Latest news with #PhilMuncaster
Mid East Info
13-03-2025
- Business
- Mid East Info
AI-driven deception: A new face of corporate fraud
Phil Muncaster, guest writer at ESET explains that the m alicious use of AI is reshaping the fraud landscape, creating major new risks for businesses. Artificial intelligence (AI) is doing wonderful things for many businesses. It's helping to automate repetitive tasks for efficiency and cost savings. It's supercharging customer service and coding. And it's helping to unearth insight to drive improved business decision-making. Way back in October 2023, Gartner estimated that 55% of organizations were in pilot or production mode with generative AI (GenAI). That figure will surely be higher today. Yet criminal enterprises are also innovating with the technology, and that spells bad news for IT and business leaders everywhere. To tackle this mounting fraud threat, you need a layered response that focuses on people, process and technology. What are the latest AI and deepfake threats? Cybercriminals are harnessing the power of AI and deepfakes in several ways. They include: Fake employees: Hundreds of companies have reportedly been infiltrated by North Koreans posing as remote working IT freelancers. They use AI tools to compile fake resumes and forged documents, including AI-manipulated images, in order to pass background checks. The end goal is to earn money to send back to the North Korean regime as well as data theft, espionage and even ransomware. A new breed of BEC scams: Deepfake audio and video clips are being used to amplify business email compromise (BEC)-type fraud where finance workers are tricked into transferring corporate funds to accounts under control of the scammer. In one recent infamous case, a finance worker was persuaded to transfer $25 million to fraudsters who leveraged deepfakes to pose as the company's CFO and other members of staff in a video conference call. This is by no means new, however – as far back as 2019, a UK energy executive was tricked into wiring £200,000 to scammers after speaking to a deepfake version of his boss on the phone. Authentication bypass: Deepfakes are also being used to help fraudsters impersonate legitimate customers, create new personas and bypass authentication checks for account creation and log-ins. One particularly sophisticated piece of malware, GoldPickaxe, is designed to harvest facial recognition data, which is then used to create deepfake videos. According to one report, 13.5% of all global digital account openings were suspected of fraudulent activity last year. Deepfake scams: Cybercriminals can also use deepfakes in less targeted ways, such as impersonating company CEOs and other high-profile figures on social media, to further investment and other scams. As ESET's Jake Moore has demonstrated, theoretically any corporate leader could be victimized in the same way. On a similar note, as ESET's latest Threat Report describes, cybercriminals are leveraging deepfakes and company-branded social media posts to lure victims as part of a new type of investment fraud called Nomani. Password cracking: AI algorithms can be set to work cracking the passwords of customers and employees, enabling data theft, ransomware and mass identity fraud. One such example, PassGAN, can reportedly crack passwords in less than half a minute. Document forgeries: AI-generated or altered documents are another way to bypass know your customer (KYC) checks at banks and other companies. They can also be used for insurance fraud. Nearly all (94%) claims handlers suspect at least 5% of claims are being manipulated with AI, especially lower value claims. Phishing and reconnaissance: The UK's National Cyber Security Centre (NCSC) has warned of the uplift cybercriminals are getting from generative and other AI types. It claimed in early 2024 that the technology will 'almost certainly increase the volume and heighten the impact of cyber-attacks over the next two years.' It will have a particularly high impact on improving the effectiveness of social engineering and reconnaissance of targets. This will fuel ransomware and data theft, as well as wide-ranging phishing attacks on customers. What's the impact of AI threats? The impact of AI-enabled fraud is ultimately financial and reputational damage of varying degrees. One report estimates that 38% of revenue lost to fraud over the past year was due to AI-driven fraud. Consider how: KYC bypass allows fraudsters to run up credit and drain legitimate customer accounts of funds. Fake employees could steal sensitive IP and regulated customer information, creating financial, reputational and compliance headaches. BEC scams can generate huge one-off losses. The category earned cybercriminals over $2.9 billion in 2023 alone. Impersonation scams threaten customer loyalty. A third of customers say they'll walk away from a brand they love after just one bad experience. Pushing back against AI-enabled fraud Fighting this surge in AI-enabled fraud requires a multi-layered response, focusing on people, process and technology. This should include: Frequent fraud risk assessments An updating of anti-fraud policies to make them AI-relevant Comprehensive training and awareness programs for staff (e.g., in how to spot phishing and deepfakes) Education and awareness programs for customers Switching on multifactor authentication (MFA) for all sensitive corporate accounts and customers Improved background checks for employees, such as scanning resumes for career inconsistencies Ensure all employees are interviewed on video before hiring Improve collaboration between HR and cybersecurity teams AI tech can also be used in this fight, for example: AI-powered tools to detect deepfakes (e.g., in KYC checks). Machine learning algorithms to detect patterns of suspicious behavior in staff and customer data. GenAI to generate synthetic data, with which new fraud models can be developed, tested and trained. As the battle between malicious and benevolent AI enters an intense new phase, organizations must update their cybersecurity and anti-fraud policies to ensure they keep pace with the evolving threat landscape. With so much at stake, failure to do so might impact long-term customer loyalty, brand value and even derail important digital transformation initiatives. AI has the potential to change the game for our adversaries. But it can also do so for corporate security and risk teams.
Channel Post MEA
31-01-2025
- Channel Post MEA
How to Stay Safe from Online Betting Scams
Phil Muncaster, guest writer at ESET, emphasizes don't roll the dice on your online safety – watch out for bogus sports betting apps and other traps commonly set by scammers Online gambling is big business. Topping revenue of $84bn in 2023, the business of online casinos, virtual poker and sports betting is on the rise. It's been helped in no small part by the Supreme Court, whose ruling several years ago effectively allowed US states to legalize sports betting. But as the industry grows and new users come online, scammers looking for quick wins are also targeting the online betting and gambling space in ever greater numbers. From nefarious online casinos to malicious apps and phishing messages, the list of potential fraud channels continues to grow. If you're fond of a flutter, take a look at the most common scams we've highlighted below, and arm yourself with the knowledge to stay safe. Top 6 gambling and betting scams Fraudsters will usually reach their victims via similar channels: that means email, messaging apps and social media, as well as malicious casino sites, gambling apps and potentially even betting forums. Here are some of the most common threats: 1. Phishing A social engineering technique as old as the internet, it's no surprise that gambling scammers are also using phishing to achieve their goals. The trick is to impersonate a legitimate online casino or betting company and persuade the victim into handing over their personal and/or financial details – or give you their account logins. These messages – usually sent via email, but also by social media, messaging apps or text – may contain promises of special offers, designed to lure the victim. Or they could pretend there's something wrong with their account that needs urgently addressing (usually by filling in login details). The scammer will aim to create a sense of urgency in order to rush the victim into acting without thinking things through properly first. Legitimate branding and spoofed sender domains/phone numbers add further legitimacy. 2. Task scams The FTC recently warned of a growing threat from a specific type of online job scam in which victims are approached about work, usually via unsolicited messages on WhatsApp or similar. The scammers promise easy work on vaguely worded tasks such as 'app optimization' or 'product boosting' – where they are told they'll receive money in return for liking rating products via a specialized app. They may even receive a small sum as supposed evidence that the scheme is legitimate. However, before long, the scammers ask their victims to put their own money into the scheme, in order for them to complete the next set of tasks. Once they do, the money will be lost forever. Losses reportedly hit $220m for the first six months of 2024 alone. Although not strictly speaking a betting scam, the gamification element has been described as 'almost like gambling.' 3. Malicious casinos Not all online casinos are created equal. In fact, some are merely a front for fraudulent activity. They might offer huge welcome bonuses, high returns and unlimited free spins in order to attract victims. These offers may be promoted by online ads or spam emails/texts/social messages. In reality, you'll find that these too-good-to-be-true promises do not bear scrutiny. Often the small print will make it impossible for you to take advantage or collect any winnings without losing something yourself. Nefarious casinos may also block withdrawals with technical excuses or excessively long account verification processes. They might even disappear altogether after stealing enough player deposits. 4. Fake apps Fraudulent apps are also an increasingly common way to part gamblers with their money. Victims are attracted to them via flashy internet ads promising quick-and-easy wins. They may be backed by phishing/fake sites populated by fake reviews of the app – something easy to do now in various local languages with AI tools. In some cases, users may even initially be allowed to win small amounts, in order to build their confidence and encourage them to make bigger bets. When they do, any winnings will be locked and the scammers disappear. One recent example of the threat was a campaign involving 500 deceptive ads and 1,377 malicious websites. 5. Scam tipsters You should also beware of anyone claiming to offer insider tips online. Betting fraudsters may claim they have an unbeatable system. They may also say that they've been banned by digital gambling sites because they keep on winning, forcing them to pass on their tips to betters like you in return for payment. But, of course, it's all a lie. Sometimes, such scams can come from unusual sources – such as a world-class poker player who is now facing jail time after fraudulently promising access to 'insider information' to give players a winning edge. 6. Fixed-match scam This is similar to the above example, except the scammer will begin by finding a group of people interested in fixed matches: say 30 individuals. The tipster will request payment from each up front and tell 10 to bet on one outcome, 10 to bet on another and 10 to bet on a third. (In most sports matches, there are only three possible outcomes). The 10 individuals for whom the tipster predicted the correct result now think they have just betted on a genuine fixed match, and will be incentivized to put more money on the next match. Those who didn't win will be blocked by the scammer. Top tactics for ensuring a safer betting experience To keep the scammers at arm's length, be sure to: Stick to verified and licensed gambling platforms, with regulatory approval. Be skeptical of any offering big bonuses and unlimited free spins, and always read the small print – offers like massive bonuses or unlimited free spins often come with hidden catches. Switch on multi-factor authentication (MFA) on any account to add an extra layer of security to your accounts and protect your logins from unauthorized access. Never share personal or financial information, including logins, via unsolicited messages or questionable sites. Check your bank and betting accounts regularly to spot any unusual activity. Steer clear of tipsters who approach you online, especially those claiming insider knowledge or access to fixed matches. Ignore ads and individuals tied to new social media account; instead, stick to platforms and individuals with a credible history. Only download apps from legitimate stores (i.e., Apple App Store and Google Play) and check ratings/developer reviews before doing so. Like any online activity, gambling comes with its own set of risks. Bet responsibly, and stay safe out there. 0 0
