New Scam Clones a Person’s Face to Steal All the Money

Cyberattacks: New Scam Clones a Person’s Face to Steal All the Money from Their Bank Account Without Knowing the Password

Cybercriminals are taking advantage of the fact that many financial applications require biometric data for access, so they use artificial intelligence to copy several facial features of the victim and proceed to their cyberattacks.

The case of a Vietnamese citizen who lost $400,000 after a sophisticated digital theft has put the international community on alert about a new type of fraud that uses artificial intelligence (AI) to clone faces and empty bank accounts.

According to data from the cybersecurity company Group-IB, this kind of attack was initially detected in Southeast Asian countries, but they warn that it could spread to other regions in a short time.

The criminal group behind these attacks uses an advanced mobile trojan called GoldPickaxe, which initially targeted iOS users, although a version for Android has already been identified.

How This Type of Cyberattacks That Clones Facial Data Works

This malicious software allows attackers to collect biometric data, such as facial images, as well as identity documents and SMS messages. With this information, criminals manage to access the victims’ bank accounts without needing to know their passwords.

The perpetrators of these frauds use the collected data to create deepfakes, that is, digital simulations of the victim’s face generated using artificial intelligence.

These facial replicas allow attackers to bypass the biometric verification systems implemented by banks and other financial entities.

Moreover, according to Group-IB, there is an AI-based face-swapping service that facilitates the creation of these deepfakes, which increases the risk that facial recognition systems can be tricked.

Where Cases Related to This Cyberattack Have Been Reported

The first incidents related to this trojan were recorded in Thailand, shortly after the Bank of Thailand introduced facial biometric verification as a security measure.

After these events, the case of the Vietnamese citizen who suffered the theft of $400,000 was reported, which demonstrated the effectiveness and reach of this new criminal technique.

Cybersecurity experts said that, so far, the attacks have been concentrated on financial companies and their clients in Vietnam and Thailand, although it is not far-fetched to think that cybercriminals could expand their operations to other countries.

What Causes These Cyberattacks to Increase

The proliferation of personal images on social networks and other digital platforms makes it easier for attackers to obtain facial data. Nowadays, most people have photos of their faces available on the internet, which increases their vulnerability to this type of fraud.

Group-IB explained that, although passwords are still used, the trend is toward greater adoption of biometric identification systems, such as facial or fingerprint recognition, under the premise that these methods cannot be stolen in the same way as a traditional password.

However, the appearance of trojans like GoldPickaxe and the use of deepfakes show that biometric security can also be compromised.

The sophistication of these tools calls into question the effectiveness of facial authentication systems. Especially when attackers have access to image databases and artificial intelligence technology capable of generating convincing replicas.

The evolution of these types of cyber threats presents new challenges for financial institutions and application developers. Indeed, they will need to strengthen their protection mechanisms. They will actually seek alternatives that mitigate the risk of identity theft through deepfakes.

The ease with which cybercriminals can access biometric data. Then they can use it for bank fraud represents a growing challenge in the field of digital security.

Another point to consider is the risk of posting photos on social networks and not setting restrictions on who can view this information.

See also:

• Deepfake Fraud: How AI is Bypassing Biometric Security in Financial – Group-IB
• Historic Cyberattack – 3 million personal data stolen and sold – iGotOffer
• Sell your pre-owned mobile device online – iGotOffer

Fraudsters use voice-cloning AI to scam man out of $25,000 [Video]

Video uploaded by ABC7 on October 18, 2024.