RBP records new scam methods: email compromise and mobile ‘bland out’

2026-03-09 - 09:24

The Royal Bhutan Police (RBP) has recorded two new types of scams as of 2026 which are email compromise and mobile “bland out” schemes. According to RBP data, 12 cases involved email compromise, accounting for Nu 600,905 in losses. Another four cases were linked to mobile “bland out” scams, resulting in losses of Nu 1,002,777. In total, the 16 reported cases involved Nu 1,603,682, with no funds recovered so far. According to Colonel Pasang Dorji, Deputy Chief of Police of the Crime and Operation Department, RBP scammers are now using sophisticated digital methods to gain access to victims’ personal and financial information. He said that email compromise scams typically begin with phishing emails, where fraudsters send messages containing fake links designed to resemble legitimate communications from organizations or financial institutions. “The emails often include official logos and details to make them appear genuine. Victims are then prompted to click on a link, sometimes unknowingly,” he says. Once the link is opened, scammers can gain access to the victim’s email account and extract personal information and login credentials. As many individuals link their email accounts with banking and online services, the attackers then attempt to access those platforms. “After obtaining the details, the scammers try to secure the One-Time Password (OTP) as the final step. Once they receive the OTP, the money can be transferred to the scammers’ accounts or to other intermediary accounts,” he added. Further he says, “if a mobile phone suddenly blacks out without any clear reason, people should remain cautious. Phones normally do not black out without a cause.” In some reported cases, victims approached the police after discovering that funds had been transferred from their accounts following the sudden malfunction of their phones. DCoP Passang advise individuals who experience such incidents to immediately inform their banks and freeze their accounts to prevent further financial loss. While the new scams are emerging, existing fraudulent schemes continue to dominate the statistics. According to RBP data, a total of 365 scam cases were reported between 2023 and early 2026, involving Nu 40.1 million, of which Nu 12.57 million has been recovered so far. Lottery prize scams recorded the highest number of cases over the four-year period with 98 cases, followed by AUD exchange scams with 92 cases and investment opportunity scams with 56 cases. The data also recorded 45 cases involving the sharing of One-Time Password (OTP), where victims unknowingly provided sensitive banking authentication codes to scammers. House rent scams, where individuals are deceived through fraudulent rental advertisements, accounted for 29 cases, while online shopping scam recorded 15 cases, cryptocurrency-related scams involving USDT recorded 14 cases. 1 case on job opportunity scam was also recorded in 2026. The data indicates that scam cases increased sharply in recent years. In 2023, only 17 cases were reported, involving about Nu 1.76 million, of which Nu 569,262 was recovered. The number rose significantly in 2024, when 147 cases were reported with losses reaching Nu 16.58 million, while Nu 5.6 million was recovered. In 2025, scam cases increased further to 167 cases, involving Nu 18.24 million, with Nu 6.28 million recovered. As of 2026, RBP have recorded 35 cases, involving Nu 5.48 million, with Nu 826,540 recovered so far. RBP said that despite recovery efforts, a large portion of the funds remains unrecovered due to the speed at which scammers transfer or withdraw the money once victims are deceived. RBP have been coordinating closely with key institutions to address emerging scam methods. DCoP Passang said that RBP have conducted coordination meetings with the Royal Monetary Authority, financial institutions, and GovTech Agency. They are ready to support efforts to strengthen security systems. One of the measures being discussed included delinking email accounts from financial services where necessary, as compromised emails can provide scammers with access to multiple platforms. However, he stressed that individual vigilance remains the most important line of defense. He said that the most important factor is personal responsibility in protecting one’s email, mobile devices, and financial accounts.