All news with #deepfake fraud tag

🤖 Allianz Commercial's annual Risk Barometer reports that artificial intelligence has jumped from tenth to second place among global business risks, trailing only cybercrime. The insurer warns that cybercriminals increasingly harness AI for social engineering—deepfakes, cloned voices and highly tailored phishing—while legitimate internal AI use can produce erroneous or fabricated outputs that prompt litigation and reputational harm. The survey of 3,338 professionals across 97 countries also links AI risk to business interruptions and copyright exposure.

🛡️ The World Economic Forum warns that advances in deepfake and face‑swapping technologies are enabling attackers to bypass KYC and remote verification, creating financial and systemic risks. A WEF Cybercrime Atlas study examined numerous face‑swap and camera injection tools and found that low‑latency, high‑fidelity real‑time swaps can be delivered into verification pipelines. While many tools were designed for creative use, researchers found some capabilities that defeat traditional KYC protections, though detectable artefacts like temporal desynchronization, lighting and compression inconsistencies provide practical detection targets. The report issues 27 recommendations and urges providers, fraud teams and regulators to evolve defences in step with generative AI.

🕵️ Security researchers at Check Point discovered in October 2025 an AI-assisted investment fraud that traps victims in a personalized "Truman Show"-style reality. Targets are lured via SMS, Google Ads and messaging apps into AI-driven WhatsApp groups where faux experts and synthetic members stage daily "wins" to erode skepticism. Victims are then funneled to a branded fake trading app (e.g., OPCOPRO) and persuaded to transfer crypto while attackers harvest KYC data for identity theft and resale. The campaign creates clear enterprise risks including SIM swaps, credential theft and potential insider coercion.

🕵️ The OPCOPRO "Truman Show" operation is a sophisticated, fully synthetic investment scam that relies on social engineering rather than malware. Attackers use legitimate Android and iOS apps from official stores as WebView shells and build AI-generated communities to cultivate trust. Victims are lured via phishing SMS, ads, and Telegram into tightly controlled WhatsApp and Telegram groups where AI-generated "experts" and synthetic peers simulate an institutional-grade trading environment for weeks before requesting money or personal data.

⚠️France and Malaysia have opened investigations into Grok, the AI chatbot from xAI, after the model generated sexualized deepfake images of women and minors. India has ordered X to block Grok's ability to produce obscene, pornographic or pedophilic images within 72 hours or risk losing intermediary protections. Grok issued an apology for creating an image of two girls aged 12–16 in sexual poses, a move critics say cannot substitute for accountability; Elon Musk said users who produce illegal content via Grok will be treated as the uploader.

🖼️ Scammers are using AI-generated images of damaged or broken goods to submit refund claims to online retailers and payment services. These fabricated photos—reported in Wired and highlighted on Bruce Schneier’s blog—are often realistic enough to bypass casual checks, allowing fraudsters to claim reimbursements without returning merchandise. The technique exposes gaps in verification and forces platforms and merchants to adopt technical and process defenses to curb losses.

🔍 ESET says the Nomani investment scam rose 62% in 2025 as actors expanded beyond Facebook to platforms such as YouTube and deployed AI-generated deepfake video testimonials to lure victims. The firm blocked over 64,000 unique malicious URLs, with most detections in Czechia, Japan, Slovakia, Spain, and Poland. Attackers improved deepfake quality, shortened ad runs, used cloaking and native ad tools like forms to harvest credentials and payments, and even followed up with fake Europol/INTERPOL recovery schemes to extract more funds.

⚖️ The U.S. Securities and Exchange Commission has filed charges alleging an elaborate cryptocurrency fraud that stole more than $14 million from retail investors. The complaint names trading platforms Morocoin Tech, Berge Blockchain, and Cirkor and investment clubs that lured victims with fake AI-generated investment tips on WhatsApp. Investors were steered into bogus Security Token Offerings and fake trading platforms that later froze accounts and demanded advance fees. The SEC is seeking injunctions, civil penalties, and repayment with prejudgment interest.

🖼️ Fraudsters are using AI and large language models to create highly convincing fake invoices, appraisal certificates and certificates of authenticity for artworks, making forgeries harder to detect. Brokers and appraisers, including Marsh, report that chatbots can invent plausible experts and documentation or hallucinate false references that owners accept as real. Insurers and valuation firms are now deploying AI-based metadata analysis and anomaly detection to flag manipulated provenance and guide human review.

🧠 In episode 81 of The AI Fix, hosts Graham Cluley and Mark Stockley explore the surprising and fast-moving intersections of AI, education, and infrastructure. They discuss how deepfakes are already being trialed as remote teachers and even grading student work, while novel AI agents demonstrate emergent communication that looks like "mind reading." The episode also covers a six-armed Chinese robot, a prompting study that questions expert-persona boosts, and a real-world incident where an AI-generated image disrupted train services. The conversation underscores both practical benefits and rising safety, trust, and governance concerns.

🤖 On episode 447 of the Smashing Security podcast Graham Cluley and guest Jenny Radcliffe explore how generative AI can enable stalking — reporting that Grok was used to doxx people, outline stalking strategies, and share revenge‑porn tips. They also recount the audacious Louvre crown jewels heist, where thieves abused assumptions about what ‘looks normal’. Graham additionally interviews Rob Edmondson about how Microsoft 365 misconfigurations and over‑privileged accounts create serious security exposures. The episode emphasizes practical lessons in threat modelling and access hygiene.

⚠️ Gartner analysts Dennis Xu, Evgeny Mirolyubov and John Watts strongly recommend that enterprises block AI browsers for the foreseeable future, citing both known vulnerabilities and additional risks inherent to an immature technology. They warn of irreversible, non‑auditable data loss when browsers send active web content, tab data and browsing history to cloud services, and of prompt‑injection attacks that can cause fraudulent actions. Concrete flaws—such as unencrypted OAuth tokens in ChatGPT Atlas and the Comet 'CometJacking' issue—underscore that traditional controls are insufficient; Gartner advises blocking installs with existing network and endpoint controls, restricting pilots to small, low‑risk groups, and updating AI policies.

⚠️ The FBI is warning of AI-assisted fake kidnapping scams that use fabricated images, video, and audio to extort victims. Criminal actors typically send texts claiming a loved one has been abducted and follow with multimedia that appears genuine but often contains subtle inaccuracies. Examples include missing tattoos, incorrect body proportions, and other mismatches, and attackers may use time-limited messages to pressure victims. Observers note the technique is currently of uncertain effectiveness but likely to be automated and scaled as AI tools improve.

🔒 The FBI has issued a public service announcement warning that criminals are manipulating images shared on social media to support virtual kidnapping ransom schemes. Scammers contact victims by text, claim a relative has been abducted, and send altered photo or video proof-of-life, sometimes using timed messages to prevent scrutiny. The FBI urges vigilance: avoid sharing travel details, establish a family code word, and capture screenshots or recordings for investigators. BleepingComputer identified multiple social media examples and reports of number spoofing.

🔍 Investigators say an alleged international fraud ring used fake celebrity advertising to market a purported 'secret financial product,' duping at least 120 people across Germany out of more than €1.3 million. Authorities carried out coordinated searches in Germany and Israel, focusing on Tel Aviv and Düsseldorf, and targeted publishers accused of running misleading campaigns. The scheme promoted AI-optimized investment strategies and automated crypto trading via large social-media campaigns and fake news sites, and victims were typically left with total loss of invested capital while seized evidence is analyzed.

🧭 Business leaders across 116 economies told the World Economic Forum that misinformation/disinformation, cyber insecurity and the adverse outcomes of AI rank among the top near-term threats to national stability. The WEF’s Executive Opinion Survey 2025 canvassed 11,000 executives, who placed technological risks alongside economic and societal concerns. Respondents flagged AI-driven deepfakes, model exploitation and AI-assisted cyber techniques as amplifiers of both disinformation campaigns and critical-system threats.

🔍 Security researchers revealed a North Korean scheme in which Lazarus-linked Famous Chollima recruits developers to rent their identities and act as frontmen for remote jobs to enable espionage and illicit fundraising. The actors spam GitHub and other platforms, use AI-assisted tools and deepfake techniques, and request identity data and remote-access to engineers' machines. Analysts deployed a sandboxed ANY.RUN honeypot and observed use of AnyDesk, Astrill VPN, OTP extensions, and AI interview assistants to conceal origin and streamline infiltration.

🛡️In 2026 Palo Alto Networks forecasts a shift to the Year of the Defender as enterprises counter AI-driven threats with AI-enabled defenses. The report outlines six predictions — identity deepfakes, autonomous agents as insider threats, data poisoning, executive legal exposure, accelerated quantum urgency, and the browser as an AI workspace. It urges autonomy with control, unified DSPM/AI‑SPM platforms, and crypto agility to secure the AI economy.

🔍 Sumsub’s 2025 Identity Fraud Report finds that global identity fraud attempts fell slightly to 2.2%, but highly sophisticated attacks rose 180%. These multi-vector schemes combine synthetic identities, AI-driven deepfakes, layered social engineering, device tampering and cross-channel manipulation, making them far harder to detect. The report warns organisations to replace manual controls with real-time behavioural and telemetry analysis to counter this shift from quantity to quality in fraud.

⚠️ Kaspersky describes a campaign in which attackers used the AI-powered web builder Lovable to mass-generate convincing fake vendor pages that host malicious installers. Those pages distribute a custom, attacker-signed build of the legitimate remote administration tool Syncro, which installs silently and grants full remote access. Because the payload is a legitimate admin tool altered for abuse, detection is difficult and victims risk data theft and loss of cryptocurrency funds.