Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens
This Presidential Action establishes a firm policy to protect Americans from cybercrime, fraud, and predatory schemes often orchestrated by Transnational Criminal Organizations (TCOs), sometimes with state sponsorship.
The order directs several key agencies to review existing frameworks and develop an action plan within 120 days to disrupt and dismantle these TCOs, necessitating the creation of an operational cell within the National Coordination Center (NCC).
Furthermore, it mandates recommendations for a Victim Restoration Program using seized funds and requires the Secretary of State to engage diplomatically to compel foreign nations to curb such criminal activity or face U.S. consequences.
Arguments For
Protection of Vulnerable Citizens: The action directly addresses the significant harm caused by cybercrime, fraud, and extortion schemes (like ransomware and 'sextortion') that are draining American families' savings and exploiting vulnerable populations.
Enhanced Federal Coordination: It mandates the creation of a dedicated operational cell within the National Coordination Center (NCC) to centralize and coordinate federal efforts against foreign-based Transnational Criminal Organizations (TCOs) engaged in cyber-enabled crime.
Victim Support: It proposes establishing a Victims Restoration Program to potentially return funds seized from TCOs back to the victims of cyber fraud schemes.
International Pressure: The order directs diplomatic engagement to force foreign governments that tolerate these criminal organizations to take enforcement actions, threatening consequences like sanctions and trade penalties against non-compliant nations.
Arguments Against
Scope and Interpretation: The broad definition of illicit activities and the reference to foreign regimes potentially supporting such crimes might lead to disputes over jurisdiction and the extent of permissible offensive actions by the U.S. government.
Implementation Timeline and Resources: Setting deadlines (60 and 120 days) for reviews and action plans places immediate pressure on agencies like State, Treasury, Defense, Justice, and Homeland Security that may require new appropriations or significant reallocation of existing resources to establish the NCC cell and programs.
Potential Legal Challenges to Sanctions: The prescribed international consequences (sanctions, visa restrictions) rely on existing laws, but their application against nations tolerating crime could escalate international tensions or face diplomatic resistance.
Effectiveness of Clawback Provisions: The success of the Victim Restoration Program hinges entirely on the ability of law enforcement to successfully seize, forfeit, or claw back funds from sophisticated, often foreign-based, TCOs.
Presidential Actions
By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered:
Section 1. Purpose and Policy. Cybercrime, fraud, and predatory schemes are draining American families of their life savings, stealing the benefits of years of work, and destroying the lives of our youth. These activities — which include deploying ransomware and malware, phishing, financial fraud, “sextortion” and other extortion schemes, impersonation, and more — are often coordinated campaigns carried out by Transnational Criminal Organizations (TCOs) aimed at the most vulnerable among us. In many cases, foreign regimes provide willing or tacit state support to cybercrime and predatory schemes, creating a shadow economy fueled by stolen identities, coercion, forced labor, and human trafficking.
It is the policy of the United States to protect Americans from, and harden our financial and digital systems against, these threats. The United States shall counter attacks on Americans with a commensurate response that includes law enforcement, diplomacy, and potential offensive actions. It is further the policy of the United States to provide support to victims of these crimes, expand public alerts, and prioritize protection for those most at risk to end the exploitation and victimization of Americans.
Sec. 2. Combating Scam Centers and Cybercrime. (a) The Secretary of State, the Secretary of the Treasury, the Secretary of War, the Attorney General, and the Secretary of Homeland Security, in consultation with the Office of the National Cyber Director, and in coordination with the Assistant to the President and Homeland Security Advisor (APHSA), shall:
(i) within 60 days of the date of this order, review the relevant operational, technical, diplomatic, and regulatory frameworks in place to determine how each can be improved to best combat TCOs engaged in cyber-enabled crime and similar predatory schemes against Americans; and
(ii) within 120 days of the date of this order, using the results of the review directed in subsection (a)(i) of this section, submit to the President, through the APHSA, an action plan that identifies the TCOs responsible for scam centers and cybercrime and proposes solutions to prevent, disrupt, investigate, and dismantle these TCOs. This action plan shall provide for the creation of an operational cell within the National Coordination Center (NCC) established pursuant to section 6(d) of Executive Order 14159 of January 20, 2025 (Protecting the American People Against Invasion), which will be responsible for coordinating Federal efforts to detect, disrupt, dismantle, and deter — including by involving the private sector as appropriate — cyber-enabled criminal activity conducted by foreign TCOs and associated networks that target United States persons, businesses, critical infrastructure, or public services.
(b) The action plan shall describe how, consistent with applicable law, the Attorney General and the Secretary of Homeland Security, supported by the Secretary of War, shall use relevant technical capabilities, threat intelligence, and operational insights from commercial cybersecurity firms and other non-Federal entities, as appropriate, to enhance attribution, tracking, and disruption of malicious cyber actors and enabling infrastructure engaged in cybercrime, fraud, and predatory schemes.
(c) The action plan and NCC operational cell shall include mechanisms to improve information sharing, operational coordination, and rapid response across the Federal Government, and shall align with existing law enforcement frameworks and efforts to counter cyber-enabled threats emanating from foreign jurisdictions.
(d) The Attorney General shall continue to prioritize prosecutions of defendants engaged in cyber-enabled fraud, including scam centers and sextortion schemes, and, consistent with the principles of Federal prosecution, shall pursue the most serious, provable offenses encompassed by such fraudulent schemes.
(e) To the maximum extent permitted by law, the Secretary of Homeland Security, acting through the Director of the Cybersecurity and Infrastructure Security Agency, shall partner with the NCC to provide training, technical assistance, and resilience building to support State, local, Tribal, and territorial (SLTT) partners, including to expand defensive capacity, share threat intelligence, and harden SLTT partners’ critical infrastructure systems against cybercrime exploitation by TCOs.
Sec. 3. Victim Restoration Program. Within 90 days of the date of this order, the Attorney General shall submit a recommendation to the President, through the APHSA, regarding the establishment of a Victims Restoration Program designed to provide, to the greatest extent authorized by law and in consideration of the Department of Justice’s goal of serving all victims of crime, restoration or remission to victims of cyber-enabled fraud schemes from funds clawed back, forfeited, or seized from the TCOs that perpetrate such schemes.
Sec. 4. International Engagement. The Secretary of State, in coordination with the NCC, shall engage with foreign governments to demand enforcement actions against TCOs operating within their borders and greater cooperation with United States law enforcement. The Secretary of State shall take all necessary and appropriate steps to ensure that nations that tolerate such predatory activity shall face consequences consistent with United States law and policy, such as the limitation of foreign assistance, the application of targeted sanctions, visa restrictions, trade penalties, and, where appropriate, the immediate expulsion from the United States of foreign officials and diplomats complicit in these schemes. The Secretary of State shall also coordinate these actions with allies and partners to enhance the consequences of actions taken against nations that tolerate predatory activity.
Sec. 5. General Provisions. (a) Nothing in this order shall be construed to impair or otherwise effect:
(i) the authority granted by law to an executive department or agency, or the head thereof; or
(ii) the functions of the Director of the Office of Management and Budget relating to budgetary, administrative, or legislative proposals.
(b) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.
(c) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.
(d) The costs for publication of this order shall be borne by the Department of Homeland Security.
DONALD J. TRUMP
The post Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens appeared first on The White House.
This introductory section outlines the source of the President's authority to issue the order, which stems from the Constitution and U.S. laws.
The main purpose of the action is stated here: to combat cybercrime, fraud, and predatory schemes, such as ransomware, phishing, and 'sextortion,' which harm American families and youth.
These activities are attributed to Transnational Criminal Organizations (TCOs), often tacitly supported by foreign regimes.
The overarching policy is to protect American financial and digital systems through a commensurate response utilizing law enforcement, diplomacy, and potentially offensive actions.
It further emphasizes supporting victims and prioritizing protections for those most at risk.
Section 1. Purpose and Policy. Cybercrime, fraud, and predatory schemes are draining American families of their life savings, stealing the benefits of years of work, and destroying the lives of our youth. These activities — which include deploying ransomware and malware, phishing, financial fraud, “sextortion” and other extortion schemes, impersonation, and more — are often coordinated campaigns carried out by Transnational Criminal Organizations (TCOs) aimed at the most vulnerable among us. In many cases, foreign regimes provide willing or tacit state support to cybercrime and predatory schemes, creating a shadow economy fueled by stolen identities, coercion, forced labor, and human trafficking.
It is the policy of the United States to protect Americans from, and harden our financial and digital systems against, these threats. The United States shall counter attacks on Americans with a commensurate response that includes law enforcement, diplomacy, and potential offensive actions. It is further the policy of the United States to provide support to victims of these crimes, expand public alerts, and prioritize protection for those most at risk to end the exploitation and victimization of Americans.
Section 1 defines the problem and sets the national policy direction.
The President identifies cybercrime, including ransomware, phishing, and extortion, as major threats financially devastating American families and exploiting vulnerable people.
These criminal acts are linked to Transnational Criminal Organizations (TCOs), which may receive support from foreign governments, creating an illicit economy involving activities like human trafficking.
The core U.S. policy established is to defend American systems through a hard response involving law enforcement, diplomacy, and possible offensive measures.
This policy also mandates support for crime victims, increased public warnings, and enhanced protection for those most susceptible to exploitation by these criminal networks.
Sec. 2. Combating Scam Centers and Cybercrime. (a) The Secretary of State, the Secretary of the Treasury, the Secretary of War, the Attorney General, and the Secretary of Homeland Security, in consultation with the Office of the National Cyber Director, and in coordination with the Assistant to the President and Homeland Security Advisor (APHSA), shall:
(i) within 60 days of the date of this order, review the relevant operational, technical, diplomatic, and regulatory frameworks in place to determine how each can be improved to best combat TCOs engaged in cyber-enabled crime and similar predatory schemes against Americans; and
(ii) within 120 days of the date of this order, using the results of the review directed in subsection (a)(i) of this section, submit to the President, through the APHSA, an action plan that identifies the TCOs responsible for scam centers and cybercrime and proposes solutions to prevent, disrupt, investigate, and dismantle these TCOs. This action plan shall provide for the creation of an operational cell within the National Coordination Center (NCC) established pursuant to section 6(d) of Executive Order 14159 of January 20, 2025 (Protecting the American People Against Invasion), which will be responsible for coordinating Federal efforts to detect, disrupt, dismantle, and deter — including by involving the private sector as appropriate — cyber-enabled criminal activity conducted by foreign TCOs and associated networks that target United States persons, businesses, critical infrastructure, or public services.
(b) The action plan shall describe how, consistent with applicable law, the Attorney General and the Secretary of Homeland Security, supported by the Secretary of War, shall use relevant technical capabilities, threat intelligence, and operational insights from commercial cybersecurity firms and other non-Federal entities, as appropriate, to enhance attribution, tracking, and disruption of malicious cyber actors and enabling infrastructure engaged in cybercrime, fraud, and predatory schemes.
(c) The action plan and NCC operational cell shall include mechanisms to improve information sharing, operational coordination, and rapid response across the Federal Government, and shall align with existing law enforcement frameworks and efforts to counter cyber-enabled threats emanating from foreign jurisdictions.
(d) The Attorney General shall continue to prioritize prosecutions of defendants engaged in cyber-enabled fraud, including scam centers and sextortion schemes, and, consistent with the principles of Federal prosecution, shall pursue the most serious, provable offenses encompassed by such fraudulent schemes.
(e) To the maximum extent permitted by law, the Secretary of Homeland Security, acting through the Director of the Cybersecurity and Infrastructure Security Agency, shall partner with the NCC to provide training, technical assistance, and resilience building to support State, local, Tribal, and territorial (SLTT) partners, including to expand defensive capacity, share threat intelligence, and harden SLTT partners’ critical infrastructure systems against cybercrime exploitation by TCOs.
Section 2 mandates immediate and short-term actions targeting scam centers and cybercrime. Key Secretaries (State, Treasury, War, Attorney General, Homeland Security), along with the National Cyber Director and the Homeland Security Advisor (APHSA), must perform a review within 60 days to improve existing operational, technical, and diplomatic frameworks against cyber TCOs.
Within 120 days, these officials must submit an action plan identifying responsible TCOs and proposing dismantling solutions.
This plan requires establishing an operational cell within the National Coordination Center (NCC) to coordinate federal disruption efforts, involving the private sector as necessary.
Subsections detail that the Attorney General and Secretary of Homeland Security, supported by the Secretary of War, will incorporate commercial cybersecurity insights for better tracking and disruption of malicious cyber actors.
The action plan must improve federal information sharing and coordination.
The Attorney General must continue prioritizing prosecutions for cyber fraud and sextortion, pursuing the most severe provable charges.
Finally, the Secretary of Homeland Security, via CISA, must work with the NCC to bolster training and technical assistance for State, local, Tribal, and territorial (SLTT) partners to harden their critical infrastructure against these cyber threats.
Sec. 3. Victim Restoration Program. Within 90 days of the date of this order, the Attorney General shall submit a recommendation to the President, through the APHSA, regarding the establishment of a Victims Restoration Program designed to provide, to the greatest extent authorized by law and in consideration of the Department of Justice’s goal of serving all victims of crime, restoration or remission to victims of cyber-enabled fraud schemes from funds clawed back, forfeited, or seized from the TCOs that perpetrate such schemes.
Section 3 focuses on victim restitution.
The Attorney General must recommend establishing a Victims Restoration Program within 90 days to the President, channeled through the APHSA.
This program aims to provide restoration or remission (returning seized assets) to victims of cyber-enabled fraud schemes.
The funds for restitution would come specifically from money "clawed back, forfeited, or seized" from the TCOs responsible for perpetrating those schemes, while respecting existing Department of Justice priorities to serve all crime victims.
Sec. 4. International Engagement. The Secretary of State, in coordination with the NCC, shall engage with foreign governments to demand enforcement actions against TCOs operating within their borders and greater cooperation with United States law enforcement. The Secretary of State shall take all necessary and appropriate steps to ensure that nations that tolerate such predatory activity shall face consequences consistent with United States law and policy, such as the limitation of foreign assistance, the application of targeted sanctions, visa restrictions, trade penalties, and, where appropriate, the immediate expulsion from the United States of foreign officials and diplomats complicit in these schemes. The Secretary of State shall also coordinate these actions with allies and partners to enhance the consequences of actions taken against nations that tolerate predatory activity.
Section 4 directs the Secretary of State to use diplomatic channels to counter TCOs operating abroad.
The Secretary must negotiate with foreign governments to demand they enforce laws against criminal organizations within their territory and increase cooperation with U.S. law enforcement.
The directive authorizes using several potential consequences against nations that permit this predatory activity.
These consequences include limiting foreign aid, imposing targeted sanctions, enacting visa restrictions, applying trade penalties, and potentially expelling complicit foreign diplomats.
The Secretary of State must also coordinate these escalatory measures with international allies and partners to increase the severity of consequences for non-compliant nations.
Sec. 5. General Provisions. (a) Nothing in this order shall be construed to impair or otherwise effect:
(i) the authority granted by law to an executive department or agency, or the head thereof; or
(ii) the functions of the Director of the Office of Management and Budget relating to budgetary, administrative, or legislative proposals.
(b) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.
(c) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.
(d) The costs for publication of this order shall be borne by the Department of Homeland Security.
DONALD J. TRUMP
The post Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens appeared first on The White House.
Section 5 contains standard administrative clauses for the Executive Order.
Clause (a) clarifies that the order does not limit the independent legal authority of any executive department or agency, nor does it interfere with the budgetary or legislative proposal functions of the Office of Management and Budget (OMB).
Clause (b) requires that all mandated implementation adhere strictly to existing laws and depends on the availability of necessary funding ('appropriations').
Clause (c) serves as a non-binding disclaimer, stating that the order does not create any new legal rights or benefits enforceable by private parties against the U.S. government or any other person.
Finally, Clause (d) assigns financial responsibility for publishing the order to the Department of Homeland Security, followed by the signature of Donald J. Trump.