• FrankonFraud
  • Posts
  • AI's Unsettling Magic Has Opened Pandora's Box Forever 🎩🪄✨

AI's Unsettling Magic Has Opened Pandora's Box Forever 🎩🪄✨

Author

Frank McKenna
May 14, 2024

Happy Tuesday, Fraud Fighters 🫡,

I am back in the office after a great week in Columbus, Ohio, with the ACFE and San Francisco at the RSA.

This week, I watched an amazing demo of OpenAI’s new GPT-4o, which blew my mind. But it also left me feeling unsettled and a little disturbed. Was it too magical? Too human? I think we’ve opened a Pandora’s Box for scammers 🌋

Let’s get to the top stories!

  • Auto Fraud Bonanza -Point Predictive releases their annual fraud report, citing $7.9 billion in risk to auto lenders with synthetic identity picking up nationally.

  • Foiled By Lyft Driver - A Lyft driver accepted a fare to pick up important paperwork from an elderly man and deliver it to a “lawyer.” In reality, she became embroiled in a sophisticated grandparent kidnapping scam.

  • Microsoft Teams Deepfake - Fraudsters targeted the CEO of WPP in an elaborate Microsoft Teams deepfake meeting with cloned audio and video where they tried to get other executives to send money.

  • Remorseful Hacker—The hacker who used sophisticated crypto address poisoning to steal $71 million returned all the money to the victim this week. Who says hackers don’t have a conscience?

  • Got That Boomer! - TechCrunch exposes an OTP Bot service called Estate that masquerades as a legitimate Pen-Testing service when it is really a tool for fraudsters to steal victims one time passcodes.

  • Intellicheck Rising - The Drivers License scanning company reports record growth in revenue as identity theft soars nationwide.

  • As Young As 12 - Yahoo Boys as young as 12-years old are being recruited and later jailed because they got fake ID’s saying they were 18 to open bank accounts. I highlighted this issue and other shocking findings last week in my blog.

  • Fake Website Ring - A vast network of 75,000 fake online shops, dubbed 'BogusBazaar,' has defrauded over 850,000 people in the US and Europe, stealing credit card information and attempting to process $50 million in fraudulent orders.

  • From NFL To Check Fraudster - Buster Skrine made $40 million as an NFL star, but now he is on the run, accused of opening bank accounts and depositing counterfeit checks at banks across Canada.

  • Before He Got Fired - A cybersecurity worker was going to get fired, so he downloaded a massive trove of trade secrets and data from his employer and tried to extort them for $1.5 million.

  • Hacked Your Tesla - A CyberSecurity researcher was able to commander 30 Teslas by using an app on Google Store called TeslaLogger and exploiting default credentials and unsecured API keys.

  • 4,600 Phone Scheme - A Chinese man purchased 4,600 phones and created a “like farm” in his very crowded small apartment. He generated over $500,000 in payments in a few months before getting arrested.

  • “Wish You a Happy Life”—A tragic Pig Butchering scam leaves her 70-year-old father with nothing; the scammer ends the calls with her dad “I wish you a happy life.” 😢 

Turo Fraud Mules Jeep Rentals Ended Up In The Cartel’s Hands

An Instagram fraudster displayed ads promising $2,500 to $5,000 to anybody with a drivers license and a Turo account.

If they bit on the ad, they were recruited to become Turo mules, agreeing to rent Jeeps and then dropping off the keys at a location of his choice. He allegedly took those cars into Mexico where they ended up in the Cartels hands.

Turo Fraud Scheme Allegedly Sent Jeeps To The Cartel

Federal authorities have charged a Houston man with orchestrating an elaborate car theft ring that exploited a popular vehicle sharing app and cost the company over $1.5 million in losses.

Reseller Consultants Scammed 9,600 People To Run Sham Companies

Remember CBSurety, the fraud protection company the US says was a complete sham?

A newly released court document reveals that they hired a consultant to scam 9,600 people into becoming high-risk merchants for them, processing illicit transactions for drugs, high-risk merchandise, and other scammy things.

When chargeback notices and fraud analyst from Bank of America and US Bank were on to them, they resorted to disguising the fraud and even shredding chargeback notices.

Reseller Consultants Ran It Up

They shredded chargeback notices and recruited people to run sham companies

Auto Lenders Hit By Historic Levels of Synthetic Identity - Memphis Tops List

Point Predictive released the Auto Lending Fraud Report, which shows that lenders are getting hit with unprecedented attacks from synthetic identity fraudsters.

Lenders experienced close to a 100% increase in applications with false identities, with the attack rate soaring to 85 basis points by the end of 2023.

If you want to know where these fake account fraudsters are most active, it’s Memphis, Tennesee, where synthetic identity was up over 123% for the year.

Click here or graphic below to download the comprehensive report that tracked fraud across over 200 million auto applications.

Insult To Injury - Did Capital One Think This Woman Was A Friendly Fraudster?

In March 2023, Leah Walton’s car window was smashed, and thieves stole her Capital One debit card, her phone, and her driver's license.

The next day, she noticed a series of unauthorized transactions on her account, amounting to nearly $1,500. Panic-stricken and without access to her phone or identification, she struggled to report the theft to Capital One over the next few days.

Capital One later denied her fraud claim, saying it matched her prior spending pattern, and then promptly shut her account down - presumably because they thought she was a friendly fraudster.

Now Leah Walton is suing them, saying they didn’t even investigate her claim and are violating the EFTA, making her prove the charges are unauthorized.

Capital One Sued By Woman Who Says They Never Investigated Her Fraud Claim

They closed her account, presumably for friendly fraud

Redstone CU Hit With Big Fraud Ring, They’ve Been Targeted in Past Too

Redstone released a statement advising customers to check their accounts after a crime ring hit many branches using fake driver's licenses to make fraudulent withdrawals at ATMs and in the branch.

A series of reports has been building over the last month, like this one involving a fraudulent withdrawal and this one involving a lady who stole over $200k. So far, over 23 people have been arrested, and the bank hints that more will come.

It’s unclear why the CU continues to be a target, but they have been victims of a Google fraud attack and some customer frustration on Reddit about fraud.

AI Washing - DeepFake Detectors That May Not Work Is The New Wave

AI is the new Crypto; buckle your seatbelts for a wave of fraud now.

40 new “AI” companies have sprung up promising a high-tech solution to detecting deepfakes, but this Washington Post article calls into question their claims.

One company - Deep Media, for example, has won 5 military contracts for their deepfake detection software, which they claim is 99% accurate 🙄 , but they have no Ph.D.s, AI specialists, or forensic scientists on staff according to the Washington Post research.

VCs have invested over $200 million in deepfake detection companies, and we’re likely to see a wave of “AI Washing” coming in the next 12 months.

These firms sell deepfake detection that’s ‘REAL 100%.’

A Surge of AI Companies With Questionable Results

Expert Says Reimbursing All Victims Of Fraud Will BackFire 🧨 

Riccardo Tordera, of the Payments Association says new reimbursement rules will mean that fraudsters could pretend to be legitimate victims in order to claim reimbursements.

He warns victims could be “puppeted” by scammers, who could talk them through the reimbursement process before going on to steal that money too.

Even Hackers Use The Same Passwords Over and Over Again

A notorious Russian hacker, Dmitry Khoroshev (the leader of Lockbit), was identified because he used the same password, “225948,” across many Russian Crime forums.

Brian Krebs dives into how authorities identified him.

How Authorities Identified the Alleged Lockbit Boss

He used same password

AI Surveilling Employees To Dock Their Pay When They Leave Desk

This surveillance video of workers in a call center in China captured a surprising use of AI. As workers leave their desks to get water or sit back to take a quick stretch, the AI is watching what they do and keeping track of the seconds.

AI Surveilling Employees In Call Center To Deduct Pay For Breaks

Like Disturbing Magic - Open AI’s ChatBot Is Too Human And Interactive 😨 

Realtime AI conversations have arrived and the tech is stunning. 🤯 

OpenAI just announced ChatGPT's 4o, a new real-time conversational chat that can understand audio, video, and can even detect emotion in your voice.

It's alarming and unsettling how human-interactive AI is becoming. Check out the site below, and even see how two AIs were talking to each other. It’s fairly unsettling and disturbing.

This AI ChatBot Is Too Real That It Will Fake You Out

OpenAI’s new ChatGPT 4o

Thanks for reading, and it was so nice to meet some great fraud fighters in person last week at conferences, like Ryan Praskovich, James Rumph, Gordon Sheppard, Ken Palla, Carmen Arraiza, Steve Lenderman, and Monica Koshgarian - and of course Mary Ann Miller 💯 

The fraud-fighting community is supportive and strong 💪.

Take care all