators through digital traces and penalize the misuse of computer systems in scams. It’s worth noting the CCA has undergone scrutiny regarding balance with free expression, but in the context of clear criminal fraud, it serves as a powerful tool to bring online scammers to justice.

Thai Penal Code – Fraud and Related Offenses

Traditional criminal law in Thailand, as codified in the Thai Penal Code, squarely addresses cheating and fraud, which are common elements of scams. Section 341 of the Penal Code defines the general offense of cheating and fraud: “Whoever dishonestly deceives a person, by asserting a falsehood or concealing true facts, to wrongfully obtain property from the deceived person or a third person… or cause the deceived person to act or dispose of property, commits fraud”. In plain terms, any scheme where a scammer tricks a victim into giving up money or assets falls under this provision. The base penalty is up to 3 years’ imprisonment or a fine up to 6,000 baht, or both. If the fraud involves aggravating factors, higher penalties apply under subsequent sections. For example, Section 342(1) increases the punishment (up to 5 years in prison or 10,000 baht fine) if the fraud is committed by impersonating another person – a common scenario in “call center” scams where criminals pose as police officers or bank officials. Other sub-sections and related laws address fraud against the public or large-scale cheating. Thailand recognizes “public fraud” (often charged when a scam victimizes numerous people or is conducted as a business) as a more serious crime, frequently accompanied by charges of running a criminal enterprise. For instance, soliciting investments from the public with intent to defraud can be prosecuted not only under the Penal Code but also under specific laws like the Securities and Exchange Act if it involves securities. In fact, the Securities and Exchange Act allows civil action for fraud in investment contexts, where courts can impose a fine equal to the victims’ losses, trading bans, and other penalties on the perpetrators. Additionally, if a scam involves hiring people under false pretenses (e.g. fake jobs with no intent to pay wages), that is criminalized by another section of the Penal Code. In practice, Thai authorities often charge online scammers with multiple offenses – for example, a romance scammer might face Penal Code fraud charges, Computer Crime Act charges for any online deception, and even forgery charges if fake documents were used. These overlapping provisions ensure that scammers can be held accountable on all fronts. For victims, the Penal Code’s fraud sections are the basis for criminal prosecution, allowing the state to arrest and prosecute offenders, and also enabling victims to claim restitution through the criminal court process.

Anti-Money Laundering Act (AMLA) and Asset Freezing

Scam operations almost always involve the movement of money, and Thailand’s Anti-Money Laundering Act (AMLA) is a critical law for freezing and recovering assets tied to criminal fraud. Under AMLA, fraud (especially “public fraud” or fraud schemes that defraud multiple victims) is classified as a predicate offense for money laundering. This gives AMLO – the Anti-Money Laundering Office – the authority to step in and trace, freeze, and seize assets obtained through scams. Even prior to the 2025 cybercrime decree, AMLO’s Transaction Committee could issue orders to freeze bank accounts and properties suspected to be linked to a fraud case, typically for an initial 90 days pending further investigation. Now, with the latest Royal Decree, AMLO’s powers are even more explicit and far-reaching in cyber fraud cases. Once assets are frozen, what happens to the money? Thai law provides a clear path for victims to get their money back rather than letting it revert to state coffers. After authorities seize assets from an accused scammer, victims have the right to file claims for restitution. For example, in a high-profile investment scam case, AMLO announced that victims could file claims by a set deadline to reclaim their losses; the office would compile a list of claimants and the extent of each victim’s damages. The matter is then referred to prosecutors, who will petition the civil court to distribute the seized assets to the verified victims as compensation. This process was used in the notorious iCon Group pyramid scheme case – over 100 assets worth 286 million baht were slated to become state property, but 40 items worth 29 million baht were returned to claimants who proved their ownership or loss, and remaining assets are being handled via the courts for victim restitution. Essentially, the AMLA framework ensures that when ill-gotten gains are confiscated, scam victims have a legal avenue to recover funds proportionate to their losses. Additionally, AMLA facilitates coordination with financial institutions and foreign agencies to track cross-border flows of money. Banks in Thailand now actively work with AMLO and police to flag suspicious transactions (e.g. large, rapid transfers typical of scams) and can freeze funds on short notice under the 2023/2025 cybercrime measures. In summary, the AMLA provisions are a powerful shield for victims: they stop stolen money from disappearing, and they create a mechanism for victims to be made whole through legal proceedings.

Consumer Protection and Telecommunications Regulations

Thailand’s consumer protection and telecom regulators also play a role in safeguarding scam victims, especially by preventing scams and enabling quick response. The Consumer Protection Act provides general protection against unfair or deceptive business practices, which can cover certain scam scenarios (for instance, if an online seller defrauds customers, the victims can complain to the Office of the Consumer Protection Board). However, most large-scale frauds are handled as criminal matters by police. More directly relevant are the telecommunications regulations recently tightened to fight scam calls and texts. The National Broadcasting and Telecommunications Commission (NBTC) — Thailand’s telecom regulator —now holds mobile network operators to strict obligations in the battle against scammers. In mid-2025, the NBTC approved eight new measures requiring telecom companies to actively prevent and respond to scam activities. For example, operators must screen for suspicious phone usage, such as SIM cards that make thousands of VoIP calls (often indicative of call-center scam rings), and can immediately suspend service if such abuse is detected. If the regulator notifies a provider of a known fraudulent number, the company must cut off that number within 24 hours. This rapid shutdown helps protect new potential victims from ongoing scam calls.

Other NBTC rules bolster consumer safety: mobile subscribers’ identities must be verified with biometric checks, and all existing prepaid SIM registrations are being re-verified to weed out fake identities. Critically, foreign nationals are now limited to three mobile SIM cards per operator (with passport verification required), closing a loophole where fraud gangs would buy dozens of SIMs under one name for mass robocalling. Tourist SIM cards are also now capped at 60-day validity, preventing long-term misuse of SIMs obtained with only a passport. The NBTC further requires telecom providers to filter SMS hyperlinks and force businesses sending bulk SMS to register their sender names – this targets scam SMS messages by making it easier to trace and block fake SMS senders. Additionally, all international incoming calls must be prefixed with a special code (like “+697” or “+698”) to warn consumers that the call is from overseas. This helps potential victims identify spoofed local numbers (a common scam tactic) as actually originating abroad. Significantly, the NBTC has put teeth into these measures: if a telecom operator fails to comply and that negligence contributes to a scam, the company can face legal liability under the cybercrime decree (Section 8/10) for any resulting harm. In short, telecom regulations now directly protect consumers by making it harder for scammers to use phone networks as a tool, and by ensuring companies act swiftly to cut off fraudulent communications. These preventive measures complement the legal rights of victims, reducing the incidence of scams and facilitating quicker action when scams do occur.