Bad actors are using artificial intelligence (AI) to make their scams bigger, smarter, and harder to detect. These scams include cryptocurrency scams, blackmail, and tech support fraud, robbing victims of billions of dollars each year. These criminals are always one step ahead and changing tactics. This rapid evolution is leaving individuals and organizations without the ability to fully ensure their own protection.

Crypto Scams and Rug Pulls

Cryptocurrency scams are on the rise, with scammers taking advantage of the decentralized nature of digital currencies to con unsuspecting investors out of their money. The second of these common tactics is a “rug pull.” In this arrangement, developers hype a new cryptocurrency project, attract millions of dollars in investment, and then suddenly disappear, taking that investment with them. This throws investors under the bus with essentially empty tokens and billions of dollars lost in value.

Scammers will frequently post phony posts or take over verified accounts. They make the misleading promise that well-known figures such as Elon Musk or Vitalik Buterin are distributing free Bitcoin or Ethereum in return for a modest initial “verification” fee. In 2020, a major Twitter breach led to the hacking of accounts belonging to Musk, Bill Gates, and Apple, promoting a fake giveaway that stole over $118,000 in Bitcoin within hours. These scams take advantage of the hype and cachet generated by the fame of recognizable figures to con victims into transferring their cryptocurrency.

John Wilson, Senior Fellow, Threat Research, Fortra joined us to discuss how these scams are becoming more sophisticated.

"The messages include personal details about the victim, such as the victim's home address or phone number. We recently analyzed a few thousand of these attacks and discovered that 14% of the cryptocurrency wallets had transactions on the blockchain. This suggests that scammers are having a high rate of success with blackmail scams." - John Wilson

The Evolution of Email and Payroll Diversion Scams

Email continues to be the most favored method of scams for scammers, because of its size and prevalence, and effectiveness in spear phishing. Scammers often use email as the initial lure, providing three advantages: the victim is placing an outbound call, the attacker can reach millions of potential victims, and the attacker can use it for spear phishing. Another popular tactic is these phony security notifications alerting users that they have become infected with malware and must call a fraudulent support number. Scams like tech support scams are still number one. In just the year of 2023, there have been 37,560 complaints relating to tech support fraud resulting in a jaw-dropping $924,512,658 in losses.

Payroll diversion scams, in which impersonating fraudsters convince employers to divert salary payments to the fraudster’s account, have similarly adapted. Prior to 2024, these scams were laden with odd turn-of-phrases, making them stand out as clear cut copy-and-paste templates. Unlike old-school spam, AI has recently been used to create more realistic and personalized outreach requests.

These messages are indicative of a new sophistication, one not previously displayed. Consequently, HR officials have a more difficult time distinguishing between legitimate and fraudulent requests.

"I wish to update my bank information before the next payroll is processed. What details do you need?"

"I hope this message meets you well. I'm reaching out to let you know that I've recently changed banks, and I would like to request an update to my direct deposit information before the upcoming pay period is finalized."

AI is making scams written in English more effective. It’s opening the door to new ways to commit fraud, such as deepfake audio. Now scammers are using deepfake audio to perpetrate CEO fraud. They impersonate the phones of C-level leaders and tell employees to transfer hundreds of thousands of dollars. John Wilson has firsthand experience with the development and use of deepfake technology in automated scams.

The Role of AI and Deepfakes in Modern Scams

So sophisticated are these deepfakes that they’ve fooled even the best paid vehicles’ fraud-detection professionals. This alarming trend further highlights the need for strong verification processes and more comprehensive employee training.

"I have personally seen an instance where a scammer left a deepfake voicemail impersonating his company’s CEO." - John Wilson

John Wilson from the U.S. Digital Service talked about their new use of AI to automatically translate spammy robocalls and texts into a dozen different languages.

This move into multiple languages puts millions more potential victims at risk. At the same time, it forces upon detection methodologies to adapt and innovate.

"When we consider email scams, there is plenty of evidence to suggest the scammers may be using AI; however, it's difficult to be certain. For example, the scam messages we used to see were almost always in English. As generative AI became more commonplace, we witnessed a corresponding increase in scams in other languages." - John Wilson

Stopping the surge of AI-generated scams needs to be a holistic effort involving education, awareness, and rapid-response mechanisms to protect consumers. Perhaps the most important challenge is the pace at which these scams can be launched and removed. Home TCPD Takeout example that @detjs found— Not 10 minutes to get a phishing site taken down once identified!

Combating Scams: Education, Awareness, and Rapid Response

This rapid response was only possible due to a combination of factors:

"I'll give you an example from just this past weekend. A friend of mine sent me a screenshot of a phishing SMS she'd just received. I did a bit of analysis and was able to confirm that the phishing link led to a phishing site that had been registered earlier that day at a popular registrar, where I happen to have some excellent contacts. I packaged up the evidence and sent it to one of my contacts, who quickly knocked the site offline. The total time from when my friend received the SMS until the site was offline was 59 minutes." - John Wilson

This underscores the importance of public education and training efforts to help people spot scams and report them faster.

"My friend knew to forward the SMS to me. I knew how to analyze the link and gather the necessary evidence to send to my contact. My contact had the ability to act." - John Wilson

As National Campaign Director John Wilson said, “education must be the cornerstone of any meaningful mass defense.

You can share your experience with scams in one central place to help others—ic3.gov. The very populations most vulnerable to these scams are the least likely to be in the know. Educating the public about this important resource will empower scam victims to make reports and begin the process of recovering their hard-earned money.

"No technology solution can prevent every one of these scams, so education is a key component of any large-scale defense. I would like to see popular television shows incorporate some education about scams into their plot lines. For example, a character could get caught up in a romance scam. Anyone who watched the episode would then know about romance scams and might be less likely to fall for one." - John Wilson

Scammers are moving to hybrids too, using multiple channels of communication to improve their chances of success. John Wilson articulated one such strategy using emails and phone calls.

Hybrid Approaches and Future Trends

This new hybrid approach combines the trusted nature of email with the ability to slip behind developing call-blocking technologies. In turn, victims are more willing to engage with the scammer.

"Because most mobile carriers now provide warnings or even block scam calls outright, scammers are now using a hybrid email-phone approach. The scammer sends the victim a message that a subscription has been renewed for another year. The email messages include a phone number to call to cancel the subscription." - John Wilson

As technology evolves, the playbook for scammers will change right along with it. Educating yourself on the newest scams and advanced security tools is the best way to stay guarded against these constantly changing attacks.

As technology continues to evolve, so too will the tactics used by scammers. Staying informed about the latest scams and implementing robust security measures are essential for protecting against these ever-evolving threats.