FRAUD SQUAD
Thursday, October 12th, 2023
In our latest article in Fraud Squad series, we cover a deepfake scam that started with a call, a familiar voice, and a frantic plea for help. One couple is scammed out of nearly $10,000 when they received a call from whom they believed to be their incarcerated son requesting money for bail.
THE SCAM: A call, a familiar voice, and a frantic plea for help. One couple is scammed out of nearly $10,000 when they received a call from whom they believed to be their incarcerated son requesting money for bail.
THE SCHEME: It all started with a phone call. Husband and wife, Donna and Grenfell Letto, (Newfoundland, Canada) were convinced that the caller was their son, who claimed to be in jail and needed bail money to secure his release. Although his voice sounded unusual, the caller assured the concerned parents that he had been fighting a cold and was fine but, more importantly, needed their immediate help.
Their “son” claimed to have been arrested when he caused an automobile accident due to texting while driving. He explained that the accident sent a pregnant woman with multiple injuries to the hospital for treatment while he was taken into custody. The imposter then turned the phone over to a man claiming to be his lawyer, but not before leaving them with a heartfelt plea, “Mom, Dad, I need your help.” The Lettos were informed that their son could be released on bail if they paid $9,800. They were told that a bonded court official would collect the cash from their home and process it expeditiously. The caller warned them not to speak to anyone, including family members, about the situation due to a court order. Without hesitation, the couple went to the bank and withdrew nearly $10,000 in cash to help their son.
Later that day, a young man came to the door and collected the money. Mr. and Mrs. Letto received another call from the “lawyer” and were then instructed to pay a fine of several thousand dollars by sending cash to their law offices through a local courier service. This request sent up red flags for Mr. Letto, who is a retired police officer because the money was to be sent to Pointe-Claire when their son was 660 miles away in jail in Ontario. That’s when Mr. Letto called his daughter-in-law, who claimed to have no idea what he was talking about and that their son was not in any legal trouble. That’s when they realized – they were scammed.
The Lettos were contacted again by the man posing as the lawyer, and the angry father confronted the threat actor; however, no arrests were made, and their money was not recovered. Local police reported that over a few days’ timeframe in 2023, “at least four other senior couples lost a combined $200,000 to similar deep fake scams.”
FRAUD GEEK EXPLAINS: Deepfakes refer to content that appears to be real but is actually fake. This term is commonly associated with videos, images, and audio files that are manipulated to create lifelike content that can be used to deceive people. For instance, a video of a politician giving a speech could be manipulated to show them saying things they never actually said, or audio generated to sound like a family member or friend in trouble, like the story above. The potential implications of deepfakes are significant, as they could be used to spread fake news, commit fraud, or blackmail people. Like many victims, the Lettos were immediately tricked by the sound of a familiar voice. Threat actors using this scam have the same goal: create images, audio, and video to prey on a victim’s emotions to gain access to funds or sensitive information.
The most important and effective way for individuals to prevent falling for deepfakes is to arm themselves with knowledge. Learn about red flags, response steps, and when to seek help. In this scam, the Lettos overlooked a couple of important red flags:
FRAUD GEEK’S ADVICE
Consumers can protect themselves by remembering the following:
Financial Institutions: Keep Your Customers Protected
FIs are potentially at risk of deep fake scams in several ways:
FIs must be aware of these risks and take steps to protect themselves against deep fakes, such as implementing robust cybersecurity measures, training employees on how to detect deepfakes, and leveraging AI and ML to identify and prevent fraudulent activity.
The DefenseStorm Difference :
With DefenseStorm GRID Active Fraud Prevention, FIs can proactively detect fraud before funds leave the organization. FIs can better monitor insider threats and review user actions to ensure their people are doing what they are supposed to be doing with the permissions they have and are not abusing their access. In addition, FIs can review user access to make sure their employees only have the permissions they need to perform their responsibilities, to prevent a fraudster from accessing higher level/sensitive data. Using User Behavior Analytics (UBA) FIs can better detect activities that are outside the norm of the customer. For example, a customer typically uses online banking for low monetary transfers, but then comes into a branch with documents to do a large transfer to an account that has not been associated with that user before. UBA within GRID Active Fraud Prevention would flag that potential fraud, protecting both the FI and customer from any money moving out of the account until that transaction could be verified.
SOURCES:
How Can Financial Institutions Safeguard Against Deepfakes: The New Frontier of Online Crime?
https[:]//www[.]iproov.com/blog/deepfakes-the-threat-to-financial-services
N.L. family warns others not to fall victim to the same deepfake phone scam that cost them $10K
https[:]//www.cbc.ca/news/canada/newfoundland-labrador/deepfake-phone-scame[-]1.6793296