Stop the Latest Tech Scams: Deepfakes, BEC, Crypto

Stop the Latest Tech Scams: Deepfakes, BEC, Crypto

Stop the Latest Tech Scams: Deepfakes, BEC, and Crypto Cons Draining Billions

Cybercriminals are moving fast—and the money is moving faster. The FBI’s Internet Crime Complaint Center (IC3) reported a record $12.5 billion in losses in 2023, up sharply year over year, with Business Email Compromise alone accounting for roughly $2.9 billion (FBI IC3 2023). In one headline-grabbing deepfake heist, scammers used AI-generated video to impersonate executives on a video call and trick a finance employee into wiring the equivalent of about $25 million (Reuters). These are not isolated incidents—they’re part of a coordinated, global fraud economy powered by AI, social engineering, and sophisticated payment laundering.

Note: Statistics below reflect the most recent authoritative reports available as of late 2024; always consult linked sources for the latest updates.

AI Deepfake Scams (Celebrity/Executive Impersonation, Fake Video Calls)

Recent Cases and Financial Impact

– A finance worker in Hong Kong was duped by a deepfake video call into transferring about $25 million after seeing what appeared to be senior executives on screen (Reuters).

– Law enforcement and security researchers warn that voice and video cloning tools are cheap and accessible, enabling family-emergency impersonations and CEO fraud at scale (Europol IOCTA 2024).

– The human factor remains central: 68% of breaches involve a human element (phishing, misuse, or social engineering), which deepfakes are designed to exploit (Verizon DBIR 2024).

How This Scam Works

  • Reconnaissance: Scammers scrape executive speeches, earnings calls, social media videos to build voice/video models.
  • Setup: Attackers schedule a “confidential” video call or send a pre-recorded video/voice message.
  • Pressure: Urgent wire requests, secrecy demands, and NDA language reduce scrutiny.
  • Transfer: Funds routed through money mules and crypto off-ramps to obfuscate trails.

Warning Signs

  • Executives suddenly insist on secrecy and fast wires outside normal process.
  • Video feed looks slightly off (lip sync, eye blink rate, lighting inconsistencies).
  • New payment details introduced mid-conversation or via chat during a call.
  • Unusual after-hours calls to bypass finance verification teams.

Protection Strategies

  • For general consumers: Verify any urgent request with a known-good phone number or in person. Establish a family passphrase for emergencies.
  • For business owners: Mandate out-of-band verification for wire changes over a set threshold (e.g., phone callback using a directory number). Enforce two-person approval for payments.
  • For elderly users: Don’t trust caller ID or video alone; hang up and call a trusted number. Ask a family member to verify before sending money or gift cards.
  • For tech-savvy users: Use liveness checks (e.g., dynamic phrases), watermark internal videos, and deploy behavioral anomaly detection in finance workflows.

Business Email Compromise (CEO/Vendor Impersonation)

Recent Cases and Financial Impact

– BEC remains the costliest reported cybercrime category: $2.9 billion in adjusted losses across ~21,000 complaints in 2023 (FBI IC3 2023).

– The majority of financially motivated breaches still start with social engineering or credential theft, often culminating in vendor or payroll fraud (Verizon DBIR 2024).

How This Scam Works

  • Initial Access: Phishing, password reuse, or MFA fatigue compromises email accounts.
  • Thread Hijacking: Criminals silently monitor email, then reply within existing threads.
  • Invoice Tampering: Fraudulent banking details are inserted into invoices or vendor profiles.
  • Cash Out: Funds laundered through shell vendors, money mules, and crypto exchanges.

Warning Signs

  • Vendor banking change requests via email without signed paperwork and callbacks.
  • Domain lookalikes (e.g., substituting rn for m, or extra characters).
  • Unusual payment destinations (new country, new bank) or split payments.
  • Sudden urgency from executives to bypass standard approval steps.

Protection Strategies

  • For general consumers: If you run a small business or pay contractors, verify changes via a phone number you already have on file.
  • For business owners: Implement a vendor bank change playbook: dual approval + mandatory callback verification to a known number, not the email signature.
  • For elderly users: If asked to move money because of a “company problem,” pause and call a trusted family member or banker before acting.
  • For tech-savvy users: Enforce phishing-resistant MFA, DMARC enforcement (p=reject), conditional access, and impossible-travel alerts. Log and monitor mailbox rules and OAuth grants.

Tech Support Fraud (Fake Microsoft/Apple Calls, Remote Access)

Recent Cases and Financial Impact

– The FBI received 19,827 tech support fraud reports in 2023, with losses exceeding $806 million; victims aged 60+ accounted for a disproportionately large share (FBI IC3 2023).

– In Microsoft’s global survey, a meaningful share of consumers encountered tech support scams and about 1 in 7 of those who engaged lost money (Microsoft 2023).

– Older adults reported total fraud losses of $3.4 billion in 2023, with average losses per older victim exceeding $30,000; tech support and investment scams are top drivers (FBI Elder Fraud 2023).

How This Scam Works

  • Initial Contact: Pop-up warnings, unsolicited calls, or search ads for “help desk.”
  • Social Engineering: Urgency and fear (“Your computer is infected!”).
  • Remote Access: Victim installs remote tools (e.g., AnyDesk), enabling account takeover.
  • Refund Trap: Scammers “accidentally” overpay and coerce a refund via crypto or gift cards.

Warning Signs

  • Unsolicited calls claiming to be from Microsoft/Apple/your bank.
  • Pop-ups that lock the screen and demand immediate action or payment.
  • Requests to install remote access software or to buy gift cards.

Protection Strategies

  • For general consumers: Close the pop-up tab/window; never call phone numbers in pop-ups. Contact the company via its official website.
  • For business owners: Block remote admin tools by default, allowlist approved software, and educate staff on refund scam scripts.
  • For elderly users: Keep a “trusted helpers” list by the phone. If pressured to act fast, hang up and call a known number.
  • For tech-savvy users: Use DNS filtering, application controls, and browser hardening (e.g., disable pop-up JavaScript for unknown sites).

Cryptocurrency Schemes (Fake Investment Platforms, Drainers)

Recent Cases and Financial Impact

– Investment fraud led all categories in 2023, with $4.57 billion in losses; crypto investment scams accounted for $3.94 billion (FBI IC3 2023).

– Ransomware payments rebounded to more than $1.1 billion in 2023, showing crypto remains central to cyber extortion economies (Chainalysis 2024).

– “Approval phishing” crypto drainers stole hundreds of millions by tricking users into signing malicious approvals that empty wallets over time (ScamSniffer 2024).

How This Scam Works

  • Grooming: Long-term “pig butchering” chats move victims from dating/social apps to fake trading platforms.
  • Fake Gains: Dashboards show fabricated profits to entice larger deposits.
  • Exit: Withdrawals are blocked with “tax” or “verification” demands before the platform disappears.
  • Wallet Drainers: Malicious dApps trick users into signing unlimited token approvals.

Warning Signs

  • Guaranteed returns, time-limited offers, or coaching to keep the investment secret.
  • Pressure to move funds to a new app/wallet or to pay “taxes” to withdraw.
  • Web apps that ask for unlimited token approvals or seed phrases (never share seed phrases).

Protection Strategies

  • For general consumers: Verify platforms on independent sites; never invest based on someone you just met online.
  • For business owners: If your treasury uses crypto, use multisig wallets, withdrawal limits, and hardware key policies.
  • For elderly users: Ask a trusted family member or banker before sending money to a “new investment opportunity.”
  • For tech-savvy users: Use hardware wallets, review token approvals regularly, and segregate hot/cold wallets.

Romance and Social Engineering (Dating Apps, Pig Butchering)

Recent Cases and Financial Impact

– Consumers reported roughly $1+ billion in losses to romance scams in 2023, with median losses of several thousand dollars per victim (FTC Consumer Sentinel 2023).

– Older adults suffered outsized losses: total reported losses of $3.4 billion in 2023 across all scams, with investment and romance schemes common drivers (FBI Elder Fraud 2023).

– Law enforcement has disrupted pig-butchering infrastructure, but reports show the schemes persist and evolve with crypto and off-platform messaging (U.S. DOJ).

How This Scam Works

  • Match and Move: Scammer matches on a dating app, then moves to encrypted chat.
  • Trust Building: Weeks of daily contact, shared “life goals,” and emotional bonding.
  • The Hook: “Safe” investment opportunities or urgent money requests (medical, travel, customs).
  • Isolation: Pushes secrecy and discourages discussing with friends/family.

Warning Signs

  • Refuses video calls or uses limited, pre-recorded videos; avoids in-person meetings.
  • Fast escalation to money or investment topics; asks to move to private apps.
  • Inconsistent stories, time-zone mismatches, or scripted responses.

Protection Strategies

  • For general consumers: Reverse-image search profile photos; never send money to someone you haven’t met.
  • For business owners: Provide staff awareness training about pig-butchering to reduce off-hours victimization and its workplace fallout.
  • For elderly users: Involve a trusted person before sending money online; scammers exploit isolation.
  • For tech-savvy users: Use platform reporting tools, keep conversations on-platform, and verify identities with live video and liveness prompts.

Phishing Evolution (AI-Generated Emails, Smishing, Vishing)

Recent Cases and Financial Impact

– Phishing volumes remain at historic highs, exceeding one million attacks per quarter in recent industry reporting (APWG).

– 99% of email threats require human interaction to succeed, underscoring training and layered defenses (Proofpoint State of the Phish 2024).

– Text-message (smishing) fraud has surged, with losses in the billions in recent FTC reporting; typical median losses are in the hundreds to low thousands per victim (FTC Consumer Sentinel 2023).

How This Scam Works

  • AI Copywriting: Attackers use large language models to craft tailored messages with fewer errors.
  • Multichannel Pivot: Email → SMS → Voice (callback phishing) to bypass filters and create urgency.
  • MFA Bypass: Token theft via fake portals, QR codes (quishing), and real-time reverse proxies.

Warning Signs

  • Unexpected password reset notices or invoice reminders with unfamiliar links/QR codes.
  • “Callback required” emails directing you to call a number to cancel a subscription.
  • Texts from “banks” with shortened links; threats to lock your account immediately.

Protection Strategies

  • For general consumers: Don’t click links in unsolicited messages. Go directly to the app/website.
  • For business owners: Use phishing-resistant MFA (FIDO2), domain-based message authentication (SPF/DKIM/DMARC), and mobile threat defense.
  • For elderly users: Never share one-time codes over the phone. Banks will not ask you for them.
  • For tech-savvy users: Enforce least privilege, monitor OAuth app grants, and deploy DNS filtering and API-based email security.

Industry Expert Insights

– Human-centered risk persists: 68% of breaches involve a human element; modern controls must assume mistakes will happen and limit blast radius (Verizon DBIR 2024).

– Social engineering is multichannel: Email, SMS, voice, video, and collaboration tools are used in one playbook. Security must be channel-agnostic and identity-focused (Proofpoint 2024).

– Financial crime is crypto-enabled but not crypto-exclusive: Investment fraud, pig-butchering, ransomware, and BEC all leverage rapid payment rails and money-mule networks (Chainalysis 2024; FBI IC3 2023).

– Older adults are targeted heavily: Losses for 60+ victims are disproportionately high; training and support for caregivers and community institutions are critical (FBI Elder Fraud 2023).

Immediate Action Steps

  • Set up strong identity controls: Use phishing-resistant MFA (security keys) for email, finance, and admin accounts.
  • Verify payments out-of-band: Call vendors and executives via known-good numbers before changing bank details or sending wires.
  • Harden communications: Implement DMARC (p=reject), monitor mailbox rules, and restrict OAuth app consent.
  • Segment and limit finance power: Dual approval for wires, per-transaction caps, geo-fencing, and just-in-time access for finance tools.
  • Prepare deepfake defenses: Establish codewords/passphrases for executive approvals and family emergencies; require liveness checks for high-risk actions.
  • Protect the elderly: Create a simple household policy—no money or gift cards sent based on unsolicited calls/texts. Share a “trusted help” phone list.
  • Crypto hygiene: Use hardware wallets for significant funds, review token approvals monthly, and never share seed phrases.
  • Train and test: Run quarterly phishing simulations and tabletop exercises that include smishing, vishing, and deepfake scenarios.
  • Know where to report: Report fraud to the FBI IC3, the FTC, and your bank immediately.

Conclusion

The fraud economy is adapting in real time—merging AI deepfakes, multichannel phishing, and fast payment rails to monetize trust at scale. You can cut off their oxygen by verifying payments out-of-band, hardening identity, and preparing your team (and family) for modern social engineering. Bookmark this guide, brief your staff on the playbooks above, and implement at least three of the Immediate Action Steps today. Every hour you wait is an hour scammers spend sharpening their next script.

Related Posts