Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.
Artificial intelligence is an incredibly powerful tool, and while it can be used in many positive ways such as early cancer detection, it is also being used by criminals to enhance their scams. In particular, scammers are using A.I. to create more persuasive communications free from grammatical errors often found in the phishing emails of foreign scammers, craft legitimate-looking retail websites, construct compelling investment scams, and make romance scams appear more credible. Here are a couple of the A.I. scams that threaten us.
Romance Scams
Romance scams generally follow a familiar pattern where the crook establishes an online relationship with someone through various legitimate dating websites and social media platforms using fake names, locations, and images.
The scammer quickly “falls in love” with the victim, and then, under a wide variety of pretenses, asks for money. According to the FBI, victims are typically the elderly, women, and people who have been widowed.
A scam group called the “Yahoo Boys” based in Nigeria is now using A.I. to change their facial features in Zoom videos to appear to be the person they are posing as in the romance scam. They also can use A.I. to change their voice and accent to sound legitimate. While insisting on a video conference with someone you met online used to be a good way to see if the person was who they claimed to be, A.I. has now made this method of verifying someone’s identity less reassuring.
Earlier this year, a 53-year-old French woman sent $850,000 to a scammer posing as Brad Pitt, who convinced her that he needed the money for medical care because he had developed kidney cancer and his money was tied up in his divorce from Angelina Jolie.
The scammer initially communicated with her through Facebook Messenger and then text messages. He then sent A.I.-created deepfake videos and photos to convince his victim to send him money. It wasn’t until the victim read about Pitt’s new relationship with Ines de Ramon that she realized she had been scammed.
There are various red flags to help you identify romance scams. Always be skeptical of anyone who falls in love with you quickly online without ever meeting you and then asks you to send money.
Also, celebrities aren’t reaching out online to people they have never met to start romantic relationships.
While it can be difficult to do, you can identify many deepfake videos. Deepfakes often get fingers wrong. People will often have a sixth finger or no thumb. Teeth, eyes and ears may also be flawed in appearance. Accessories such as necklaces, earrings, scarves, and even shirt buttons may appear warped.
Phony Retail Websites
Scammers have long targeted people with fake retail shopping websites designed to steal credit card information. According to cybersecurity researcher Arda Büyükkaya, a Chinese criminal gang known as SilkSpecter created 4,695 phony counterfeit retail websites using A.I. that appeared to offer big discounts on popular items. The sites appeared to be those of popular, legitimate retailers such as North Face, IKEA, L.L. Bean and Wayfair. The counterfeit websites even used Google Translate to automatically change the language on the website depending upon the location of the targeted victim.
Victims are prompted to enter their credit card information, which the criminals steal and use or resell on the Dark Web.
To protect yourself, first look at the URL. For any retail site, the URL should be preceded by https rather than merely http. The “s” means that your communication is being encrypted, and while even some phony websites may go the extra step and use encryption, most do not. Also, never use your debit card for online shopping because the protection you get for fraudulent purchases is much less than when you use your credit card.
Sometimes carefully checking the domain name for a counterfeit website will provide an indication that it is a scam. If the domain name has nothing to do with the real name of the company, you can be confident that it is a scam. However, just because the name looks legitimate does not mean that it is. Often scammers will create phony, but very legitimate-appearing domain names.
The Google Safe Browsing Transparency Report is a terrific free service where you can type in the URL and learn if Google’s research indicates the website is a fake.
You can also use Whois.com, which is a free service that will tell you who owns a particular URL and how long it has been in service. If your Walmart website has only been around six months and is owned by someone in Nigeria, it certainly is a scam.
Become a Saturday Evening Post member and enjoy unlimited access. Subscribe now
Comments
As with anything dealing with information, one must exercise caution. AI has its use but yet needs to be harnessed in some fashion to eliminate its unethical use by scam artists.
I’m not surprised at any of this Steve, and appreciate your state of the art reports for the Post. I feel especially bad for the 92 year old woman who was ensnared in the gold fraud/theft of her life savings. I also felt bad for the woman who lost $850k earlier this year falling prey to the fake Brad Pitt medical need emergency scare.
At 53 though, I feel she should have been a lot more savvy than the elderly woman. The scammers hit pay dirt with this vulnerable woman who was well off enough to pay this sum. Of course she should have known better, but assuming she was a major fan of his, and convinced she was really talking to him, she was overcome with emotion and wanting to help, with logic and reason going out the door until it was too late.
I don’t doubt Brad probably felt bad too upon hearing about it, but it was not his responsibility or obligation to repay her. Rich as he is, he was also used, and an indirect victim here also. The source links given in the last two paragraphs are good to know about, thank you.