AISecurius
Sign InSign Up Free
blog
Stolen Bank Account: Tens of thousands quietly transferred away late at night

In May 2024, Liaoning Internet Security Department received reports from the public that their bank accounts were missing three thousand yuan, with several records showing transfers to unfamiliar accounts. Upon receiving the clues, Liaoning cyber police promptly launched an investigation. During the investigation, the Internet security department received similar reports multiple times, where money was sporadically transferred to unfamiliar accounts, mostly in amounts below 50,000 yuan. These cases shared the common traits of small transfer amounts and covert methods, raising high alert levels among law enforcement.

2024070203.png

After several months of investigation, Liaoning cyber police uncovered an organized criminal group supported by AI technology. The criminal group, led by Ren Moumou, consisted of four "information officers" and "liaison officers" as key members, with an additional 27 "support personnel" providing assistance. They had clear divisions of responsibility: "information officers" Zhao Moumou and Liu Moumou were responsible for purchasing citizens' personal information elements—facial photos, mobile numbers, and bank card numbers. "Liaison officer" Liu Moumou was responsible for contacting overseas criminals, with "Qiu Mou" selling these elements. "Qiu Mou" then used AI software to create facial recognition verification videos using face images, subsequently stealing depositors' bank balances.

The theft process of the criminal group

Dingxiang Defense Cloud Business Security Intelligence Center released a special issue titled "AI Face-swapping Threat Research and Security Strategy," revealing that the criminal group used AI face-swapping technology. Through deep learning algorithms, they synthesized the facial features of the target individuals into videos to bypass financial institutions' facial recognition verification systems. This application of technology enabled criminals to remotely control bank accounts without the depositors' awareness.

For financial institutions, the new type of telecom fraud based on "AI face-swapping" is particularly concerning. Fraudsters fabricate information, voice, video, and images, combining real and false identity information to create entirely new false identities for opening bank accounts or engaging in fraudulent purchases. Moreover, fraudsters can use "AI face-swapping" technology to quickly learn different banking processes and swiftly perpetrate fraud across multiple banks simultaneously.

2024062703.jpg

Using a specific case intercepted by Dingxiang Defense Cloud Business Security Intelligence Center as an example of a new type of telecom fraud based on "AI face-swapping," the fraud process of the fraudster primarily involves four stages. "AI face-swapping" technology is just one critical factor in the fraud process; in other stages, if victims cannot discern and judge, they can easily step into traps following the instructions of fraudsters.

  1. Initially, the criminal group acquires large amounts of citizens' personal information, including facial photos, mobile numbers, and bank card numbers, through the black market or illegal means. This information may stem from various illegal database leaks or organized cyber attacks.

2. Utilizing AI technology

, the criminals use acquired facial photos as base material to generate high-quality fake faces through face synthesis algorithms. These faces may not exist in reality but closely resemble the original photos visually, sufficient to deceive most facial recognition systems.

3. Subsequently

, the criminal group uses AI software to embed the generated fake faces into videos, creating seemingly authentic facial recognition verification videos. These videos typically include fake faces, corresponding mobile numbers, and bank card information. They simulate real face-to-face verification processes, deceiving most facial recognition systems. Once the fake verification videos are created, the criminal group combines them with stolen bank card information.

4. The criminal group uses smartphones

or computers through banking applications or online banking to transfer funds from victims' accounts to specified unfamiliar accounts, often during late nights or when users infrequently use their bank accounts, to avoid detection by victims.

Defense: Multiple Technological Measures

To combat "AI face-swapping" new telecom fraud, it is essential to verify offline when suspicious online incidents arise, increase communication time, and employ exploratory measures such as requesting specific actions to expose potential flaws. Furthermore, enterprises are advised to adopt multiple technologies and methods. Additionally, guiding the positive application of AI technology and aggressively combating criminal activities are fundamental solutions.

1. Recognition of fraudulent "AI face-swapping" videos:

During video chats, requesting actions like touching the nose or face to observe facial changes can help detect authenticity. A real person's nose will deform when pressed. Alternatively, requesting actions such as eating or drinking to observe facial changes, or asking to perform unusual gestures or expressions like waving or difficult hand gestures can aid in distinguishing between genuine and fake. Waving can cause facial data disturbance, resulting in slight shaking, flickering, or other abnormal conditions.

2. Comparison and identification of device information,

geographical location, and behavioral operations: Dingxiang Device Fingerprinting identifies legitimate users and potential fraudulent behavior by recording and comparing device fingerprints. This technology uniquely identifies and recognizes each device, detecting manipulated devices such as virtual machines, proxy servers, or emulators. It analyzes behaviors like multiple account logins, frequent IP address changes, or frequent device attribute changes that deviate from typical user habits, assisting in tracking and identifying fraudster activities.

3. Identification of abnormal account behaviors:

Activities such as remote logins, device changes, phone number changes, or sudden activity in dormant accounts require enhanced verification. Continuous identity verification during sessions is crucial to ensure consistent user identity throughout usage. Dingxiang atbCAPTCHA accurately distinguishes between human operators and machines, precisely identifying fraudulent behaviors, and real-time monitoring and intercepting abnormal activities.

4. Prevention of fake videos and images from "AI face-swapping"

: Dingxiang's comprehensive facial security threat perception solution intelligently verifies multiple dimensions of information such as device environment, facial information, image authenticity, user behavior, and interaction status. It quickly identifies and blocks injected attacks, live forgery, image forgery, camera hijacking, debugging risks, memory tampering, root/jailbreak attempts, malicious ROMs, emulators, and over 30 types of malicious behaviors. It can dynamically configure video verification strength and user-friendliness, implementing a dynamic mechanism of stronger verification for abnormal users while facilitating smoother access for legitimate users.

5. Uncovering potential fraud threats:

Dingxiang Dinsight assists enterprises in risk assessment, anti-fraud analysis, and real-time monitoring to enhance the efficiency and accuracy of risk control. Dinsight's average daily processing speed for risk control strategies is within 100 milliseconds, supporting configurable access and deposition of multi-source data. Leveraging mature indicators, strategies, models, and deep learning technologies enables self-monitoring and iterative mechanisms for risk control. Paired with the Xintell intelligent model platform, it automatically optimizes security strategies based on risk logs and data mining of potential risks, supporting risk control strategies for various scenarios. Standardizing complex data processing, mining, and machine learning processes using correlation networks and deep learning technology provides end-to-end modeling services from data processing, feature derivation, model construction to final model deployment.

2024-07-09
Go back to blog
blog
Detailed explanation of core algorithm of device fingerprinting
how do you make sure your identity is established and that you can't be easily stolen or copied?
2023-03-02
blog
AISecurius device fingerprinting: Provide support for risk control decision-making and model construction
Device fingerprinting collects information of the device, and then gives the device a unique identification, and uses association and similarity search algorithms to ensure the stability of the identification.
2023-03-02
blog
Roll with the punch, check out the application of dynamic material in the challenge-response of CAPTCHA
Intelligent non-cognitive verification, as the name suggests, is to allow trusted users to pass without verification.
2023-03-03
Products
Developers
Company
Legal
    facebookgithubreddit
Copyright © 2024 AISECURIUS, Inc. All rights reserved
Hi! We are glad to have you here! Before you start visiting our Site, please note that for the best user experience, we use Cookies. By continuing to browse our Site, you consent to the collection, use, and storage of cookies on your device for us and our partners. You can revoke your consent any time in your device browsing settings. Click “Cookies Policy” to check how you can control them through your device.