Explore how modern fraudsters use AI, deepfakes, and dark web tools to steal data and evade detection. Insights from AU10TIX’s Ofer Friedman.
In an era of rising digital threats, identity fraud has become a sophisticated and organized operation, far from the amateur attempts of the past. To uncover the evolving tactics of fraudsters and their use of advanced technologies like AI and deepfakes, we sat down with Ofer Friedman, Chief Business Development Officer at AU10TIX. From data theft on social media to Fraud-as-a-Service platforms on the Dark Web, Friedman sheds light on how these criminal organizations operate, innovate, and evade detection. This interview deepens their strategies and offers insights into protecting against these modern identity fraud threats.
Excerpts from the interview;
How do modern identity fraud organizations steal personal data, and where do they obtain it?
Amateur fraudsters sometimes use “Synthetic IDs” that combine real and false information, but professional organizations do not because they know that ID verification services will always verify the PII. Instead, they simply obtain peoples’ data from social media profiles (sometimes using harvesting automation), through phishing tactics, or by exploiting data dumps found in Telegram and Dark Web groups.
Fraud organizations have an entire “Toolbox” at their disposal. Their first strategy choice would be to steal or buy. For the coveted data, professional fraudsters may carry out data breaches, Phishing attacks, social engineering attacks, social media profile scraping, mail theft, card skimming, purchase on Darknet, use spyware or malware, and even resort to insider theft.
Also Read: Cracking the Code on Deepfake Speech Detection
How do modern fraudsters identify their targets and obtain contact lists for banks, retailers, online gaming sites, and payment companies?
Professional, organized fraudster rings typically strike with two motivations: attacking weak or lucrative targets. Their primary focus is to target the most vulnerable areas, where it’s easiest to exploit, and then capitalize on trends with high visibility. For instance, a booming market like cryptocurrency attracts them like piranhas to blood—they thrive on the frenzy and chaos.
They also hire technology and market professionals who can provide information like this. Their ‘industry insider’ status is evident from how they can evade fraud detection; they know how the tech works and how to trick it.
What software do fraudsters use to create fake ID documents?
Professional, organized fraudster rings behave a lot like start-ups. They invest in R&D, offering and taking advantage of Fraud-as-a-Service solutions that package open-source tools into an end-to-end process flow. They also pilot their schemes; attacks that get blocked quickly disappear. They also alter open-source and off-the-shelf AI algorithms to increase the automation level and change the algorithm’s “fingerprint.”
What tools and services do fraudsters access on the Dark Web to aid their crimes?
Avoiding any solution naming, Darknet offers professional fraudsters phishing kits, Remote Access Trojans (RATs), fake ID generators, credential dumping tools, social media manipulation bots, and keyloggers. Lately, we have also seen account takeover services, deepfaked identity databases, tutorials and forums, and even “Account Targeted Fraud-As-A-Service.”
Also Read: Anetac’s Tim Eades: Reinventing Cybersecurity with Identity-First Innovation
When does AI-enabled deepfake technology come into play, and how is it used?
They began using Gen-AI (aka Deepfake technology) while onboarding their fake accounts but have started shifting their use to access points. In other words, they have quickly responded to the market evolution from physical IDs to digital credentials.
Deepfake technology comes into play at two points: At the point of account creation and the point of access to services. The former requires employing deepfake tools for generating ID documents and faces but may also include the usage of injection tools where live sessions are concerned. At the ongoing service level, “existing customers” will focus on real-time Deepfake face and voice biometrics.
How do modern fraudsters conceal their activities and evade detection?
Professionals conceal their activities using VPNs, injection tools, and techniques to erase file markers while manipulating people’s trust by leveraging deepfake technology to engage in ‘face-to-face’ interactions with their victims.”
