The Rise of Deepfake ID Scams: A Growing Concern Following Progress Corp Hack
One man many faces - Generated via Midjourney |
After a recent cyber attack on Progress Corp, a Massachusetts-based business software manufacturer, experts are growing increasingly concerned about the potential rise of deepfake ID scams. The hacker group, known as Cl0p, not only stole sensitive information from numerous companies including British Airways, Shell, and PwC, but also acquired personal data such as driving licenses, health records, and pension information of millions of Americans. This breach will have considerable implications for the potential of deepfake scams in combination with stolen personal data.
The Potential for Deepfake ID Scams
The stolen data, which includes photographs, names, dates of birth, addresses, and portions of social security numbers, presents a significant opportunity for hackers to engage in deepfake scams. Deepfakes utilise artificial intelligence technology to create realistic digital likenesses of individuals, enabling criminals to bypass traditional security checks. With the increasing availability of deepfake software and the abundance of personal information, experts warn that this combination could result in more sophisticated and lucrative ID theft scams.
Alarming Growth of Deepfake Scams
The usage of deepfakes in scams has witnessed a surge in recent months. Sumsub, a Miami-based verification platform, reports that the number of deepfake scams in the first quarter of 2023 has already surpassed the total count for the entire year of 2022. Countries such as Canada, the US, Germany, and the UK have experienced particularly high growth in deepfake-related fraudulent activities. Western citizens' identities hold immense value to fraudsters as they unlock access not only to financial scams but also to the theft of government benefits.
Exploiting Stolen Identities for Government Benefit Programs
The personal information stolen in the Progress hack could be utilised to create fake video selfies, a method used by US state agencies to verify identities. By leveraging these deepfake video selfies, criminals could potentially claim unemployment benefits, apply for federal college loans, obtain food stamps, and exploit other government programs. According to estimates by Haywood Talcove, CEO of LexisNexis Risk Solutions' Government division, each stolen identity could result in as much as $2 million in illicit gains from government benefit programs alone.
Advancing AI and the Rising Challenge of Synthetic Fraud
As artificial intelligence continues to advance, criminals gain access to more tools to perpetrate fraud. The use of synthetic fraud, which combines deepfake technology with stolen identities, is on the rise at an alarming rate. Companies like Sumsub are constantly developing new methods to detect and combat these sophisticated fakes. The need for enhanced security measures is evident as fraudsters find innovative ways to exploit vulnerabilities in widely used software products.
The Progress Hack and Its Implications
The breach of Progress Corp's file transfer system exposed multiple high-profile organisations, including Shell, PwC, and various American government agencies, to significant data theft. Although initial expectations pointed to extortion as the primary motive behind the attack, the stolen data's nature suggests the potential for deepfake ID scams. The hackers utilised a sophisticated webshell to bypass industry-standard security measures, indicating a high level of technical expertise.
Conclusion
The recent breach of Progress Corp's file transfer system has raised concerns about the growing threat of deepfake ID scams. The stolen personal data, combined with advancing deepfake technology, presents a lucrative opportunity for criminals to engage in sophisticated fraudulent activities, particularly targeting government benefit programs. As the number of deepfake scams continues to rise, businesses and individuals must remain vigilant in implementing robust security measures to safeguard personal information and mitigate the risks associated with identity theft and financial fraud.
To learn about the different types of cyberattacks that organisations need to defend against, visit the Robust IT Training website at www.robustittraining.com
Comments
Post a Comment