While businesses continue to debate important issues about the ethics of AI and advanced automation, the Fraud Economy has been silently reinventing itself in the background. This vast, interconnected network of cybercriminals is now building and selling AI-powered products designed to commit fraud more efficiently and effectively than ever. Without restrictions, AI tools can allow even fraudsters with minimal technical skills to quickly generate realistic videos, deepfake audio, and personalized phishing emails with malicious intent.
Read on to discover how AI enables fraud at scale, and how to protect your revenue and secure the customer journey from account creation to checkout.
What is the Fraud Economy?
The Fraud Economy refers to a sophisticated and interconnected network of cybercriminals who exploit online businesses through various types of fraud and abuse. This multi-billion-dollar ecosystem has evolved from isolated attacks to a full-blown economy where fraudsters collaborate and share resources to commit account takeovers, content abuse, and payment fraud.
As with any economy, this criminal market operates on a supply-and-demand basis: fraudulent service providers create a supply of tools and stolen data to meet the demand generated by bad actors.
For example, Sift’s trust and safety team has helped to identify and expose various fraud rings and widespread scams, including Proxy Phantom, Cart Crasher, and Pig Butchering scams.
Why Understanding the Fraud Economy is Crucial
Unfortunately, the Fraud Economy is highly lucrative for bad actors. Researchers predict the annual cost of cybercrime will reach over $10.5 trillion globally by 2025. In 2023 alone, identity fraud, enabled by the sale of stolen credentials on the dark web, cost Americans $43 billion.
On a broader level, each instance of fraud damages trust and safety across markets and reduces overall consumer confidence in online transactions.
The Fraud Economy has transformed into a complex, interconnected network where various abuse vectors like account takeover and payment fraud are deeply interlinked, and serve as stepping stones towards larger fraud schemes. This integration makes it essential for businesses to understand the whole ecosystem and invest further in advanced fraud prevention technologies and strategies. This might include hiring specialized fraud analysts and continuously updating security measures. The arms race against fraudsters drives up operational expenses, potentially eating into profit margins if not managed effectively.
The evolving nature of fraud and cybercrime has also led to stricter regulations and compliance requirements across industries. Failing to meet fraud protection and regulatory standards exposes companies to hefty fines, lawsuits, not to mention the harm it does to their reputation. Staying compliant with data protection, anti-money laundering, and industry rules requires a thorough understanding of the Fraud Economy. Without it, companies risk legal penalties, potential license loss, and it weakens relationships with partners and customers.
However, fraudsters adapt quickly to market changes and technological advancements, as seen during the pandemic, when increased online traffic led to a surge in fraudulent activities. The more recent widespread availability of generative AI has been quickly seized upon by bad actors who have rapidly adopted the tools for a variety of malicious schemes. Fear of AI fraud has already caused 30% of consumers to scale back their online shopping.
The AI Revolution in Fraud
The cybercrime space has been transformed by AI over the past two years. Fraudsters leverage publicly available Generative AI tools for criminal purposes, and large language models (LLMs) are being explicitly reengineered to perpetrate fraud by using “jailbroken” versions of existing models. For $200 per month, bad actors can subscribe to FraudGPT, an AI that writes malicious code. Similar tools include WormGPT and BadGPT. Let’s take a closer look at some of the new threats AI has created for the Fraud Economy:
AI-Enhanced Social Engineering
According to research, 98% of cybercrimes involve social engineering attacks, which deceive victims into sharing secure information. Using artificial intelligence, fraudsters can create highly personalized attacks by automatically crawling social media and publicly available data to gain insights into their targets. This data can then be used to generate tailor-made AI messages in various formats, including text, video, and audio.
Voice Deepfakes and Financial Fraud
A new form of AI-powered social engineering uses deepfaked audio that convincingly replicates the voices of real people. A common use case includes phone calls that impersonate a victim’s loved one in distress and desperately in need of funds. This voice cloning technology has also been used to scam corporations, such as in the Hong Kong CFO impersonation case where a finance worker was tricked into paying out $25 million to a cybercriminal impersonating their CFO.
Generative AI and Synthetic Identity Fraud
On any given day, organizations and consumers alike are bombarded with 3.4 billion phishing emails. AI tools can rapidly and easily mass produce highly personalized phishing messages in each recipient’s native language. These emails are generated using LLMs trained on thousands of legitimate messages to closely mimic the style of trusted organizations or individuals.
Generative AI is also used for synthetic identity fraud, in which AI is used to forge digital identities by combining stolen data (such as Social Security numbers) with false names, addresses, and other details to create fake identities that can often bypass traditional verification systems. This is used to automatically generate a trail of digital activity and give an appearance of legitimacy.
AI-Powered Automation of Attacks
Using AI, cybercriminals can automate phishing campaigns that target multiple businesses simultaneously with thousands of emails per minute. They also use AI bots and scripts to launch credential-stuffing attacks and account takeover (ATO) attempts. For example, the Proxy Phantom fraud network used bots to incorporate 1.5 million compromised credentials into automated credential-stuffing attacks across the world. At its height, this fraud ring was generating 2,691 blocked login attempts per second.
Cryptocurrency Scams
LLMs are used to develop sophisticated cryptocurrency scams. For instance, bad actors can use AI to generate thousands of social media posts to promote a particular cryptocurrency and artificially inflate its value. When prices are high enough, they will then sell the currency they hold to make a substantial profit in what’s known as a pump-and-dump scam.
Fraudsters also use AI to create completely fake initial coin offerings (ICO) and deceive investors into funding a currency that doesn’t actually exist. Generative tools can create realistic white papers using complex industry terminology and even fully functional websites that mimic the look and feel of real blockchain platforms.
Strategies to Combat AI-Powered Fraud
To confront advanced AI fraud risks, organizations need better risk identification, fraud detection, and threat monitoring, and while AI is creating many new challenges, it also offers the most effective solutions. Rather than scrambling to react to each new threat by relying on legacy anti-fraud approaches, companies can proactively adopt AI tools that secure the entire user journey. Let’s take a closer look at how AI can help you protect your business and your customers:
Identify Risky Activity
To block ATOs and synthetic identities, you need the ability to pinpoint risky account activity from the very beginning of the customer journey. With advanced account defense solutions, you can instantly and automatically identify ATO attempts and synthetic identities at login. With powerful machine learning algorithms, Sift is trained to detect even the most sophisticated AI impersonation attempts, allowing you to protect your business without adding friction for legitimate customers.
AI-Powered Fraud Detection
Legacy fraud detection is reactive rather than proactive, and suffers from limited scalability and high false positive rates. These static rule-based systems are ill-suited to tackling today’s rapidly evolving fraud techniques. Instead, advanced AI-powered fraud detection solutions like Sift deliver user-level insights and automation capabilities to proactively identify fraudulent activity.
Continuous Monitoring and Real-Time Risk Assessment
AI-driven attacks are highly adaptive and constantly evolving. Fraud can occur at any point in the customer journey, from account creation to chargeback requests or returns abuse after delivery. Ongoing fraud monitoring solutions enable you to automatically identify subtle red flags and stop fraud before attacks can escalate.
Real-time risk assessments also prevent sophisticated fraud attempts by applying Dynamic Friction, in which different levels of security requirements are enforced based on the level of risk that each user poses. This ensures a smooth and swift experience for the vast majority of users while mitigating the risks posed by fraudsters.
Evolve Faster and Combat Fraud with Sift
The Sift Platform offers advanced machine learning, deep predictive analytics, and powerful anomaly detection. The Sift Global Data Network processes and analyzes more than one trillion events per year to provide deep insights into emerging fraud patterns and trends.
Companies that choose Sift as their fraud prevention solution benefit from a 40% improvement in fraud detection accuracy and a holistic view of behavior throughout the customer journey.
What’s more, Sift keeps you up-to-date on fraud trends with tools like the Fraud Industry Benchmarking Resource (FIBR), which is powered by trillions of events from Sift’s Global Data Network, providing a guidepost for businesses to aspire to when it comes to digital risk management.
Learn more about how the Sift Platform can help you win the fight against fraud and protect your business in the age of AI.
