White House floats Victims Restoration Program for millions affected by cyber fraud

The Trump administration released an executive order Friday outlining measures the U.S. government plans to take to address the billions worth of financial losses Americans continue to suffer each year from cybercrime.

Multiple agencies were ordered to create an action plan within 120 days laying out plans to “prevent, disrupt, investigate, and dismantle” transnational criminal organizations that are responsible for scam centers and cybercrime. 

The order also calls for the creation of a Victim Restoration Program in 90 days that will provide “restoration or remission to victims of cyber-enabled fraud schemes from funds clawed back, forfeited, or seized from the transnational criminal organizations that perpetrate such schemes.”

An operational unit within the National Coordination Center will be created to organize federal efforts to combat the organizations. Participants will include the State, Treasury, War, Homeland Security and Justice Departments.

“The action plan and NCC operational cell shall include mechanisms to improve information sharing, operational coordination, and rapid response across the Federal Government, and shall align with existing law enforcement frameworks and efforts to counter cyber-enabled threats emanating from foreign jurisdictions,” the executive order said, adding that the private sector can be pulled in “when appropriate.”

The unit will use technical capabilities, threat intelligence and operational insights from commercial cybersecurity firms to “enhance attribution, tracking, and disruption of malicious cyber actors and enabling infrastructure engaged in cybercrime, fraud, and predatory schemes.”

The executive order said cybercrime and fraud are “draining American families of their life savings, stealing the benefits of years of work, and destroying the lives of our youth.”  

“These activities — which include deploying ransomware and malware, phishing, financial fraud, ‘sextortion’ and other extortion schemes, impersonation, and more — are often coordinated campaigns carried out by Transnational Criminal Organizations (TCOs) aimed at the most vulnerable among us,” the White House said. 

“In many cases, foreign regimes provide willing or tacit state support to cybercrime and predatory schemes, creating a shadow economy fueled by stolen identities, coercion, forced labor, and human trafficking.”

In addition to cyber thefts by ransomware gangs and cybercriminal organizations, the FBI estimates that international scam compounds steal about $12.5 billion from Americans each year through a variety of schemes typically centered around fake investments or romantic entanglements. 

In December, the Justice Department announced the Scam Center Strike Force designed to coordinate with foreign governments on operations that disrupt scam centers, many of which are located across Southeast Asia. 

The executive order said the State Department will also work with foreign governments to demand enforcement action against criminal organizations operating within their borders. 

The executive order outlines several actions that should be taken against countries that refuse to help the U.S., including the “limitation of foreign assistance, the application of targeted sanctions, visa restrictions, trade penalties, and, where appropriate, the immediate expulsion from the United States of foreign officials and diplomats complicit in these schemes.”

At an event on Monday, National Cyber Director Sean Cairncross said the executive order was intentionally released alongside the National Cyber Strategy because the White House wants a whole-of-government approach to addressing transnational criminal organizations and scam centers. 

“How do we get after these criminal groups in a strategic way that’s going to make a dent in their operations? That’s not just cyber, that’s diplomatic, that’s the State Department coming with a plan to say, ‘this is how we’re going to leverage diplomacy in this regard,’” he said. 

“It’s the Attorney General and DOJ looking to really ramp up arrests and extraditions. President Trump has made clear he expects results.”

Several cybersecurity experts said the executive order is a much-needed guide for how the government plans to address the out-of-control cyber fraud industry. 

Nicole Tisdale, a former director at the White House National Security Council, told Recorded Future News that the executive order sends the signal that agencies shouldn’t let their own jurisdictions and statutory authorities become the ceiling on what they’re willing to do together.

“Cybercrime doesn’t respect jurisdictional lines, but our response frameworks often do. What’s different here is that the President is explicitly directing a coordinated, whole-of-government effort with a shared goal: protecting and restoring victims,” she said. 

“The order also signals real consequences for nations that provide safe harbor to these TCOs — sanctions, visa restrictions, even expulsion of complicit officials. That’s a meaningful escalation in posture, and it closes a gap that has frustrated law enforcement and diplomats alike for years.”

Tisdale said the executive order may create momentum in Congress to take further action. Comprehensive victim protections would require Congress to act with both legislation and floor votes that provide not just the statutory framework, but the sustained appropriations that give the executive branch what it actually needs to execute these protections over time, she said.

She also lauded the Victim Restoration Fund, noting that the government has seized billions of dollars from criminal networks with little explanation for where that money will end up. 

More than $2 million was seized last week from Egyptian scammers and last year, the Justice Department seized about $15 billion worth of bitcoin from accounts allegedly linked to the chairman of a prominent Cambodian conglomerate who was indicted on charges that his company is behind a sprawling scamming empire. 

“Cybercrime victims — particularly seniors, low-income families, and trafficking survivors who are often coerced into these schemes — lose not just money but stability, dignity, and in some cases safety,” she said.