Banking Bytes – Deepfake Fraud

Posted on August 15, 2024

BankingBytes is a Quarterly feature that will provide information on some of the most commonly asked I.T. questions received at the Bank. In researching articles for our customers, AI, or Artificial Intelligence, is real and probably you’re using it.  Think Chat GPT, your Apple phone’s “Hey Siri”, and some GPS applications like Google Maps and Waze use AI algorithms to determine routes and provide real-time updates to users.  While AI can be used effectively, this article, from June 11, 2024, points out how AI can be used in fraudulent ways.  As always, stay vigilant!

There’s No Faking It: Deepfake Fraud Is a Real Problem

Source: https://www.idx.us/

Summary:

Scammers are using realistic, AI-generated deepfakes for the purpose of committing identity fraud and other crimes. Here’s how the technology is being used by bad actors, how to recognize deepfake audio and video, and how to protect yourself against this evolving threat.

AI-generated audio and video are being used to trick businesses and individuals

The person at the other end of that video call certainly looks and sounds legitimate. Maybe it’s someone you’ve bonded with on a dating site, or maybe it’s a semi-distant relative or remote work colleague. Yes, it’s odd that they’re asking you to send them money or provide sensitive personal information, but you trust them.

Just one problem: They’re not real. Their image and voice have been generated through artificial intelligence (AI), and are being controlled behind the scenes by a scammer. What you’re experiencing is a deepfake, a rapidly evolving technology often used for malicious acts.

The U.S. Government Accounting Office (GAO) defines a deepfake as video, photography, or audio that “seems real but has been manipulated with AI. The underlying technology can replace faces, manipulate facial expressions, synthesize faces, and synthesize speech.”

More and more criminals are using AI deepfakes to commit identity fraud or pry money and data from businesses and individuals. The digital verification platform Sumsub reported an astonishing 1740% jump in deepfake-related fraud attempts in North America between 2022 and 2023.

How deepfakes are being used in scams

By creating a deepfake persona, fraudsters can trick people into believing they’re interacting with someone they know or want to know. This builds trust, making it easier for the scammer to manipulate the victim. Cybercriminals can also utilize deepfakes to create compromising material for the purpose of extortion. They can use an AI bot to, for example, take a brief snippet of a person’s real voice and “clone” it to produce an authentic-sounding facsimile; the faked voice can then be made to say just about anything.

The majority of deepfake fraud cases thus far have targeted businesses. Even large global companies can fall for these scams: In one recent example, an employee at a multinational design and engineering firm was tricked by a deepfake video call into transferring $25 million of the company’s funds to fraudsters. Many bad actors, meanwhile, are using deepfake audio and video in attempts to gain access to company data, which could result in breaches of customer information.

As this technology grows more sophisticated, it’s also getting easier to use—which means it’s becoming increasingly popular as a method to defraud individuals. Deepfakes have already made their way into the world of romance scams, according to a recent report in Wired. The article described how a crew of scammers used “deepfakes and face-swapping to ensnare victims in romance scams, building trust with victims using fake identities, before tricking them into parting with thousands of dollars.”

Tips for detecting deepfake video and audio

While a number of deepfake detection tools currently exist, many are only available to businesses. Also, most are designed to analyze recordings, and cannot help in real time during audio or video calls. To recognize deepfakes in real time, you’ll most likely have to rely on your own powers of observation.

The MIT Media Lab offered tips on how to determine whether a person seen on video is a deepfake. Zero in on elements of the person’s face, they advised. This includes:

  • Cheeks and forehead – “Does the skin appear too smooth or too wrinkly? Is the agedness of the skin similar to the agedness of the hair and eyes?”
  • Eyes and eyebrows – “Do shadows appear in places that you would expect?”
  • Eyeglasses – “Is there any glare? Is there too much glare? Does the angle of the glare change when the person moves?”
  • Blinking – “Does the person blink enough or too much?”
  • Lip movements – “Some deepfakes are based on lip syncing. Do the lip movements look natural?”

In an article for PolitiFact, Manjeet Rege, director of the Center for Applied Artificial Intelligence at the University of St. Thomas, and Siwei Lyu, a computer science and engineering professor at the University at Buffalo, offered advice on listening for clues that a voice might actually be an audio deepfake. These include “irregular or absent breathing noises, intentional pauses and intonations, along with inconsistent room acoustics.”

Use your common sense

One thing is clear: Deepfake technology is evolving at such speed that it will become progressively more difficult to tell fiction from reality. Today you might be able to spot a weird glitch in a person’s face on video, or a strange vocal pattern on a call. But those flaws might not be as noticeable a year or two from now.

Beyond the observational tips offered here, your best defense is to use common sense. If someone contacts you by phone or video—whether or not it’s a person you seemingly know and trust—and makes an unusual request or demand involving money or sensitive information, step back and assess the situation. Do whatever you can to independently verify that what the person is telling you is true. As AI expert Manjeet Rege said in the PolitiFact interview, “Healthy skepticism is warranted given how realistic this emerging technology has become.”

Banking Bytes – Caching

Posted on May 14, 2024

BankingBytes is a new Quarterly feature that will provide information on some of the most commonly asked I.T. questions received at the Bank. One of the frustrations our users have is their device locking them out of Internet Banking, and if the truth be known, probably their other Applications that require password changes.

This edition of BankingBytes will attempt to explain what Cached Credentials is and how it is helpful, but also aggravating when trying to use your favorite app but can’t due to a password change.

THEN, you call the bank to get your password reset and you sign on one time without incident, and then the next time, WHAM, you can’t sign on. So now, your frustration is off the charts. Hopefully, this article will help in preventing aggravation, blood pressure issues, 4-letter-word rants, etc.

Cached Credentials in plain language, is a vault on your device where a user ID is tied to a password for a specific application.

Cached credentials on your PC can lead to frustrations primarily due to security concerns and inconvenience. While they offer the convenience of faster logins by storing credentials locally, they also pose significant risks. One frustration is the potential for unauthorized access if someone gains physical or remote access to your device. This risk can be especially worrisome if your cached credentials are not adequately protected.

Moreover, cached credentials can cause issues when passwords are changed or updated. If a user changes their password but forgets to update the cached credentials, they may encounter login failures or lockouts, leading to frustration and wasted time trying to troubleshoot the issue.

Overall, while cached credentials offer convenience, the potential security risks and the potential for authentication issues can lead to frustration and concerns about the overall security of your PC and sensitive information. Regularly reviewing and managing cached credentials can help mitigate these frustrations and enhance security.

The Bank will ask you to clear your Cache and Cookies to help resolve sign-on issues with our Website, which leads to the next question, “How do I do that?”

The common browsers are Microsoft Edge and Google Chrome. Here is a link for Microsoft Edge. How to Manage and Clear Your Cache and Cookies | Edge Learning Center (microsoft.com)

Here is a link to clear cache and cookies in Chrome. Clear cache and cookies – Computer – Google Account Help

If you are using a different browser, simply search, “How do I clear cache and cookies for (insert your browser name here.)”

Check Fraud

Posted on April 5, 2024

The ABA and U.S. Postal Inspection Service Announce Partnership to Combat Check Fraud. Source of below press release is: aba.com

WASHINGTON — The American Bankers Association and the U.S. Postal Inspection Service today announced a new joint effort to combat the rapid rise in check fraud, which has increased nationwide by 385% since the pandemic, according to the U.S. Treasury Department. Check fraud schemes commonly target the U.S. mail to steal checks, alter or wash them to change the payee and dollar amount, and ultimately steal money from victims’ accounts.

ABA and USPIS’ anti-check fraud initiative will focus on four main areas: educating U.S. Postal Service and bank customers about check fraud and what they can do to protect themselves; addressing money mules and collusive accountholders; collaborating with law enforcement; and training bank employees and postal workers on red flags and prevention.

“We appreciate this opportunity to join with U.S. Postal Inspection Service to inform and protect consumers,” said ABA President and CEO Rob Nichols. “Working together to address the unprecedented rise in check fraud offers us a number of opportunities to make a difference, including educating the public on how to safely use the mail system to send checks while also taking advantage of the advancements in payments technology banks offer.”

“The U.S. Postal Inspection Service is proud to partner with the American Bankers Association to raise awareness among the public about check fraud and steps that can be taken to prevent it,” said Chief Postal Inspector Gary Barksdale. “Postal customers are also the customers of the American Bankers Association’s member financial institutions, and so we share a common sense of responsibility to protect those customers from check fraud and financial harm. Awareness of check fraud and check fraud prevention strategies will empower the public to protect themselves from financial harm while making it more difficult for criminals to perpetrate this crime.”

To kick off this partnership, ABA and the U.S. Postal Inspection Service today released a new consumer resource to educate consumers about check washing and what they can do to protect their mail and their checks.

According to the infographic, consumers can take several actions to protect their mail including:

  • Get your mail promptly after delivery. Don’t leave it in your mailbox overnight. 
  • If you’re heading out of town, ask the post office to hold your mail until you return. 
  • Sign up for informed delivery at USPS.com. It sends you daily email notifications of incoming mail and packages. 
  • Contact the sender if you don’t receive mail that you’re expecting. 
  • Consider buying security envelopes to conceal the contents of your mail. 
  • Use the letter slots inside your Post Office to send mail.

To protect their checks, bank customers can take the following actions:

  • Use pens with indelible black ink so it is more difficult for a criminal to wash your checks.
  • Don’t leave blank spaces in the payee or amount lines.
  • Don’t write personal details, such as your Social Security number, credit card information, driver’s license number or phone number on checks.
  • Use mobile or online banking to access copies of your checks and ensure they are not altered. While logged in, review your bank activity and statements for errors.
  • If your bank provides an image of a paid check, review the back of the check to ensure the indorsement information is correct and matches the intended payee, since criminals will sometimes deposit your check unaltered.
  • Consider using e-check, ACH automatic payments and other electronic and/or mobile payments.
  • Follow up with payees to make sure that they received your check.

Consumers who suspect they have been a victim of check fraud should file a report immediately with:

  • Their bank and request copies of all fraudulent checks
  • The local police department
  • The United States Postal Inspection Service at https://www.uspis.gov/report or call 1-877-876-2455 

The full infographic is available here

About the American Bankers Association

The American Bankers Association is the voice of the nation’s $23.7 trillion banking industry, which is composed of small, regional and large banks that together employ approximately 2.1 million people, safeguard $18.8 trillion in deposits and extend $12.5 trillion in loans.

About the U.S. Postal Inspection Service

The U.S. Postal Inspection Service is one of the oldest federal law enforcement agencies in the country. For more than 200 years, U.S. Postal Inspectors have protected the U.S. Postal Service, secured the nation’s mail system, and ensured public trust in the mail. 

###

IRS Reporting Mandates

Posted on September 9, 2021

Policymakers in Washington have proposed requiring banks to report virtually all their customers’ bank account information and activity to the IRS regardless of the customers’ consent.

While community banks do not endorse such broad IRS access to their customers’ account information, consumers need to be aware of the potential effects of this proposal.

Mandating new, broad bank account reporting to the IRS would infringe on the privacy of bank customers, push more people away from a banking relationship and overload the IRS with more personal information about American citizens than it can possibly process or keep safe from a data hack.

To be heard in Washington before this bank IRS reporting regime is enacted, please click here!

Ben Ross elected to Citizens Bank of Swainsboro

Posted on March 2, 2021

Board Ben Ross, president of Forest Heights Pharmacy, Inc., was elected recently to the Board of Directors for The Citizens Bank of Swainsboro and their holding company Swainsboro Bankshares, Inc. “We are fortunate to have another highly qualified individual to serve on our Board of Directors,” said President Milton Gray. “Mr. Ross is a successful entrepreneur who is wellrespected and strongly connected to the Statesboro Bulloch County market. He has been an active member of the Bulloch First Advisory Board since its inception. We are proud to have him serving on The Citizens Bank of Swainsboro and Swainsboro Bankshares Board of Directors as well. He will be a tremendous asset to our entire company.” Forest Heights Pharmacy, Inc. owns pharmacies in Statesboro, Sylvania, Midway, Lincolnton, Waynesboro and Savannah. He is a Cum Laude graduate of The University of Georgia School of Pharmacy earning his Doctor of Pharmacy degree in 2008. He is a member of Rotary Club of Statesboro, executive chairman of Bulloch County Drug Free Coalition, board member of Ogeechee Technical College and is an active member of First Baptist Church of Statesboro serving as a Sunday school teacher. He is married to Lauren Ross, and they have three children: Lanie Ross, Lucy Kate Ross and Reid Ross.

Beware of Phishing Text Scam

Posted on October 10, 2016

Many mobile phone users in Emanuel and Laurens County received a fraudulent text message “alert” on October 10, 2016 claiming to be from The Citizens Bank.  The text message directed them to call a specific number.  When called, a message at the phone number said the person’s debit card had been locked and asked them to provide debit card numbers and other identifying information.  The data systems of The Citizens Bank of Swainsboro were not compromised and the bank’s information was not the source of the phone numbers targeted.  The bogus alert was sent to people who are bank customers as well as those who have no relationship with the bank. Unfortunately, the scam tricked a few of the bank’s customers and created significant concern among many others.  All customers that responded to the fraudulent text message and gave their account number should contact the bank immediately so that their debit card can be canceled and a new card can be reissued.
The fraudulent text message was sent to random cell phones on Monday, October 10th. The message was sent from (844) 707-7859 and read as follows:

“CitizensBaankk Alert for (Recipient Cell Phone Number) Contact (518)-,.312-,.4885”
Cyber Criminals and Phone Scam Criminals obtain a data base of email addresses and cell phone numbers within a given region of the country and use common bank names (Citizens Bank, Bank of America, etc.) to fraudulently attempt to obtain debit and credit account card numbers.  No one should ever give their account numbers or social security number to anyone because of a phone call, text message or email solicitation.  The majority of these scams occur on a weekend or bank holiday.

Cyber Crime and Phone Scam Crime is an increasing threat, and customers should always use caution when receiving phone calls, text messages, and emails from someone pretending to be the bank.  Whenever you are suspicious always call the bank directly to verify.  There are also some important tips consumers can use to prevent fraud we’d like to share:

· Be alert for phishing scams trying to trick you out of giving up account numbers and other information.  They often arrive as email, phone or text messages asking for your account number or other details.  Banks don’t ask for such specific details.  The already have that information and won’t ask you for it in such unsolicited requests.

· Notify your bank immediately if you notice a fraudulent transaction.  You will be reimbursed for verified fraud if you report it promptly.

· Call your bank directly or navigate to their official website from a separate browser page if you’re suspicious.

· Watch your account like a hawk. Monitor your account transactions online frequently.  Set up electronic transaction notifications and balance alerts through your bank’s online banking service to monitor activity.  Check your statement every month.

· Change your password regularly and avoid using a similar password for your bank accounts as you do for other websites or apps.  Don’t use common numbers such as birthdates, street addresses or other information that can be easily associated directly with you in your passwords.  Don’t keep a list of passwords, PINS or usernames in your wallet or in an unsecure computer file.

· Don’t give your Social Security number or other personal credit information about yourself to anyone who contacts you.

· Order free copies of your credit report once a year to ensure accuracy.

· When using social networking sites, never include personal contact information including telephone numbers, Social Security number, birth date, email addresses, physical address, mother’s maiden name or other information that could provide sensitive information to fraudsters or hints to passwords.

· Don’t open email from unknown sources and use virus detection software.  Banks won’t send you an email asking you to click on a link and provide sensitive account information.