This year marks the 20th anniversary of Fraud Prevention Month. The theme of this year’s campaign is “20 years of fighting fraud: From then to now.” With this theme, we’ll be exploring how certain frauds have evolved with the rise of the digital age, drawing insightful comparisons between the past and present.
This blog was prepared to bring awareness on some of the new technology available to fraudsters. Over the last 20 years, we have seen many new technologies and unfortunately, fraudsters have capitalized on these advancements. The evolution of technology has created a higher risk for fraud in the online environment for Canadians. Criminals are targeting Canadians who may be new to the cyber environment or less tech-savvy, or businesses that may not have cyber protection or procedures in place.
Below, we look at some of the recent technologies and methods fraudsters are using to target Canadians.
Artificial intelligence and fraud
Fraudsters are increasingly using artificial intelligence (AI) and related technologies to commit various forms of fraud. Some ways in which AI is being used by fraudsters, as observed by the Canadian Anti-Fraud Centre (CAFC) and other organizations, include:
- Phishing and social engineering
- AI can be used to personalize phishing emails and messages by analyzing data from social media and other sources, making them more convincing and difficult to detect by traditional spam filters.
- Fraudulent account creations
- AI algorithms can be used to automate the creation of fake online accounts for various purposes, such as conducting fraud or engaging in identity crimes.
- Data analysis
- AI can analyze large datasets to identify potential targets for fraud, such as individuals with specific demographics or behavioral traits that make them more susceptible to certain types of fraud.
- Deepfake technology
- This technology uses machine-learning algorithms to create realistic-looking fake videos or audio recordings. This is most commonly seen in investment and merchandise frauds where fake celebrity endorsements and fake news are used to promote the fraudulent offers.
QR code fraud
The CAFC is receiving reports of fraudsters using QR codes in various scams to steal personal information and money. Similar to fraudulent links or URLs, QR codes can be inserted into emails and text messages to direct potential victims to fraudulent or malicious websites. Below are some of the variations we have seen:
- Phishing with QR codes
- Fraudsters claim to be a service provider, government agency, or financial institution. Instead of asking the victim to click on a link or download an attachment, fraudsters instruct the victim to scan a QR code.
- Vendor fraud
- Victims selling items are being targeted by QR-code fraud. Fraudsters send a fake payment advising that the victim must scan a QR code in order to receive a payment. When the victim scans the QR code, they are asked for their online banking information putting them at risk for identity fraud.
In another variation, fraudsters send a QR code to the victim claiming that they are sending a payment. In reality, it is a request for a payment. When the victim enters their banking information, fraudsters receive the payment or gain access to the victim’s bank account. - Cryptocurrency QR codes
- Fraudsters ask for crypto currency as a payment in many different types of fraud. In many cases, criminals send a crypto currency address in the form of a QR code. Victims are then directed to scan it to make a payment. In the end, payments will be sent to crypto wallets controlled by the fraudsters.
Notable technology used by fraudsters in recent years
- Data breaches, identity theft and identity fraud
- The proliferation of data breaches has exposed millions of individuals' personal and financial information, leading to a surge in related fraud. Fraudsters use stolen data for credential stuffing attacks to gain access to victim accounts to commit fraud.
- Search Engine Optimization (SEO)
- While not new, fraudsters continue to use SEO to promote their websites to appear in the top results of an online search. This technique is most commonly used in investment fraud, merchandise fraud, and service fraud.
- Compromised social media accounts
- Fraudsters gain unauthorized access to social media accounts and target friends lists with fraudulent offers for crypto investment opportunities, job offers, prize claims, or grant solicitations.
- Spoofing
- Spoofing is used to mislead and convince victims that they’re communicating with people they think are trustworthy, such as service providers, government agencies or law enforcement. Fraudsters can change the numbers that appears on a phone’s caller-ID display , a sender’s address in an email, and often mimic legitimates websites.
Warning signs - how to protect yourself
- In the past, spelling errors were listed as a red flag in phishing messages. Unfortunately, with the availability of AI, messages may not have as many spelling errors.
- If you see a celebrity or trustworthy figure promoting merchandise or crypto investments, remember that the video can be a deepfake, created with AI technology. Do your research before you buy anything.
- Beware of unsolicited text messages, emails, and social media messages asking you to scan a QR code. Scanning a code and agreeing to follow the associated link can potentially infect your device or network.
- When searching for a company online, remember that there is a good chance the first few results that appear in your search are fraudulent. Always visit official websites by verifying the URL and contact information of the company or organization.
- If you receive a strange message from a contact on social media, reach out to them by a different method of communication to verify that the message is actually from them.
- If you get an incoming call asking for personal information or money, hang up! Look up the official phone number for the company or organization and always make the outgoing call yourself.
Visit the CAFC online to learn more tips and tricks for protecting yourself. Anyone who suspects they have been the victim of cybercrime or fraud should report it to their local police and to the CAFC’s online reporting system or by phone at 1-888-495-8501. If not a victim, report it to the CAFC anyway.