Fry the Phish this Valentine’s Day: How to Thwart Online Scammers Using AI
Defend against romance scams with AI-driven identity verification.
Philipp Pointner, chief of digital identity at Jumio, discusses how AI verification helps dating apps and social media platforms thwart new AI fraud tactics to maintain a fun, safe, and secure digital environment for users.
Americans lost $2.7 billion to social media scams in the last two years. As more users look for love on popular platforms, they’re even more vulnerable to online scams. According to Zipdo, 61% of “swipe matchmaking” scams are initiated through catfishing on dating platforms. Now, with generative AI at their fingertips, fraudsters continue to create new sophisticated scams that are even harder to detect.
Romance scammers are challenging to catch as they typically operate very craftily within the first two months of their relationship with a user. Scammers also often groom their victims, coaxing them to ignore all warnings of potential fraud issued by their banks. Take, for example, Netflix’s “The Tinder Swindler,” which exposes a con artist who swindled women through dating apps, leaving them burdened with his fraudulent debts.
Despite social media sites cracking down, instances of romance scams are growing. UK banks have reported romance scams as their top challenge regarding authorized push payment (APP) fraud. This is creating costly consequences for businesses, as the UK finance sector recently passed a law requiring victims to be reimbursed by the banks themselves.
Some countries have “romance scam universities” where one can pay tuition to learn how to be a successful scammer and take it up as a quasi-profession. The problem is so rampant that dating platforms report that scammers often talk to other scammers until they eventually find out about each other.
Facing financial and reputational damage from a high volume of romance scams, dating platforms must integrate innovative strategies and solutions to enhance the protection of sensitive user data. In this article, we will dive into the key onboarding strategies and the advanced, AI-powered identity verification strategies that businesses must deploy to protect their user base from fraudsters.
Time to Lose Traditional Authentication’s Number
Old habits die hard. However, continuing to deploy outdated identity-based security methods amid advanced threats is generating significant consequences for dating platform enterprises and their users. These historical security methods include knowledge-based authentication (KBA), which many dating sites still leverage. This method relies on a “secret” question — for example, “What city were you born in?” to verify a user’s identity. However, this tactic is no longer secure, as much of our data can be accessed through social engineering and hacking.
Another currently popular and outdated authentication technique is out-of-band authentication. This method requires two different signals from two different networks or channels. Among the most popular methods in this category is SMS-based out-of-band authentication. This type of authentication entails a one-time security text or password sent by SMS to the user. Despite this technique being more secure than simple password authentication, the National Institute of Standards and Technology (NIST) no longer recommends it due to several vulnerabilities.
Lastly, there is the old-fashioned, yet still very popular, technique of password-based authentication. Passwords are more vulnerable than ever before, thanks to the dark web. Hackers can access and distribute passwords to other cybercriminals, propelling social engineering and phishing scams. Passwords are also often forgotten and reused across multiple online accounts, intensifying the risk of account takeover.
See More: Eliminate Passwords to Simplify the Security Stack
AI is Becoming Scammers’ Virtual Wingman
With new advancements in AI technology, traditional identity verification strategies are different for modern cyberattacks. New methods of fraud, including deepfakes, voice cloning, and advanced phishing, make it easier to perpetuate fraud at scale. A couple of advancing attack methods cybercriminals are currently using include:
1. Social engineering
This is an old-school technique, and it’s alarmingly still effective – despite its continual devastation on organizations and their users. In 2023 alone, 74% of cyberattacks included a human element, which resulted in significant financial consequences for organizations. The honeytrap attack method on dating platforms is a popular social engineering technique that targets users looking for love. This technique involves a criminal befriending the victim by creating a fake profile and artificial persona. Now, with new tools on the dark web, such as FraudGPT (an LLM trained for fraud purposes), threats are becoming easier to create and even harder to detect.
2. Deepfakes
Other emerging tactics in the realm of deception include the rise of deepfakes. These AI-generated fraud tactics are the new wingman to romance scammers – helping fraudsters generate artificial videos or images that closely resemble real people, often utilizing faces generated by AI or real human faces. One deepfake variation, voice cloning, adds credibility to scammers’ fake personas. With AI voice cloning, fraudsters can generate voice calls that correlate with the fake profiles they’ve created. This technique instills a false impression of trustworthiness among their victims.
See More: Six Social Engineering Techniques Popular with Scammers
Modern Strategies to Fry the Phish
To keep their users safe and scammers at bay, organizations must implement an identity verification approach capable of defending against today’s advanced cyberattacks. With this approach, organizations are equipped with modern customer onboarding strategies and tools, including AI-driven liveness detection:
1. Ensuring trust and safety
Building trust and deterring fraud begins with user onboarding. Requiring credible ID verification, like government-issued IDs, during user profile creation safeguards genuine connections. By checking these documents against trusted sources, online dating platforms can significantly reduce fake profiles and malicious activity, creating a safer environment. Modern technologies also enable a seamless user experience, as customers can easily use mobile or webcam document scanning tools to upload data — helping security teams extract data and definitively assess authenticity. This robust ID verification empowers security teams to cross-check against a reliable source whenever suspicious activity surfaces, effectively nipping fraud attempts in the bud.
2. Securing identities in the age of deception
Modern liveness detection technology is a key component to a successful identity verification strategy, as it thwarts common vulnerabilities found in less robust liveness technologies and biometric systems that are more susceptible to spoofing. Deepfakes, advanced spoofing attacks, and bots assisted by rapidly evolving generative AI have made advanced liveness detection a must-have feature in any biometric-based verification solution. For example, scammers have been using AI technologies to generate conventionally attractive and deceptive personas, helping them avoid using their biometrics. Seeking liveness tools that steer clear of gesture-based tests, like asking a user to blink or speak a random passcode, is key as these techniques decrease user experience and are easily vulnerable to spoofing tactics. Instead, enterprises should search for liveness detection tools equipped with anti-spoofing capabilities that streamline user experience through simple processes such as asking the user to hold their mobile device at a natural angle.
Organizations will be empowered with advanced tools to mitigate and prevent fraudulent activity against their users through a modern identity verification approach.
Empowering Users with Safer Digital Connections
Modern identity verification strategies offer enterprises a seamless, more secure approach to safeguarding users and minimizing scams. With capabilities including advanced liveness detection and strong ID verification tools, enterprises create a safer space for authentic connections, where users can immerse themselves in new romantic relations without falling victim to catfishing and romance scams. Simultaneously, businesses will reap benefits, including ensured user safety, prevention of additional financial losses, and secured brand reputation.
How can AI prevent online scams in dating apps? Let us know on Facebook, X, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock
MORE ON ROMANCE SCAMS
