Deepfake video and 3D hologram images used to impersonate investment advisor and job applicants: Internet Scambusters #1,036
Unless you're in the security business, holograms - 3D images of people and objects - probably seem like science fiction and movie special effects.
But they're not. Scammers are now using the technology to trick people into thinking someone they're seeing online is the genuine person.
It's the latest development in the fast-growing deepfake scam business, and you could eventually find yourself on the receiving end of these con tricks, as we report this week.
Let's get started…
Holograms and Deepfake Videos Used In Job and Investment Scams
Scammers have developed a new weapon in the digital fraud war that could create major problems for consumers and businesses - holograms.
Holograms are digital 3D images created by light beams, which make it appear as if an object or person is really there.
They have been around for years, and even longer as a sci-fi concept. You may remember seeing a supposed hologram of Princess Leia in the original Star Wars movie.
But the technology has advanced enough for investors to be fooled by a recent incident featuring a hologram of the chief communications officer of a leading cybercurrency trader.
The crooks used downloaded video of him to build an authentic-looking digital replica, which was then used in online meetings with investors. They believed they were speaking to him.
This was the first known incident of this type, but it points in a dangerous direction for the growth of so-called deepfake videos, which use video clips and voice technology to make a person seem to be saying something they didn't.
Deepfakes, sometimes known as synthetic media, first made their appearance in 2017. Over the past five years, they've mostly been used to create phony product endorsements by celebrities or bogus controversial comments and speeches by political figures.
Now, however, the technology is becoming more widespread, threatening the security of individuals. Industry insiders say the incidence of attacks has climbed 43 percent since 2019.
Last month, security researchers at Trend Micro noted that the computer code used for deepfakes is now freely available on the Internet. And since images of just about anyone can be found online, the way is open for scammers to create millions of fake identities.
Echoing the hologram incident, they said: "The next escalation for deepfakes is the capability to conduct video calls while impersonating well-known people."
They added: "The topic of deepfake services is quite popular on underground forums. In these discussion groups, we see that many users are targeting online banking and digital finance verification."
These scammers likely already have victims' identification details, so, increasingly, financial organizations have begun using online chats for account verification. But the crooks are using deepfakes to defeat this extra security measure.
Then, this past summer, the FBI warned that deepfake videos were also being used by bogus job seekers for remote-working tech roles.
The crooks used stolen identity information for pre-employment background checks and then deepfake technology to handle online and phone interviews.
"Deepfakes include a video, an image, or recording convincingly altered and manipulated to misrepresent someone as doing or saying something that was not actually done or said," the FBI reported.
Furthermore, there are worries that the technology might be used in video calls between a fake boss and an employee, telling them to transfer money, a tactic that email scammers have been using for years.
Naturally, security firms are fighting back with artificial intelligence supposedly capable of detecting deepfakes. But, so far, it's not been particularly effective with between 30 and 86 percent of deepfakes getting past the screening.
These latest developments underline how advanced technology is being used by criminals to pull off their scams. It also threatens to undermine the use of holograms as a security device, for example in 3D passport images, if crooks are able to easily reproduce them.
And it's another reason to be on your guard when viewing images and videos online, and especially in shared video meetings. If you're in a position of influence, beware of posting close-up videos of yourself speaking, which can be stolen and used by crooks.
The Trend Micro report concludes: "The security implications of deepfake technology and attacks that employ it are real and damaging. As we have demonstrated, it is not only organizations … that are potential victims of these attacks but also ordinary individuals.
"Given the wide availability of the necessary tools and services, these techniques are accessible to less technically sophisticated attackers and groups, meaning that malicious actions could be executed at scale."
We first reported on this in issue #829 offering 7 tips on how to spot deepfakes. Check them out here: Deep Fake Videos Threaten Turmoil for all Users.
The Department of Homeland Security has also recently published a 40-page review of deepfake criminal activity, here: Increasing Threat of DeepFake Identities (PDF).
This Week's Scam Alerts
Crypto ATMs: Scammers have found a way around public ignorance about cryptocurrency as their favored payment method. Often, victims are told to pay in crypto, but they don't know how to do it. Now crooks have started to direct them to one of the 33,000 crypto ATMs dotted around the US where they can just insert a credit card. If you're ever asked to pay for something such as a fine, ransom or taxes via these machines, it's almost certainly a scam.
FEMA support: As we warned last week, scams related to hurricane Ian are surging. Most recently, con artists have been trying to charge already hard-pressed victims for applying for aid from FEMA, the government's emergency management agency. The rule is simple: If you're told you have to pay to qualify for FEMA aid, it's a scam. If you need help, go to fema.gov or download their mobile app for information and alerts.
Zelle scams cost: A newly-published US Senate report shows that fraudsters using the bank-owned Zelle cash transfer and payment service netted almost $214 million from more than 192,000 victims during 2021 and the first half of this year - from just four major banks. Only 3,500 of the victims were reimbursed. In other words, if you fall for a Zelle scam, your chances of getting your money back from the bank are fairly slim. Look out for a more detailed review of Zelle scams in a forthcoming Scambusters issue.
That's it for today -- we hope you enjoy your week