Marketplace
Back to all articles
Biopass,truuth,Liveness,Biometrics,Passwordless

A glimpse into online fraud forums

MS
Mike Simpson
30th September, 2024 4 min read

To those among us who monitor fraud trends, it’s not surprising to see a headline alerting us to the increased adoption of AI tools by fraud syndicates.  What is surprising is how significant the shift has been over the last 12 months.  The fraudsters have realized they can automate and scale their operations with a focus on perpetrating account takeover.

To mitigate the risk, it’s helpful to get a glimpse into the underworld of fraud and understand how they are leverage AI tools to hack into our accounts.   It’s also informative to review the online forums where the fraudsters exchange methods and sell stolen identities.

An explosion of AI tips in online fraud forums

AI has enabled fraudsters to shift from high-effort, low-volume attacks to low-effort, high-volume attacks while also improving the quality and effectiveness of their  attacks.  It’s no surprise therefore that AI-generated attacks are a hot topic in online fraud forums.  An analysis of over ten million instant messages from the top twenty-five fraud forums from 2020 onward revealed a massive spike in mentions of “AI” starting in March 2024, where mentions of the technology surged to over 37,000 messages in a single month—a 900 percent increase over the previous month.

 

What are the fraudsters sharing?

The content of the online conversations offers a chilling insight into the intent of the fraudsters. Their messages focus on technical topics such as:
 
  • how to clone voices
  • how to create realistic deepfake videos
  • how to spoof tests of user liveness
  • how to splice a face into a stolen photo ID document
  • how to set up new fake accounts at banks and fintechs
  • how to takeover existing customer accounts.

The posts are often very specific, detailing the step-by-step approach required to bypass the security controls of a particular bank, fintech, or crypto platform.  The forums are active with responses delivered within minutes of a post. Often the response will include an offer to sell a solution.  Who new fraudsters would be so community minded!

 

AI Faces To Bypass User Verification 

One of the popular threads on Telegram fraud forums is AI-generated deepfake videos. The videos show human heads rotating up and down and side to side. The threads offer AI tools that convert a single photo into a convincing video that can fool liveness checks included in Know Your Customer (KYC) checks used by fintechs and banks.  These ‘deepfake’ tools are offered as solutions to multiple steps in the verification process including:

  • AI-generated ID documents
  • AI-splicing of face onto stolen ID documents
  • AI-generated ‘selfie’ images and videos
  • AI-generated supporting documents such as bank statements and pay slips
  • AI-generated images of ‘evidence’ used for insurance claims

In all these use cases, the AI-generated outputs are hyper-realistic and it’s impossible for an expert human reviewer to distinguish between an authentic original specimen and the falsified AI version.

 

The Impact

Thousands of companies and their customers fall victim to these attacks every month. The impact is massive and escalating rapidly. A recent report by SIFT estimated the cost of Account TakeOver (ATO) at US$635b in 2023 and growing at triple digit rates!  More than one third of consumers have been impacted directly by these attacks and the problem is getting worse as fraud syndicates adopt AI tools at scale.

 

The Solution

The only strategy for stopping these attacks is to use identity verification and Multi-Factor Authentication solutions that are specifically designed to mitigate the risk of deepfake attacks and verify the actual person behind the screen. In addition, by adding verification technologies like device intelligence, AI models for deepfake generation, and behavioral biometrics, organizations can further reduce the risk of identity fraud. Finally, invest in solutions that protect your multi-factor authentication (MFA) and password recovery processes: this is a primary attack vector and a key vulnerability that companies often overlook.

 

Attackers have seen huge success using AI deepfakes for injection and presentation attacks – which means we’ll only see more of them. The key to stopping this threat is to develop a multi-layered approach that combines PAD, injection attack detection (IAD), and image inspection. This strategy forms the basis for companies to navigate the “cyber pandemic” we face and onto a more secure, trusted future.

 

Why Truuth Biopass?

 

Truuth Biopass is a risk-based passwordless authentication solution that delivers a step-change in authentication security and user experience.  Biopass is a multi-tenant and white-label SaaS solution that can be deployed in a matter of hours to protect user accounts from malicious activity.  Biopass is perfect for high-risk use cases where it’s critical to authenticate the right human and the right device.  Biopass is a simple plug in to existing Identity & Access Management (IAM) platforms such as Okta, Entra, Cognito, Ping, and Auth0.

 

If you would like more information, reach out to the Truuth team for a demo of our deepfake detection and risk-based MFA solutions.

 

Next article

Apply for A glimpse into online fraud forums
Write to us with your resume at careers@truuth.id and we are more than happy to review your application.
Our Location
6/201 Kent Street,
Sydney NSW 2000
Contact us

Drop us a line and we will get back to you soon!