Here are four sets of best practices to tag onto existing defenses and safeguards to detect and intercept sophisticated AI-powered scams
According to recent comments by threat researchers, the widespread use of deepfake technologies for financial fraud has continued to grow in sophistication.
Leveraging generative AI advancements, fraudsters now routinely generate deepfake images to bypass biometric verification systems, including facial recognition and “liveness detection”, to impersonate victims and fraudulently access financial services. Furthermore, AI-driven face-swapping tools have enabled scammers to replace a victim’s facial features with those of another person, further complicating the detection of fraudulent attempts in biometric verification.
Another emerging tactic is the use of “app cloning”. This allows fraudsters to simulate multiple devices and bypass security mechanisms, highlighting vulnerabilities in traditional fraud detection systems.
Recently, cybercriminals have exploited virtual camera software to manipulate biometric data, using pre-recorded videos to mimic real-time facial recognition during Know-Your-Customer processes to deceive institutions into approving fraudulent transactions, according to Group-IB analysts.
Recommendations to financial institutions
The firm has offered the following checklist and reminders to financial institutions tackling the evolving threats.
Group-IB threat researchers believe that, by implementing these recommendations, financial institutions can strengthen their defenses against deepfake fraud, safeguard their customers, and maintain customer trust.
Effective defenses require a multi-layered approach to validate account ownership and detect fraudulent behavior, including steps to:
- Enhance account verification processes
✓Awareness of deepfake account registration: Institutions must acknowledge the risk of deepfake fraud in digital onboarding processes and implement multiple verification methods to enhance security.
✓Require physical presence for high-risk activities: For high-value transactions or loan applications from new users, consider requiring in-person verification at a bank branch to ensure more-robust identity validation.
- Deploy multi-dimensional anti-fraud solutions
Integrating advanced anti-fraud systems with multi-layered detection capabilities is essential. These systems should include the following features:
✓Device fingerprinting: Assign a unique identifier to devices based on both hardware and software characteristics. This approach can detect fraudulent devices, even when cloned instances are used, by identifying them as originating from the same source.
✓Device intelligence: Ensure there are features capable of assessing whether the device is new to the system; analyzing technical specifications and device models to link suspicious devices to known fraudulent activities.
✓Application monitoring: Examine the source of application downloads and assess the risk level of installed applications. Implement advanced detection mechanisms to identify malware or suspicious apps, especially those targeting biometric data.
✓AI-driven anomaly detection: Use AI models to analyze user behavior for anomalies such as deviations in typing speed, or variances in navigation patterns compared to historical data.
✓Emulator and clone detection: Identify rooted devices, emulators, or cloned environments used to bypass security measures.
✓IP intelligence: Assign risk scores to IP addresses and flag those associated with fraudulent activities. Monitor for shared IPs among suspicious accounts.
✓Geolocation and activity tracking: Track users’ geolocation, activity patterns, and movement intensity to detect anomalies such as improbable travel speeds or locations. Ensure there are features to detect a device’s real geolocation even if cloaked with VPN and GPS spoofing tools.
✓Cross-device tracking: Monitor user behavior across multiple channels to identify inconsistencies or suspicious activity.
✓Device environment monitoring: Identify and monitor suspicious activities within the device environment, including bot activity, the use of hosting services, remote access tools, screen-sharing applications, accessibility services, and overlay activities. These techniques are often exploited by fraudsters to orchestrate and manage fraudulent operations.
- Leverage collaborative databases (Global ID block list)
✓Maintain and contribute to a global database of flagged fraudulent accounts, devices, geohashes, and IP addresses. Sharing this information with other financial institutions helps prevent cross-bank fraud and strengthens the industry’s collective defenses.
- Invest in advanced fraud detection tools
✓Adopt cutting-edge solutions that leverage AI, behavioral analytics, and advanced device monitoring to detect fraud attempts before they succeed. These tools should integrate seamlessly with existing systems and provide real-time alerts to fraud teams.
