Blog

You are currently viewing AI Scams: The Age of Digital Deception

AI Scams: The Age of Digital Deception

AI Scams: The Erosion of Digital Trust

The age of digital trust is under siege. Artificial Intelligence (AI) generated scams are no longer a distant threat, but a rapidly evolving reality, exploiting our vulnerabilities with dire consequences.

AI allows scammers to exploit the internet’s wealth of information and replicate legitimate company communications, enabling them to craft deceptive versions and steal money from unsuspecting victims. Advancements in mobile technology have provided a powerful, portable, and invaluable tool for many in today’s busy world. While this enables convenient payment for goods and services with a few clicks, it also consolidates personal accounts, creating a prime target for scammers.

Innocent people subjected to fraud endure immense suffering, face financial ruin, profound emotional and psychological pain, and reputational damage.

AI Scam Mechanisms

Scammers secure their illicit gains by producing believable communications that manipulate and exploit their victims’ trust. They use various tactics to achieve their goals, for example:

  • Voice cloning: Scammers capture short voice clips, as little as three seconds, which they can obtain from public social media accounts, to create convincing fake responses for conversations with victims. These cloned voices are then used to impersonate distressed family members, urgently requesting money to extricate themselves from a supposed crisis. Numerous cases have been reported of individuals receiving calls featuring these fake voices, demanding money under the pretence of an accident or unpaid rent.
Deep fake and human face morphing into one another.
  • Deepfakes: AI-generated fake photos and videos of celebrities are also used to solicit money, under the guise of charity appeals or high-return investments, exploiting emotional vulnerabilities and desires for quick financial gains, respectively. A prominent example involved the use of a financial investment ‘guru’s’ images to promote investments in fraudulent Bitcoin companies, resulting in thousands of pounds in losses for individuals.
  • Phishing: Early scams often targeted individuals with deceptive emails, convincing them to click links by falsely stating they needed to prevent account breaches or that they had won a large sum of money. In some instances, individuals were manipulated into revealing company passwords, enabling the attackers to compromise the organisation’s computer systems and demand a ransom. Initially, phishing messages were easily identified due to spelling errors and poor logo reproductions. However, with the evolution of AI, attackers are now able to create virtually indistinguishable company logos and error-free text.
Scammer using AI to extort money from a vulnerable elderly person.
  • Spear phishing: Through AI-driven analysis of an individual’s online footprint, scammers create highly personalised messages, fostering a false sense of trust that they subsequently exploit for financial gain. A recent example of this tactic is the use of targeted romance scams, where scammers exploit vulnerable older women by professing love, requesting explicit photos, and fabricating financial hardship to solicit money.

AI Scams: Detection and Prevention

It’s getting harder to tell what’s real online. With AI-generated images and communications becoming so convincing, staying alert is crucial. Here are some strategies to consider when interacting with online content, to help you avoid financial and emotional loss.

1. Voice Cloning:

Verifying the authenticity of voice calls is crucial in the age of AI-generated audio. Here are some steps you can take to safeguard yourself against voice cloning fraud.

  • Come up with a secret code word to use with your family.
  • Hang up the call and call back on a known number to check if that person actually called you and needs your help.
  • Secure your social media accounts to prevent unauthorised access to your images and voice recordings.

2. Deepfakes:

They can be incredibly convincing, but they are not perfect. Here are some red flags to watch out for when examining suspicious media:

  • Uneven blinking or odd facial expressions.
  • Lip movements that don’t match the voice.  
  • Characters appearing together in unlikely scenarios.
  • Overly sharp, brightly colored images lacking skin imperfections.
  • Discrepancies in environmental features, such as the reported presence of an immense fire contradicted by a small plume of smoke in the image.
  • Pixelated blurriness.

Where feasible, utilise Deepfake detection tools that employ probability models to analyse metadata for alterations in frames or audio.

3. AI Scams: Phishing   

Protecting yourself from these deceptive tactics is crucial in today’s digital landscape. Here are some steps you can take to verify the authenticity of online communications and avoid phishing scams.

  • Check for spelling errors or subtle changes to the organisation’s name, both in the domain name and the link provided.
  • To ensure security, do not respond to the message or click the link. Instead, open a new browser, type the organisation’s web address directly, and verify requests using their secure messaging system. Never enter passwords in an email; legitimate systems provide access without human intervention.
  • Be wary of messages that evoke strong feelings of urgency, fear, or sympathy.
  • Employ strong, unique passwords for all your online accounts, and consider using a password manager. This helps prevent attackers from gaining access to your accounts, even if they obtain some personal information.  
  • Whenever possible, enable Multi-Factor Authentication (MFA) on your accounts. This adds an extra layer of security, requiring a second form of verification (e.g., a code from your phone) in addition to your password.
  • Ensure your anti-malware software is up to date and that it does not flag any suspicious behaviour on the website you intend to use.

4. Spear phishing:

This more targeted and personalised form of phishing demands heightened vigilance. Alongside the standard phishing checks previously mentioned, one should also consider the following:

  • Be wary of time-sensitive payment requests containing hyperlinks. 
  • Be cautious of messages that include nicknames.
  • Be suspicious of messages that include information from your social media posts.