The Cyber Sushi

(serving up the cold facts, with some phish bytes)

Welcome back! Here's what we are covering in this issue…

Deep Deceptions: Navigating the Depths of Deepfakes and Scams in the Digital Abyss

Picture this: your son excitedly sharing a video of you endorsing an online trading venture, a venture you never supported—thanks to the deceptive art of deepfakes. This mirrors the experience of a client who became a victim of a sophisticated online scam.

It all started innocently when someone, masquerading as the bank, urged our client via live chat to deposit $866.29 for a supposed trace check. Trusting this endorsement, our client's sister made the deposit, unaware of the scam. The next day brought an unexpected twist. Returning from work, our client found their Facebook account replaced by a foreboding 'F.' Racing against time, they logged in to reimburse their sister, only to discover a meagre $5 and a shocking loss of $3,700.

Panicked, our client contacted the fraud department, leading to card cancellation. A call to the bank initiated an investigation into the loss, with a commitment to reverse transactions. Friends and family received calls about a video our client supposedly posted, showcasing gains from an online trading account.

Further investigation unveiled a video created without our client's knowledge. Their Facebook account hijacked, perpetrators posed as them, scamming friends into online trading. Armed with computer savvy, our client traced a Binance account verified under their name, linked to their Google and WhatsApp. Tracking funds, they discovered an IP Address left by the scammers.

In an era where misinformation and scams lurk in the digital shadows, deepfakes have emerged as a potent weapon for deceivers. While not a new phenomenon, recent technological advances have propelled deepfakes into a realm of unprecedented realism, making it more accessible to the everyday scammer and increasingly difficult to detect.

Understanding Deepfakes: Evolving Beyond Mere Faces
Deepfakes, once just about swapping faces, have now advanced to changing how mouths move and even altering voices. Thanks to innovations like Lyrebird, an AI startup in Montreal, it's become easier for more people to create convincing deepfakes by generating voice imprints from just a few spoken words.

This technology uses AI tricks, especially something called generative adversarial networks (GANs), to smoothly tweak both what you see and hear. GANs involve two neural networks – one creates content that looks real, and the other checks if it seems authentic. They compete back and forth, refining the deepfake until it becomes tricky to tell if it's real or not.

In short, deepfakes aren’t just about switching faces; they now let you mess with how faces express emotions, how lips move, and even how voices sound.

Celebrity Impersonation Scams:
Social media platforms, where celebrities are at the forefront, have become hotbeds for deepfake scams. Fraudsters employ sophisticated techniques to use the faces and voices of well-known personalities, adding a veneer of authenticity to their schemes. Celebrities like Gina Rinehart and Dick Smith find themselves unwittingly entangled in deepfake scams, amplifying the credibility of investment hoaxes and online trading scams.

The Unsettling Realities of Deepfakes:
Real-time face mapping on smartphones, exemplified by the widespread use of apps like Zao, enables users to seamlessly replace their own faces with others in videos. The traditional indicators, such as variations in skin tone and unnatural shadows, are gradually fading into obsolescence with the continuous advancements in deepfake technology.

Educate and Stay Alert:

Navigating the Deepfake Landscape As deepfake technology becomes more sophisticated, education and vigilance are our strongest allies. To protect ourselves from falling victim to online deception, consider the following:

Technological Evolution:

Recognise that deepfakes are not a new concept. Stay updated on recent technological progress, as these advancements make deepfake technology more convincing and accessible to scammers.

Celebrity Scams:

Recognise the prevalence of deepfake scams on social media platforms, where fraudsters exploit the trust associated with familiar faces to dupe unsuspecting victims.

Believability Check:

Question the authenticity of content and be cautious if it seems too good to be true or out of character for the person involved.

Source Reliability:

Verify the credibility of sources, especially when encountering content involving celebrities or high-profile figures.

Cross-Verification:

Seek confirmation from multiple sources to validate the legitimacy of information.

Personal Research:

Independently research and verify information to stay one step ahead of deceptive practices.

Family Code Word:

As an additional layer of protection against scams using AI voice-cloning software, create a family code word. In case of suspicious calls or messages claiming to be from a loved one, verify their identity by asking for the family code word. This simple yet effective measure can help thwart attempts to deceive you through cloned voices and enhance your defence against emerging AI-driven scams.

As we navigate the evolving landscape of deepfakes, a combination of awareness, critical thinking, and proactive education will empower us to protect our online presence and trust in an era where deception is only a click away.

Caller ID Spoofing: Can You Trust the Displayed Caller's Identity?

In the realm of scams, Caller ID spoofing is a rising threat where scammers manipulate their displayed caller ID to conceal their true identity or impersonate someone else. Leveraging real Australian numbers, they often pose as trusted entities, such as Services Australia, Amazon, eBay, Telstra, or NBN, aiming to boost the likelihood of their calls being answered.

Once a call is picked up, scammers employ diverse tactics, including recorded messages and direct interaction. Their end goal frequently involves coercing individuals into believing they have outstanding debts, using tactics like threatening to freeze bank accounts. Recent cases highlight scammers exploiting legitimate numbers, leading to confusion when victims attempt to return calls, unintentionally reaching innocent parties with no connection to the scam.

Our Tips
Start by reading our Fact sheet on Caller ID Spoofing IDCARE Fact Sheet - Caller ID Spoofing. Utilise the 'Silence Unknown Calls' feature on your phone to mitigate the risk of potential scam calls. Before disclosing any information, always verify the legitimacy of any organisation reaching out through official channels. Promptly report any suspicious transactions to your bank and diligently monitor your account activity. Contribute to community awareness by sharing your experience with the scam to help others stay informed. In case of uncertainty or for personalised guidance, seek advice from the experienced Case Managers at IDCARE.

Real Cases, Real Impact
Bendigo Bank Impersonation: Scammers, pretending to be from Bendigo Bank, used Caller ID spoofing to trick a client into providing a verification code. This led to an $85,000 transfer to another Bendigo bank account, which was then converted into cryptocurrency. Legal advice is currently being sought to address this incident.

ANZ Deception: A client received a call from someone falsely claiming to represent ANZ, using Caller ID spoofing for added deception. With obtained personal and credit card details, the scammer created a fake security concern. Under pressure, the client downloaded Anydesk and shared additional card details, resulting in a $3,654 scam. The scammer even sent a fabricated ANZ notification through the genuine ANZ messaging system, making the scam more complex.

Protecting Your Socials: Avoiding Scams and Securing Against Takeovers:

Social media takeover scams are on the rise, with IDCARE handling 3,881 client engagements in 2023. These scams often start with deceptive messages or emails claiming to be from the social media platform, prompting users to click on fake links and disclose login details. Once compromised, scammers exploit accounts to deceive friends into sharing personal information or clicking malicious links. Signs of compromise include changed passwords, unusual posts, and altered privacy settings.

Our Tips
Protect your accounts by avoiding suspicious links, verifying legitimacy, and enhancing security measures like two-factor authentication. Check out our fact sheets on various social media platforms here: IDCARE Fact Sheets. Stay informed, educate others, review permissions, and be sceptical of unexpected requests. If compromised, inform the platform, change passwords, notify followers and friends, and connect with IDCARE for guidance.

Real Cases, Real Impact
Facebook Content Breach: Following a Facebook hack, inappropriate content, specifically a child porn video, was posted. Facebook promptly shut down the account and attempts to dispute were met with refusal. The user lost valuable memories, contacts, and business connections tied to their two businesses.

Facebook Identity Theft Concerns: In a Facebook hacking incident, the perpetrator changed the email, password, name, and profile photo. Additionally, the scammer gained access to the private messages linked to the account. To exacerbate matters, the scammer posted a photo of the user’s passport on their feed. The client faced challenges with Facebook’s response, fearing potential identity theft and exposure of personal details.

Multi-Platform Compromise: The client’s Facebook, Instagram, and LinkedIn accounts were hacked. The scammers managed to alter the associated email addresses, affecting business pages linked to this login as well.

LinkedIn Unauthorised Takeover: A LinkedIn account underwent an unauthorised takeover; replacing it with a new profile linked to the user’s Google account. The scammer created a merchant account, running Google Ads campaigns with a monthly expense of $500. This unauthorised activity raised significant concerns about potential financial losses.