Digital Scams to Watch for This Year

3/12/2024

watch out for deepfake audio fraud trending in 2022

Whether or not you bank, do business or share private information online, it’s vital to stay on top of new ways hackers may try to steal your data.

Safeguarding your privacy must incorporate your “snail mail,” phone calls and physical credit cards, as well as your online habits and mobile device security. Protecting your identity and banking information can feel like a full-time job, so SouthState Bank’s security experts have put together a few fraud alerts to be aware of as you go about your day.

What is deepfake audio fraud?

Deepfake audio is an advanced form of voice phishing. The quality is typically high, meaning that it is extremely difficult for the human ear to discern a real voice from a deepfake. The fake audio uses machine learning and artificial intelligence to listen to the way a particular person speaks in order to mimic accent, pronunciation and pitch.

Scammers take audio clips from interviews, announcements, speeches, presentations and other public events to create a fraudulent request for confidential information. They can even take audio from social media posts.

Polling conducted by McAfee Corp. indicates “77% of AI voice scam victims lost money.” Of those surveyed, 25% said they had encountered a deepfake voice scam, either personally or knowing someone who’d been scammed.

Someone could create a fake phone call requesting money for bail for a loved one, medical bill payment from your doctor’s office or any number of scenarios.

In a workplace setting, fraudsters will call employees with the authority to transfer funds and use deepfake audio of an executive, such as the CEO, to ask them to transfer money to a supplier’s bank account belonging to the fraudster. Other examples are seemingly more innocuous, such as requests for business documents, transaction details, a customer order, etc., but they can be leveraged for other fraudulent schemes.

With deepfake technology improving quickly, how can you guard against it? We’ve outlined the following fraud protection tips you can share with family members or employees:

Fraud Protection Tips

Ask yourself if the person’s voice sounds completely natural. Is this an unusual request for the person to make? If in doubt, ask them questions. The technology is in its infancy, so it is not yet able to converse as effortlessly as humans. Chances are, it will not flow well when you start asking probing questions.
Follow the concept of Zero Trust (never trust, always verify). Hang up and call the person directly using contact details you already have. Contact does not necessarily mean a phone call – perhaps send an email or visit their office. Do not ask the caller for their contact information. It is better to be extra cautious than suffer monetary losses and/or reputational hits later.
Whatever you do, never share sensitive information.

What is peer-to-peer payment fraud?

As cash continues to go by the wayside, there’s been a rise in payment fraud using peer-to-peer payments, also known as P2P – more commonly known as apps like Zelle, Paypal or Venmo.

P2P is simply an electronic transaction sent to another person using a mobile device. You may have a P2P app on your phone or built into your bank’s mobile app.

Common types of fraud associated with P2P methods include:

Scammers try to obtain money for a fraudulent charity, for goods or services, or debt payments. The FCC reports they are now asking for money to be sent to them via P2P instead of their previously used method of gift cards.
Smart fraudsters convince customers to give out credentials and secure access codes to gain access to their payment apps or online banking.
People falling prey to scams in which they’re asked to process a refund by transferring money to themselves. In reality, the funds get transferred to the scammer.

Send & Receive Payments Securely

The tips below can help you send and receive payments securely:

Never send to or accept P2P payments from someone you don't know.
If your P2P app has enabled 2-factor authentication, guard those credentials and codes closely.
Since your phone provides access to these payment apps, be cautious about letting someone you don’t know borrow your unlocked device. If a stranger were to ask to make an emergency call, dial the number yourself before handing over your phone.
Link your account to a credit card rather than a debit card or bank account. A credit card provides added protection in case you do not receive the goods or services that you have purchased.

P2P fraud can also happen through simple human error. If you’re paying a stranger for an online marketplace purchase, you can errantly send money to the wrong person with one wrong keystroke. Instead, consider using contactless payment options built into your credit cards or bank’s mobile device.

See also: 5 Tips to Strengthen Your Passwords

How does a phishing kit work?

You may only experience the final product of a phishing kit, but it’s important to know how they work.

According to Microsoft, a “phishing kit” or “phish kit” can refer to various parts of a set of software or services meant to facilitate a large-scale scam. This type of phishing provides a cybercriminal with images, scripts, and HTML pages that enable him to easily create an undetectable phishing email attempt and collect credentials through it. A phishing kit can also appear as a spoofed website for a brand or business that draws in unsuspecting customers to collect their credentials. A well-built kit will include dynamic logos, banners and other branding that help make the login pages appear legitimate. A scammer may also incorporate genuine “help” or “password reset” links that navigate cautious users out of the page and onto legitimate sites.

A cybercriminal can build or purchase a ready-made phishing kit. These kits can send a large email campaign designed to harvest sensitive information in a matter of minutes.

Email Safeguards

You can protect yourself from phishing attempts with these suspicious email safeguards:

Do not reply even if the sender appears to be a well-known business or financial institution. Instead, call the business or bank directly and ask them to verify the request in the email.
Do not click links in a suspicious email. This may download viruses to your computer or make you a continued target by confirming an active email address.
Do not open attachments. If you receive an attachment you are not expecting, first confirm with the senders that they did indeed send the message.
Do not enter your personal information or password using a form or link in a suspicious email.

If you or someone you know does fall victim to a fraud attempt, contact SouthState immediately at (800) 277-2175. You will also need to change any compromised passwords or login credentials.

Let us know!

If you think you’ve fallen victim to a scam, please contact us immediately.

Send Us an Email Call (800) 277-2175

This content is general in nature and provided for informational use only. Content may be used in connection with the advertising and marketing of products and services offered by SouthState Bank, N.A. and its subsidiaries and affiliates. This is not to be considered legal, tax, accounting, financial or investment advice. You should seek individualized advice from personal financial, legal, tax and/or other professionals, as appropriate depending on the specific facts of your situation. We do not make any warranties as to the completeness or accuracy of this information and have no liability for your use of this information.