The time of year has come again when businesses must be alert to seasonal fraud, but this year, there’s growing concern that a significant rise in fraud will occur due to advancements in artificial intelligence (AI).
With AI being widely adopted by businesses and individuals alike this year, fraudsters are also harnessing this tech to enhance operations and to further disguise fraudulent behaviours as legitimate. These sophisticated attacks are becoming harder and harder to identify, making the end of year busy season particularly challenging for businesses who are time poor and distracted.
So, what should you look for this season? Here are a few common scams which utilise AI, and several ways to prepare and prevent an attack on your business.
AI-assisted scams to watch out for
Whilst most people are aware of the common scams which could impact their business, fraudsters are using AI to improve their impersonations of individuals and to personalise attacks. Four of the most common seasonal scams have now become harder to detect due to technology enhancements, they include:
Phishing attacks have long been a problem for businesses, and is an issue that most have become familiar with (many businesses already have security measures in place, to detect and highlight phishing emails). In spite of this, phishing emails are becoming harder to spot. AI enables scammers to mimic the language and communication patterns of individuals and workplaces to appear as though they’re legitimate, in order to trick employees and customers into sharing sensitive data.
According to the latest Annual Cyber Threat Report by the Australian Cyber Security Centre, phishing attacks have increased by 63 percent in Australia in 2023, which is 37 percent higher than the global average. Likewise, while most businesses are being attacked, small and medium sized businesses (SMBs) are the most vulnerable due to a lack of resources to maintain cybersecurity initiatives.
The most common phishing attack is the Business Email Compromise (BEC) scam, whereby a scammer asks employees with an authority to transfer money to send funds to their account. AI is assisting cybercriminals to evade detection systems and emulate legitimate emails from an organisation. Likewise, with increased personalisation, emails written harnessing AI have information on specific individuals like their names, social media accounts and email addresses, making it very hard to detect as fraud.
Friendly fraud is known as chargeback scamming or first party fraud and refers to a scam where a legitimate customer challenges a charge with their card issuer. Over the holiday season, this type of fraud is at an all time high. In fact, a study by ACI Worldwide found that friendly fraud rates in Australia are 20 percent higher in December than any other month of the year. Friendly fraud is a costly problem for businesses who either have to refund the cost of the purchase or replace it with another item, causing lost revenue and reputational damage.
Make sure you create a clear policy which ensures customers are aware of your returns policy and track orders very carefully over the holiday season. It may be better to offer exchanges instead of refunds to prevent customers from attempting this type of scam with your business. If your business does receive a chargeback, it’s good practice to submit all data points collected during the transaction process to assist the banks (e.g. IP address, device fingerprinting, billing and shipping address).
AI generated deepfakes
Deepfakes refers to false images, audio or videos of a person. Deep fakes are created using machine learning which identifies the facial features, movements and voices of real people. Whilst typically deep fakes have been used in the entertainment industry, cybercriminals are also starting to use deepfakes in business attacks to impersonate executives, legitimate businesses and employees. They are also being used to create fake invoices which are then sent to businesses for services that were never requested. Invoice scams cost Australia businesses approximately $277 million a year according to the Australian Competition and Consumer Commission (ACCC). Likewise, CEO impersonation scams are also on the rise, where fraudsters create fake emails, voicemails and videos to trick employees into providing confidential business information. The key with deepfakes this season is to question everything that may seem suspicious and always verify with the individual or business before sharing any confidential information or processing payments.
Tailored business scams
Given the volume of information AI can analyse, cybercriminals now have the capacity to generate highly personalised business attacks. These programs help scammers understand your customer’s purchasing patterns, your business habits and operations and your preferences to create messages which are more likely to deceive. Likewise, given the speed that AI can launch attacks, which far outweighs previous cybercrime, AI assisted scams can process thousands of fraudulent transactions in the time it takes a person to process one. AI assisted attacks have sophisticated evasion tactics which can quickly learn the security measures you’ve put in place and outsmart them. Businesses need to be constantly updating and reviewing security protocols to ensure best practice is being maintained.
To prepare and prevent AI assisted fraud as a small business make sure you are investing in security solutions which help you identify scams in real time. Likewise, train your employees on the best cybercrime practices and stay abreast of the latest scams. For sensitive data, make sure it is protected with multi-factor identification and encryption and carefully monitor your financial operations. With inflation at an all time high and many Australian businesses feeling the pinch, it’s important to be proactive about your approach to fraud these holidays.