Trump Signs Executive Order to Dismantle Global Cybercrime Networks Preying on Americans

President Donald Trump signed an executive order this week directing a sweeping, whole-of-government crackdown on transnational criminal organizations that run scam centers, deploy ransomware, and carry out financial fraud targeting American families, marking one of the most comprehensive federal cybercrime directives in years.

Executive Order 14390, titled "Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens," was signed March 6 and published in the Federal Register today. It was released alongside the administration's new National Cyber Strategy, a pairing that National Cyber Director Sean Cairncross described as deliberate, framing the combined package as a whole-of-government approach to dismantling the criminal networks that profit from American victims.

The order paints a stark portrait of the threat. "These activities, which include deploying ransomware and malware, phishing, financial fraud, 'sextortion' and other extortion schemes, impersonation, and more, are often coordinated campaigns carried out by Transnational Criminal Organizations aimed at the most vulnerable among us," the White House stated. The order describes the toll in human terms, characterizing cybercrime and fraud as "draining American families of their life savings, stealing the benefits of years of work, and destroying the lives of our youth."

Critically, the order moves beyond domestic enforcement. It acknowledges that "foreign regimes provide willing or tacit state support to cybercrime and predatory schemes, creating a shadow economy fueled by stolen identities, coercion, forced labor, and human trafficking." Countries that refuse to cooperate with U.S. efforts could face limitations on foreign assistance, targeted sanctions, visa restrictions, trade penalties, and the expulsion of foreign officials and diplomats found complicit in the schemes.

On the enforcement side, the order sets two key deadlines. Within 120 days, senior Cabinet officials, including the Attorney General and the Secretaries of Homeland Security and State, must deliver an interagency action plan that identifies the specific transnational criminal organizations responsible for scam centers and cybercrime, and proposes concrete solutions to disrupt and dismantle them. That plan must also describe how a dedicated operational cell within the National Coordination Center would draw on private-sector cybersecurity firms for threat intelligence, attribution capabilities, and operational insights.

Within 90 days, the Attorney General must submit a recommendation to the president on whether to establish a Victims Restoration Program, a potential mechanism for returning seized and forfeited funds from fraud operations directly to the people harmed by them. The prospect of such a program carries significant weight given that millions of Americans are estimated to be affected by cyber-enabled fraud annually.

The Department of Justice is also directed to prioritize prosecutions of cyber-enabled fraud schemes, focusing resources on the most serious and provable cases, a directive that signals the administration wants high-impact convictions rather than a broad but shallow enforcement dragnet.

The order is the latest in a sequence of cyber and online-safety actions. The administration signed an executive order on foreign cyber threats in June 2025, issued guidance to financial institutions on detecting sextortion schemes in September 2025, and in May 2025, Trump signed the TAKE IT DOWN Act, targeting non-consensual intimate image sharing and deepfake exploitation.

Whether the Victims Restoration Program materializes, and which foreign governments ultimately face sanctions under the new framework, will define whether this order reshapes the cybercrime landscape or remains largely aspirational. The 90- and 120-day deadlines will be the first real measure of implementation.