Cybercrime and online financial fraud increased sharply between 2016 and 2018, with a total loss exceeding $3 billion in 2016 for fake president frauds, wire transfer scams and fake suppliers alone. The number of attacks carried out by sending a fraudulent e-mail increased by more than 87 per cent in the United States between 2016 and 2017. The FBI (Federal Bureau of Investigation) and the IC3 (Internet Crime Complaint Center) recorded more than 16,000 complaints from American companies and administrations that were victims of fake wire transfers (BEC scams), fake president frauds or fake suppliers in 2017.
These attacks are costing businesses and the American economy more and more: $360 million in damage were declared in 2016 for fake president frauds only, against $675 million in 2017. Teams leading this type of attack have adapted to their targets’ suspiciousness. They now operate in a very professional manner and constantly innovate in the choice of their deception strategies. The fight against online financial fraud has become a priority for all security services and for companies that can be put in danger by a single attack carried out at its end.
This effort must be based primarily on preventive actions. This involves raising awareness and educating all potential targets within the company about risk, particularly in the accounting department, the financial department as well as the principals. For small structures, awareness concerns all employees who have access to the company’s means of payment.
While the “prevention – awareness” combination does contribute to limiting certain attempts at rudimentary or gross fraud, it is not sufficient to detect more sophisticated attacks built on fictitious data architectures designed
to instill confidence in the target and deceive them. It is then necessary to imagine and build high frequency active digital shields capable of detecting fraud attempts and alerting the target in real time before making the fraudulent transfer. In this case, Artificial Intelligence is the best approach to effectively combat fake president frauds, suppliers and money transfers.
"It is necessary to generalize this detection of anomalies to data and metadata transmitted in e-mails, as well as to html links pointing to imitation websites, by crossing and comparing all the analyzed data"
AI applied to email analysis, with natural language processing (NLP) and machine learning techniques, can analyze message content and detect patterns characteristic of a fraud attempt. Typically, the attacker tends to usurp the identity of an authority to obtain a transfer. They then exploit all the cognitive biases and human vulnerabilities to establish a context of trust, urgency and discretion that will lead their target to respond positively to their inquiries and money transfer requests.
For the attacker, designing an effective attack remains a complex activity that often takes time in order to develop a credible scenario. They must first identify their targets using social engineering techniques. They may need to establish initial professional contact by telephone or e-mail with the target company to obtain information that will be used during the next stages of their operation. This involves identifying within the company the employee who is authorized to make transfers and studying their digital habits, possibly by taking control of their mailbox after retrieving their identifiers. Then the attacker must identify a favourable business context, an invoice being processed with a supplier, or imagine a confidential subsidy decided by the general manager or the President of the company.
The chosen scenario must be compatible with the target’s psychological profile and the company’s activity. To establish trust, the attacker often bases their fraud attempt on a fictitious, credible, non-adversarial data architecture, imitating at best that of a legitimate interlocutor. It can be a supplier’s fake website, a client’s company, a central administration or a supervisory authority. In many cases of successful attacks with fake transfer orders, the victim visited the fake site without suspecting that they were evolving on a fictitious structure. At this point, artificial intelligence can bring a lot in terms of alerts. Most of the fictitious sites used in these ‘presidential scams’ had anomalies that could easily be detected by an automated system. It is necessary to generalize this detection of anomalies to data and metadata transmitted in e-mails, as well as to HTML links pointing to imitation websites, by crossing and comparing all the analyzed data.
The solutions currently under development combine several techniques: rule engines, NLP, machine learning, decision trees. The period and schedule selected by the attacker are often decisive criteria in the success of the operation. They will tend to choose a period of leave during which the workforce is reduced or at the end of the day when the employees are tired. Generally speaking, it is important to highlight the increasing power and complexity of the fictitious data architectures used during fake transfer order campaigns. The odds are that future attacks will use all the power of AI to build credible fake digital environments that combine text, image and sound. The latest advances in AI now make it possible to produce fictitious videos and false speeches from a machine learning component that are difficult to detect with the naked eye.
By combining all these approaches, the attacker will be able to create a fictional immersive space, creating confidence among their target. Only the AI can give the alert and reveal the trap!