Scam Centers Keep Office Hours — Because Fraud Is a Business

Bitdefender telemetry shows that many scam operations follow predictable work schedules, reinforcing what police investigations have long suggested: modern fraud is an organized business.

Key takeaways:

• Scam operations increasingly function like legitimate businesses, complete with specialized teams, performance targets, and predictable work schedules
• More than 5% of global SMS traffic analyzed by Bitdefender was linked to risky campaigns or coordinated scam infrastructure
• Scam activity peaks during standard business hours, suggesting that human operators remain central to many fraud campaigns
• Law enforcement investigations continue to dismantle large transnational scam centers operating across multiple countries
• Consumers should verify unexpected messages, calls, and financial requests, and use dedicated scam-detection tools to stay protected

SMS and phone calls are among the most personal digital communication channels—and the most effective attack vectors for organized cybercrime.

Unlike mail or web content, text messages and calls catch our attention the moment they arrive, often appearing to come from friends, family members, banks, delivery companies, government agencies, or other trusted organizations.

This proximity creates a trust bias – one that threat actors exploit with great success.

As our 2026 Global Scam Intelligence Report reveals, more than 5% of all SMS traffic is associated with scams. In other words, approximately 1 in 20 messages exhibited characteristics consistent with scam infrastructure or coordinated fraud. This represents a high contamination rate for a communication channel perceived as high in trust.

The most common scams delivered through SMS.

Organized fraud

Scams at this scale don't happen by accident. Behind many of these campaigns are organized fraud operations that function much like legitimate businesses.

Investigators increasingly uncover scam compounds where hundreds of workers follow scripts, work shifts, and meet performance targets.

These operations are often divided into specialized teams.  One group distributes millions of phishing texts or fraudulent messages, another handles phone calls from victims, while others focus on payment processing, cryptocurrency transfers, or laundering stolen funds.

Like any sales organization, efficiency is measured, tactics are refined, and successful campaigns are quickly replicated across countries and languages.

Transnational scam networks

Law enforcement actions expose the scale of these operations. Recent INTERPOL operations across the Middle East and North Africa led to hundreds of arrests linked to transnational scam networks responsible for online fraud, phishing campaigns, and financial scams.

Similar investigations have uncovered fraudulent tech support operations masquerading as legitimate customer service centers, complete with office infrastructure, managers, call scripts, and employees whose sole purpose was persuading victims to surrender remote access to their devices or transfer money.

Our own telemetry reinforces this picture. Scam activity isn't evenly distributed throughout the day. Instead, many campaigns closely mirror standard business hours, suggesting that human operators – not just automated bots – remain an integral part of the fraud chain.

Our honeypots reveal that scam activity peaks around 8:00 a.m. Many fraud operations follow structured workdays rather than operating randomly.

According to the  Bitdefender 2025 Consumer Cybersecurity Survey, 7 out of 10 people have encountered a scam of some type in the last 12 months, and 1 in 7 fell victim to one.

Download the full Bitdefender Global Scam Intelligence Report 2026

The takeaway is simple: modern scams are no longer opportunistic crimes carried out by isolated individuals. They're organized businesses with employees, workflows, performance metrics – and, apparently, office hours.

How to protect yourself from sophisticated scams

As online fraud operations expand globally, consumers should assume that unsolicited messages, calls, and investment opportunities deserve verification before trust – especially in conversations involving investments, cryptocurrency, urgent financial requests, or emotional manipulation.

Here are some practical tips to reduce your risk:

• Be skeptical of investment opportunities promoted through social media, messaging apps or dating platforms.
• Never send money or cryptocurrency to an entity or person you have not verified independently.
• Watch for pressure tactics involving urgency, secrecy, or emotional manipulation.
• Enable multi-factor authentication on important accounts.
• Use strong, unique passwords and consider a password manager.
• Avoid downloading attachments or clicking links from unexpected messages.
• Keep devices and security software updated.
• Research companies, trading platforms, and investment offers independently before sending funds.

Use security tools that detect scams

Dedicated scam-detection tools can help identify phishing links, fraudulent messages, spoofed websites, and other indicators of online fraud before they cause harm.

To help people stay ahead of evolving threats, Bitdefender has introduced Scam Radar, a new feature integrated into Bitdefender Mobile Security for Android and Bitdefender Mobile Security for iOS.

When in doubt about an unsolicited phone call, text or social media interaction, use Scamio, our free scam detector and prevention service. Simply describe your situation and let Scamio guide you to safety.

You may also want to read:

Scams Have Gone Omnichannel: New Global Report Tracks Fraud Across Web, SMS, Social and Voice

Scam Centers Are Feeling the Heat – INTERPOL Makes 201 Arrests in the MENA Region

Telecom Executives Plead Guilty to Tech Support Fraud