Cybersecurity: Watch out for these unique cheat tricks Loki would be proud of – Natural Self Esteem

Online fraud is becoming more insidious and stealthy as mischievous agents evolve their techniques. Today, learn some of the unique tricks and how to spot them.

Image: Disney

My family and I enjoyed the TV show “Loki” which portrays the god of mischief involved in various shenanigans. I thought how many “variants” of Loki are online – albeit less charismatic – trying to use fraudulent tricks to swindle victims out of money or identity information. Unfortunately, the tricks are becoming more and more unique as the associated tools become more complex and widely used.

SEE: Security Incident Response Policy (TechRepublic Premium)

I spoke to Rick Song, co-founder and CEO of Persona, an identity verification solutions provider, and Johanna Baum, founder and CEO of security provider Strategic Security Solutions, about unique scammer gimmicks.

Song pointed out that it is now easier for malicious players with minimal technical knowledge to engage in fraudulent activities. “Deepfakes used to only be used by experienced tech users, but now they’re as easy as downloading an app,” he said.

Song said there has been a huge increase in deepfake content online and amateurs have started producing impersonation videos of celebrities that are believable to the untrained eye. “Scammers can use deepfakes as bribes to spread lies and misinformation, or to impersonate normal people — say, someone you trust — to obtain personal information and login credentials. This allows them to open fake credit card accounts, take over existing accounts, steal money from unsuspecting victims, or access entire databases of user information to sell on the dark web,” he said.

Another example is so-called synthetic fraud, where a scammer steals a social security number and combines it with fake information, such as a fake name and date of birth, to create a false identity or biometric ID verification using artificial intelligence and other facial mimicry technologies to create identities and fool facial recognition software. “Companies need to consider multiple signals, such as behavioral patterns, to ensure they are evaluating a complete picture that a fraudster cannot easily replicate.”

Baum said most of the information is available without input from the victim: “Personal information is readily available from multiple social media platforms. Scam tricks don’t have to involve the victim directly. So much information can be obtained without any contact. The threats will continue to increase in size, frequency and damage, and it will take a long time for the victim to identify them.

“Holiday and pandemic-related scams continue to rise as individuals re-enter mainstream activities,” she added. “Houses are rented out to multiple parties by scammers who then cancel the rents and steal the security deposits. There are similar issues with multiple transactions being placed on the same cars or cars not owned by the so-called seller.”

According to Song, users and IT departments should be mindful of personally identifiable information to protect against these attacks.

SEE: How to Manage Passwords: Best Practices and Security Tips (Free PDF) (TechRepublic)

“Consumers should pay attention to how companies handle their personal data,” he said. “They should read the privacy policy, review their privacy settings on any app, website or social network they use, and know their data rights. Additionally, they can stay up to date with the latest phishing campaigns as they become more sophisticated with AI. If you google your name, you may be able to discover brokers selling your data and opt out. The more of your data available to scammers, the more ammunition they have to steal your identity.”

He added that IT departments need to rethink their strategies from identity verification systems to data storage to protect consumers and block bad actors.

“IDV solutions can prevent account takeovers and fraud that can occur during customer onboarding, changing account information, and high-risk transactions. However, companies may be reluctant to use them if they think it will hurt user experience. Asking the customer to jump through hoops can result in them abandoning the transaction before it can complete. Businesses should look for identity verification solutions that are customizable to their needs. IT departments should ensure they store data in as few places as possible, use encryption, and build a framework that conforms to global security and privacy standards.”

Song said it can be difficult to anticipate what’s to come, but advised: “Companies can protect themselves by using a multi-factor approach to identity verification. Organizations should collect multiple points of information (photo ID, address, date of birth, social security number), evaluate passive signals such as IP address or browser fingerprints, and compare the information collected to third-party data sources (e.g., phone and email risk lists). Conducting continuous reviews throughout the customer lifecycle, where there is a potential trade-off point, is critical.”

But things will change, he added. “In the future, the identity verification experience needs to evolve based on what services see with real-time signals. For example, if the service detects a suspicious IP address or key behavior, it should automatically adjust its request and perform more rigorous checks.”

Leave a Comment