The technology transforms the functioning of financial scams, which makes them more sophisticated, automated and more difficult to detect. From deep imitations to cryptocurrency fraud and technological support scams, the bad players leave no stone not returned and take advantage of each advanced tool at their disposal to manipulate the victims and steal their assets.
This blog will examine how fraudsters are armament for artificial intelligence (AI), social engineering and the evolution of digital tactics to exploit customers of financial planning, and what can be done to fight These growing threats.
Help crooks to work smarter, no more difficult
To begin with, malicious actors use artificial intelligence (AI) to improve the scale, sophistication and efficiency of their scams. Chatbots and Deepfake technology powered by AI allow them to create extremely convincing phishing emails, identify frames in email scams (BEC) and even generate realistic voice recordings or videos to deceive the victims.
For example, Deepfake Audio was Used in CEO fraudWhere the crooks imitate the voice of high -ranking frames and ask employees to wire large sums of money. The scam can only get by phone or use a hybrid approach when a Deepfake voice message asks the employee to check his email for full payment instructions.
AI also facilitates automated social engineering, in which automatic learning models analyze large amounts of data from social media and the fashionable web of hyper personalized scam messages.
These technologies are used for cryptocurrency fraud. The commercial robots generated by Ai-Générations promise guaranteed benefits but operate as Ponzi patterns, while generative AI tools help criminals to create false white paper and websites for illegitimate cryptography projects.
Unfortunately, as the technology has evolved, the attackers will only improve their tactics, which makes scams more difficult to identify and prevent.
Seeing is no longer to believe
John Wilson, principal scholarship holder, Research to the threat of Fortra, personally saw a case where a crook left a DEEPFAKE voice message which usurped the identity of the CEO of his business. When asked if the crooks per e-mail also used AI, Wilson noted: “When we consider the scams by e-mail, there are many evidence to suggest that the crooks can use AI; However, it is difficult to be sure. For example, the scam messages we used to see were almost always in English. As the generative has become more common, we have attended a corresponding increase for scams in other languages. “
Your pay check has taken a detour
He said before 2024, the payroll scams, where a crook arises like an employee and an engineering tries socially an HR employee to modify the direct deposit account of the real employee, would generally use delicate sentences and were clearly only a copy and a checkback of a model.
“For example, an e-mail of paying payments before 2024 could be read:“ I would like to update my bank information before the processing of the next payroll. What details do you need? “Recently, we started to see a greater variation in the content of the message; for example, just today, we have seen the following:” I hope this message meets you well. I reach out to let you know that I recently changed banks, and I would like to request an update of my direct deposit information before the finalization of the next pay period. “Our conclusion is that, yes, the crooks are starting to use AI.”
The Blockchain of Broken Dreams
Cryptocurrency scams have also increased, probably due to the sky popularity of digital assets exploiting the anonymity and decentralized nature of blockchain technology. Fraudsters use a multitude of tactics, including Ponzi diets, phishing attacks and false investment platforms, to deceive investors and steal their funds.
A current scam is called “carpet holders”, in which the developers promote a new cryptocurrency project, attract substantial investments, then suddenly abandon the project, draining any liquidity. A notorious example is the Squid game token scam in 2021Who saw the developers launching a cryptocurrency inspired by the popular Netflix show, to disappear with more than $ 3 million after preventing investors from selling their tokens.
If it’s too good to be true
Another generalized crypto scam revolves around false gifts and the identity of celebrities on social networks. The threat actors create false messages, or accounts verified by diversion to affirm that public figures like Elon Musk or Vitalik Buterin offer a free bitcoin or Ethereum in exchange for a small initial payment of “verification”.
In 2020, A major twitter violation led to the hacking of accounts belonging to Musk, Bill Gates and Apple, promoting a false gift that stole more than $ 118,000 in Bitcoin in a few hours. Phishing attacks, where crooks create false websites, legitimate cryptography exchanges or portfolios to encourage users to enter their identification information, are also popular. Once compromised, the victims find their accounts drained and the recovery is practically impossible from the unchanging nature of the blockchain.
A ransom or your reputation
Wilson says that cryptocurrency scams are increasingly common and in addition to Bouchery scamsThe industry finds a massive increase in blackmail scams where the attacker claims to have hacked the victim’s computer and will distribute a video of webcam compromising to all the victim’s contacts, unless they hide a ransom of cryptocurrency.
“Messages include personal details on the victim, such as the victim’s home address or telephone number. We recently analyzed a few thousand of these attacks and discovered that 14% of cryptocurrency portfolios had transactions on the blockchain. This suggests that crooks have a high success rate with crooks. ”
Technical support or tip support?
Technological support scams also become banks. These use people by usurting the identity of legitimate IT services to get their hands on personal data or require fraudulent payments. Malventy actors often pose as well-known companies representatives such as Microsoft, Apple or antivirus suppliers, contacting victims via telephone calls, contextual windows or phishing emails.
A current tactic involves false security alerts warning users of malicious software infections, encouraging them to call an assistance container. In 2023, the Center for Crime Complaints on the Internet of the FBI (IC3) reported some 37,560 complaints linked to technological support fraud, with losses of $ 924,512,658.
An example is the reimbursement scam of technological media, where bad players claim to offer reimbursements for expired or unsatisfactory services, but their real intention is to deceive victims to provide personal information or payment details to steal their money. Another crawling scheme is remote access fraud, where fraudsters convince users to install remote desktop software, giving them control over the victim’s device to steal sensitive information or deploy ransomware.
An e-mail / hybrid phone approach
The technological support scams are always common, explains Wilson. However, the crooks had to modify their tactics in response to the efforts of the industry to limit these scams.
“Because most mobile operators now provide warnings or even scam calls, crooks now use a hybrid e-mail approach. The crook sends the victim a message that a subscription has been renewed for another year. E-mails include a telephone number to call to cancel the subscription.”
He explains that the use of email as an initial lure offers three advantages to the crook. First of all, because the victim makes an outgoing call, the crook bypassing the incoming fraud warnings of the mobile telephony supplier. Second, the attacker can reach millions of potential victims and is not limited by the number of outgoing calls they can make. Finally, the victims who call have already been deceived by the original electronic message and are probably more likely to fall into the rest of the scam.
An exposed scam is a weakened scam
When it comes to reporting scams, while there is a centralized place to signal the scams – IC3.GOV, the cruel joke is that people who know the site are generally very informed on online scams, while people who are most sensitive to scams have no idea where to report them, explains Wilson.
“No technological solution can prevent each of these scams, so education is a key element of any large -scale defense. I would like to see popular television broadcasts incorporating an education on scams in their intrigue. For example, a character could be taken in a romantic scam. Anyone who watched the episode would then experience romance scams and could be less likely to fall for one. ”
Speaking of the steps he has personally taken to protect customers from technology scams, Wilson said: “I will give you an example of this last weekend. One of my friends sent me a screenshot of a phishing link led to a phishing site that had been recorded earlier in a popular electricity group, where I arrived at excellent contacts. From my contacts, which quickly overthrew the offline site.
He says that the reason it worked was because of interpersonal relationships. “My friend knew how to send me the SMS. I knew how to analyze the link and collect the evidence necessary to send to my contact. My contact had the opportunity to act. “
Vigilance, education, proactive security
Unfortunately, fraudsters will only continue to refine their tactics using AI and digital tools to carry out their bad deeds. Staying above these threats cannot occur without a mixture of vigilance, education and proactive security measures.
Although technology can and is used to deceive, it can also be used to eliminate and prevent fraud, which means that awareness and collaboration are key weapons in the fight against financial scams.