- Labhost gave criminals access to malware to carry out attacks
- Phishing, voice cloning, and deepfakes are all commonly used by criminals
A leading financial crime expert says the UK is a prime target for fraudsters and is at the forefront of introducing AI technology. We reveal what they do and how to protect yourself.
In April, dozens of people around the world were arrested on suspicion of using a platform called Labhost to commit fraud.
For a monthly subscription fee, Labhost gave criminals access to malware to carry out attacks against individuals and organizations. This is often referred to as “cybercrime as a service.”
One of the tools, LabRat, allows fraudsters to monitor and control phishing attacks in real time and obtain advanced security measures such as two-factor authentication codes and credentials.
Subscribers can also create web pages that mimic those of major brands, from banks to healthcare providers, to trick people into handing over sensitive information.
Police said the platform led criminals to steal 480,000 credit cards, 64,000 PIN codes and more than 1 million passwords.
An estimated 70,000 Brits have fallen victim to Labhost's tricks, but similar platforms have fooled countless other Brits.
That number is likely to continue to grow as artificial intelligence develops and provides more sophisticated methods against digital theft.
Why UK consumers are vulnerable to AI-powered fraud
Phil Rolfe, a financial crime expert at consultancy Valcon, says the UK is particularly vulnerable to AI-related fraud for two main reasons.
First of all, English is a very widely spoken language. Secondly, the UK is a wealthy country with many people who save and invest large amounts of money.
While statistics on AI-based fraud are difficult to come by, fraud itself has skyrocketed in recent years, in part due to the Covid-19 pandemic causing people to spend more time on their computers.
The number of fraud offenses across England and Wales rose by 46% to 465,894 in the year to June 2023, according to banking regulator UK Finance.
Here are some ways criminals are using AI for financially illicit purposes.
Phishing
A term originally coined by hackers, phishing is when a scammer sends an email or text containing a link to a malicious website that, when clicked, downloads a computer virus or prompts the user to reveal personal information. means to.
It is the most common form of AI-enabled financial crime, and although it is almost as old as the World Wide Web, it is increasingly evolving.
Rolfe said old-style phishing essentially involves criminals using a list of email addresses or stock email phrases and “just cut, paste and send, for lack of a better phrase.” It was said to have been “exploitation for the sake of others.”
If someone takes the bait, they are targeted by someone higher up the criminal food chain.
But with AI, criminals can perform phishing scams from a single, powerful machine.
It also allows copies to be created without the spelling and punctuation errors that have traditionally made successful phishing difficult.
voice clone
Imagine you are the chief executive of the UK. You receive a phone call from someone who appears to be the boss of the German parent company, asking you to transfer his €220,000 to a Hungarian supplier within an hour.
Taking into account the urgency of your request, once you have deposited the amount, your UK business will receive a call within the same day saying that it has been refunded. However, the money never arrives.
This happened to a British energy company executive in 2019, according to the Wall Street Journal, which reported that the criminals may have used voice-generating software to pull off the daring heist. Ta.
Although not as prevalent as phishing scams, voice cloning certainly gets a lot of headlines. And, like phishing, the techniques are becoming increasingly sophisticated.
McAfee researchers have discovered that it takes just three seconds of a person speaking to create a copy that is 85 percent, or in some audio files, 95 percent similar to the original voice. did.
With so many people's voices online, including social media, podcasts, and movies, scammers can clone virtually anyone, especially politicians, celebrities, and high-profile executives.
deepfake video
When you combine near-perfect voice cloning with “deep learning” to make it seem like a real person is saying something they didn't, you have a cutting-edge tool for tricksters to exploit.
Deepfake videos are becoming popular among fraudsters because they are cheap and easy to create. A study conducted last year by IT services company Regula found that 29% of businesses have fallen victim to it.
A multinational company in Hong Kong suffered a $25.6 million loss after a digitally recreated chief financial officer asked employees to send money via video conference.
The staff member was asked to introduce himself and was reportedly told to perform a transfer before the call suddenly hung up.
They then continued to communicate with the scammers through messaging platforms, email, and phone calls.
Only after the cash was transferred did the employees and the anonymous company realize they had been defrauded.
If large companies can suffer such huge losses, imagine how easy it is for individuals to lose their savings because of a doctored video.
forged document
Unlike cloning or phishing, document forgery dates back thousands of years. The Romans even had laws against forging records that transferred land to heirs.
AI allows algorithms to replicate document details such as photos, watermarks, holograms, microprints, and signatures, simplifying the step-by-step process for criminals to create false but trustworthy identification documents. Masu.
Rolfe believes that “any teenager with a degree in computer science” could probably fake a gas bill with less identification than is required to open a bank account.
The ability to commit document fraud has been further facilitated by the extent to which digitally native colleagues share information online.
A poll conducted in February by identity verification platform IDnow found that almost half of 18-24 year olds submitted their identity documents through less secure channels such as email, social media and messaging apps.
Even more concerning, 45% knew that sending scans of their documents via these channels could be used by criminals to commit fraud, yet a third That means they were doing that.
How can I protect myself?
No matter how much fraud-fighting technology catches up with criminals, fraud will continue to be prevalent.
There are so many such crimes happening these days that even the most technically savvy person can fall victim to an AI-powered scam.
Rolf admitted that he recently noticed a fake DocuSign email, but quickly realized and changed his computer password before anything terrible happened.
His advice to avoid falling victim to AI-related scams is to not rush and make sure you carry out the necessary checks.
So if you receive a random phone call, text message, or email asking you to transfer a large amount of money in a short period of time or hand over personal information, be suspicious immediately.
Check the number or email address you sent the message to confirm its legitimacy. Look at the brand and see if it resembles your actual organization.
If you receive a strange message from a relative or friend, contact them through another means or ask them to call you back.
When a family member calls, many security professionals recommend agreeing a secret “safe word” that they can repeat in an emergency, or a very personal message that only they know the answer to. We suggest that you ask questions.
Additionally, as evidenced by IDNow research, financial details should not be shared via text, email, or phone until the recipient's legitimacy is verified and security measures such as complex passwords and two-factor authentication are implemented. Should not be provided.
Rolf said: “All you can do is pay attention to these things and try to do so. If you have any questions or are unsure, please take an additional five minutes to ask if this is correct.” Don't just get by and get caught.
Some links in this article may be affiliate links. We may earn a small commission when you click. This helps fund This Is Money and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationships to affect our editorial independence.
