Fraud Prevention Insights

There’s more to the $25 million deepfake story than what you see in the headlines. I pulled the original story to get the full scoop. Here are the steps the scammer took: 1. The scammers sent a phishing email to up to three finance employees in mid-January, saying a “secret transaction” had to be done. 2. One of the finance employees fell for the phishing email. This led to the scammers inviting the finance employee to a video conference. The video conference included what appeared to be the company CFO, other staff, and some unknown outsiders. This was the deep fake technology at work, mimicking employees' faces and voices. 3. On the group video conference, the scammers asked the finance employee to do a self-introduction but never interacted with them. This limited the likelihood of getting caught. Instead, the scammers just gave orders from a script and moved on to the next phase of the attack. 4. The scammers followed up with the victim via instant messaging, emails, and one-on-one video calls using deep fakes. 5. The finance employee then made 15 transfers totaling $25.6 million USD. As you can see, deep fakes were a key tool for the attacker, but persistence was critical here too. The scammers did not let up and did all that they could to apply pressure on the individual to transfer the funds. So, what do businesses do about mitigating this type of attack in the age of deep fakes? - Always report suspicious phishing emails to your security team. In this context, the other phished employees could have been an early warning that something weird was happening. - Trust your gut. The finance employee reported a “moment of doubt” but ultimately went forward with the transfer after the video call and persistence. If something doesn’t feel right, slow down and verify. - Lean into out-of-band authentication for verification. Use a known good method of contact with the individual to verify the legitimacy of a transaction. - Explore technology driven identify verification platforms for high dollar wire transfers. This can help reduce the chance of human error. And one of the best pieces of advice I saw was from Nate Lee yesterday, who called out building a culture where your employees are empowered to verify transaction requests. Nate said the following “The CEO/CFO and everyone with power to transfer money needs to be aligned on and communicate the above. You want to ensure the person doing the transfer doesn't feel that by asking for additional validation that they're pushing back against or acting in a way that signals they don't trust the leader.” Stay safe (and real) out there. ------------------------------ 📝 Interested in leveling up your security knowledge? Sign up for my weekly newsletter using the blog link at the top of this post.

Welcome to 𝐓𝐡𝐞 𝐏𝐚𝐲𝐦𝐞𝐧𝐭𝐬 𝐀𝐜𝐚𝐝𝐞𝐦𝐲 by Checkout.com — Episode 6 👋 𝐓𝐡𝐞 𝐓𝐲𝐩𝐞𝐬 𝐨𝐟 𝐅𝐫𝐚𝐮𝐝 𝐢𝐧 𝐏𝐚𝐲𝐦𝐞𝐧𝐭𝐬: ► Fraud in payments is a growing challenge for merchants, issuers, and payment processors. Fraudulent transactions not only cause financial losses but also damage a merchant’s reputation ► To combat fraud effectively, businesses must leverage fraud detection tools, authentication techniques, and dispute management strategies to stay ahead of bad actors while maintaining a seamless customer experience — 𝐓𝐡𝐞 𝐓𝐲𝐩𝐞𝐬 𝐨𝐟 𝐅𝐫𝐚𝐮𝐝 & 𝐄𝐱𝐚𝐦𝐩𝐥𝐞𝐬 ► 3-𝐏𝐚𝐫𝐭𝐲 𝐅𝐫𝐚𝐮𝐝 – This occurs when a fraudster uses stolen card details to make purchases. ► 𝐅𝐫𝐢𝐞𝐧𝐝𝐥𝐲 𝐅𝐫𝐚𝐮𝐝 – A cardholder disputes a legitimate transaction, either by mistake or to reverse a purchase. ► 𝐆𝐨𝐨𝐝 𝐅𝐚𝐢𝐭𝐡 𝐏𝐚𝐲𝐦𝐞𝐧𝐭 𝐃𝐢𝐬𝐩𝐮𝐭𝐞𝐬 – The customer disputes a payment due to issues with product quality or fulfillment. Fraud prevention strategies must be tailored to identify, assess, and respond to these types of fraud in real time. — 𝐓𝐡𝐞 𝐏𝐫𝐨𝐜𝐞𝐬𝐬: 𝐂𝐮𝐭𝐭𝐢𝐧𝐠 𝐃𝐨𝐰𝐧 𝐨𝐧 𝐂𝐚𝐫𝐝 𝐅𝐫𝐚𝐮𝐝 1️⃣ 𝐅𝐫𝐚𝐮𝐝 𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐄𝐧𝐠𝐢𝐧𝐞𝐬 – These tools analyze transaction data (e.g., IP addresses, device data...) to assess fraud risks. 2️⃣ 3𝐃 𝐒𝐞𝐜𝐮𝐫𝐞 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐢𝐨𝐧 – Adds an extra layer of protection by requiring customer verification for high-risk transactions. 3️⃣ 𝐌𝐚𝐜𝐡𝐢𝐧𝐞 𝐋𝐞𝐚𝐫𝐧𝐢𝐧𝐠 & 𝐀𝐈 – Predicts fraud patterns based on historical transactions and behavioral analytics. 4️⃣ 𝐓𝐨𝐤𝐞𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧 – Converts sensitive payment data into tokens, reducing the risk of stolen card details being misused. 5️⃣ 𝐂𝐡𝐚𝐫𝐠𝐞𝐛𝐚𝐜𝐤 𝐏𝐫𝐞𝐯𝐞𝐧𝐭𝐢𝐨𝐧 – Strategies like real-time alerts and clear billing descriptors — 𝐓𝐡𝐞 𝐃𝐚𝐭𝐚: 𝐊𝐞𝐲 𝐃𝐚𝐭𝐚 𝐏𝐨𝐢𝐧𝐭𝐬 𝐭𝐨 𝐑𝐞𝐝𝐮𝐜𝐞 𝐅𝐫𝐚𝐮𝐝 Fraud detection relies on rich transaction data to identify suspicious activity and block fraudulent payments: ► Customer Name – Verifies the cardholder’s identity and checks for patterns of fraudulent behavior (e.g., fake names...). ► IP Address – Flags transactions from high-risk regions or locations inconsistent with the customer’s normal behavior. ► Billing Address – Used for Address Verification System (AVS) checks to confirm that the billing address matches the cardholder’s bank records. ► Delivery Address – Helps detect fraudulent transactions by assessing mismatched shipping details. ► Email Address – Identifies fraud patterns, such as disposable email addresses or emails associated with prior chargebacks. Providing complete and accurate data in payment requests enhances fraud detection and reduces false declines, improving both security and conversion rates. —— Source: Checkout.com x Connecting the dots in payments... ► Sign up to 𝐓𝐡𝐞 𝐏𝐚𝐲𝐦𝐞𝐧𝐭𝐬 𝐁𝐫𝐞𝐰𝐬 : https://lnkd.in/g5cDhnjC ► Connecting the dots in payments... and Marcel van Oost

🚨 Wake-Up Call: The Alarming Rise of Sophisticated Cryptocurrency Scams 🚨 I just got off the phone with another victim who fell for a classic #pigbutchering scam. This one hurt—a six-figure loss that left the victim devastated. But what really got my attention? The level of sophistication these cybercriminals are now operating with. Here’s how they did it: 🪜 The Setup: They roped the victim in with a seemingly legitimate training class, building trust and setting the stage for the scam. 💬 Transition to Private Messaging: Next, they moved the conversation to WhatsApp and Telegram—away from prying eyes and into their carefully controlled environment. 📱 The Fake Trading App: The victim was then instructed to download a fake trading app. This app made it look like the victim was making money hand over fist, all while the scammers had full control. 💰 The Money Transfer: Here’s the kicker. When the victim went to the bank to wire the money, they were told not to mention that it was for a cryptocurrency investment. The scammers spun a tale about how it would negatively impact the bank’s deposits and tax implications. This is where the bad guys are really stepping up their game. Take a look at the photo I attached—they’re getting better at this. 💔 The Loss: After the wire transfer, the victim was left with nothing but a fake app and a huge financial loss. The money was gone, and the scammers had vanished. This isn’t just a story—it’s a wake-up call. These criminals are getting smarter, but so can we. Here are 5 Tips to Avoid Falling Victim: 🔒 1. Beware of Unsolicited Investment Offers: If someone promises you guaranteed returns out of the blue, run the other way. Scams like these prey on hope and desperation. 🔒 2. Verify Before Trusting: Always do your homework. Research the platform, check reviews, and if something feels off, trust your gut. A quick check can save you from a world of pain. 🔒 3. Be Transparent with Your Bank: If you’re being told to keep secrets from your bank, that’s a giant red flag. Transparency with your financial institution is your best defense. 🔒 4. Resist High-Pressure Tactics: Scammers love to rush you. They’ll create a false sense of urgency to get you to act without thinking. Slow down, take your time, and make informed decisions. 🔒 5. Stay Informed and Educated: The more you know, the harder you are to scam. Keep yourself updated on the latest fraud tactics and share that knowledge with others. #Cybercriminals are evolving, but by adopting a @CyberSecure Mindset, you can stay one step ahead. Protect your hard-earned money and your peace of mind. For more on how to develop a #CyberSecure Mindset, visit www.cybersecuremindset.com. #CyberSecurity #CryptocurrencyScams #CyberSecureMindset #OnlineSafety #ScamAwareness #StayVigilant #DigitalDefense

Let’s take a moment to address a serious issue that affects many customers: credit card scams. With the rise of digital transactions, it’s more important than ever to stay vigilant and informed. As a technology leader at Chase, I wanted to share a few tips to help you safeguard your financial information: 1. Monitor Your Accounts: Regularly check your bank and credit card statements for any unauthorized transactions. Report any suspicious activity immediately. 2. Utilize Chase's Credit Journey ID Monitoring: Take advantage of our Credit Journey service, which provides free credit monitoring and alerts calling out changes to your credit report. Anyone can use this free tool can help you spot potential fraud early. You don’t have to be a Chase customer. 3. Beware of Phishing Scams: Be cautious of unsolicited emails, texts or phone calls asking for personal information. Always verify the source before sharing any sensitive data. 4. Use Strong Passwords: Create complex passwords for your online accounts and change them regularly. Consider using a password manager to keep track of them securely. 5. Enable Two-Factor Authentication: Adding an extra layer of security can significantly reduce the risk of fraud. Whenever possible, enable two-factor authentication on your financial accounts. 6. Stay Informed: Educate yourself about the latest scams and tactics used by fraudsters. Knowledge is one of the best defenses against becoming a victim. At Chase, we are committed to keeping your information safe and secure. Our advanced security measures help protect your accounts, but your vigilance is crucial. Together, we can combat credit card fraud and keep our communities safe. Check out this recent post to learn more about steps you can take if you suspect your identity has been stolen. Stay alert and protect your financial well-being! #FraudPrevention #SecurityFirst #CreditJourney

The Identity Theft Resource Center recently reported a 312% spike in victim notices, now reaching 1.7 billion for 2024. AI is transforming identity theft from something attackers did manually to full-scale industrialized operations. Look at what happened in Hong Kong: a clerk wired HK$200M to threat actors during a video call where every participant but one was an AI-generated deepfake. Only the victim was real. Here’s what you need to know 👇 1. Traditional authentication won’t stop these attacks. Get MFA on everything, prioritize high-value accounts. 2. Static identity checks aren't enough—switch to continuous validation. Ongoing monitoring of access patterns is essential after users log in. 3. Incident response plans have to address synthetic identity threats. Focus your response on critical assets. 4. Some organizations are using agentic AI to analyze identity settings in real time, catching out-of-place activity that basic rules miss. Passing a compliance audit doesn’t mean you’re protected against these attacks. The old “authenticate once” mindset needs to move to a model where verification is continuous and context-aware. If your organization is seeing similar threats, how are you adapting to push back against AI-driven identity attacks? #Cybersecurity #InfoSec #ThreatIntelligence

Fraudulent activities pose a significant threat to many businesses, making it crucial to detect and prevent them to protect both the company's reputation and bottom line. In a blog post by the engineering team from Booking.com, they share their innovative approach to combating fraud using graph technology. The rationale behind leveraging graph technology for fraud detection is straightforward: often, there are hidden links between various actors, identifiers, and transactions. For example, if an email address has been previously associated with fraudulent activity, it provides valuable context for future detection. This interconnected nature makes graph-based features highly effective for identifying fraud. The team at Booking built a graph using historical data, such as reservation requests. In this graph, nodes represent transaction identifiers like account numbers and credit card details, while edges connect identifiers that have been observed together before. When assessing fraud risk, they query the graph database to build a local graph centered around the request identifier, which helps to evaluate the likelihood of fraudulent behavior. One aspect that stands out is the dynamic visual representation of how the graph evolves with customer interactions, making it easier to understand the benefits of graph technology in fraud detection. It serves as a nice introduction to the potential of graph technology in combating fraudulent activities. #machinelearning #graph #datascience #analytics #fraud #detection – – –  Check out the "Snacks Weekly on Data Science" podcast and subscribe, where I explain in more detail the concepts discussed in this and future posts:    -- Spotify: https://lnkd.in/gKgaMvbh   -- Apple Podcast: https://lnkd.in/gj6aPBBY    -- Youtube: https://lnkd.in/gcwPeBmR https://lnkd.in/gQAwSz7D

A few weeks ago, I shared how I’d almost gotten scammed. And your support touched my heart.❤️ To say thank you, here’s a quick list of 7 tips to protect yourself against scammers! //1 Where does their first message come from? Email is still the most traditional path for serious offers, alongside VO platforms.   Serious proposals are less likely to come through: - A text - Telegram - WhatsApp - Social media Of course, scammers do use email and real offers can come through other platforms. So think of this as one checkpoint to consider amidst other factors. //2 Do a mini background check. If they claim they’re from a company, look into it: → Head to the website and look for them on the team page. → Search the company on LinkedIn and look for them under employees. If you can’t find them, reach out to the company or to a higher-up on LinkedIn to verify. //3 Check the email domain. Often, there will be small differences in a scammer’s email domain. For instance, take apple. Their domain is @apple .com. The domain of someone scamming as Apple might look like: - ap-ple .com - apple_support .com - apple. .com //4 Check the body of the message. Often, you’ll find: - Typos - Misspellings - Odd phrasing - A less professional tone - Line breaks that don’t make sense //5 Ask for a deposit up-front. If it’s for a larger project, ask for a deposit up-front. If they’re a scammer, they’ll either not respond or say no. But most true professionals will understand, respect, and consider your request. //6 Don’t open a new bank account. No professional job offer will ask you to:  - Send them money - Create a new bank account that requires a deposit to open If they ask for this, odds are they’re a scam. Any professional should be able to use PayPal, Venmo, Zelle, or ACH deposits for any of the major banks. //7 Trust your gut If it feels off, trust that feeling. Do your due diligence. And if it feels like the pieces just aren’t coming together, don’t waste more of your time. Just block and move on. And if you feel like it, post about it in VO communities to help others avoid it in the future. (❤️🙏 I’m so grateful that others posted about the scammers pretending to be TransPerfect so I could avoid the scam myself!) __ Of course, none of these are foolproof, and scammers get trickier every day. But it at least gives you a starting point for vetting suspicious jobs! → Anything you’d add to the list? #scams #voiceover #bestpractices #transperfect

Investor Alert: Beware of Social Media 'Investment Group' Imposter Scams FINRA has seen a recent significant rise in investor complaints due to fraudulent "investment groups" promoted across social media. #Scammers pose as registered investment advisers, advertising "stock investment groups" on platforms like Instagram, later shifting to encrypted group chats on WhatsApp to pitch investments. Since November, FINRA has received numerous investor complaints, alleging losses totaling millions of dollars. Sadly, this might be just the beginning. These imposters falsely portray themselves as registered professionals, often fraudulently claiming ties to well-known public figures and respected figures in the investment industry. Scammers lure in investors by initially promoting investment in actively traded stocks, and then steer them into low-priced, low-volume U.S.- or Hong Kong-listed stocks, potentially causing significant losses. They coerce victims into opening accounts at specific broker-dealers and manipulate the price of securities, leaving investors unable to sell, eventually causing the value to plummet. To guard against these scams, be cautious of unsolicited investment messages and conduct thorough research into investment professionals before committing. Utilize FINRA BrokerCheck (brokercheck[.]finra[.]org) to verify credentials, and refrain from investing without independent evaluation. It's crucial to remain vigilant against these and similar fraudulent activities. #financialadvisors and #RIAs, if you're reading this, consider passing along these best practices to your clients to help ensure their financial security. If you believe you've been targeted by a stock manipulation scheme, submit a regulatory tip to FINRA. #InvestorProtection #FinancialSecurity https://lnkd.in/eWreqyqm

What banks often miss is exactly where criminals strike. I had a case that perfectly illustrates the gaps. A criminal opened a new business banking account. They deposited large checks that were legitimate and made out to what appeared to be the same business. But here’s the truth: 🚩 The checks were stolen from the real business. 🚩 The fake business had a similar name to the real one. 🚩 It had a real EIN and a virtual address in another state. 🚩 The LLC was set up the same day as the bank account. 🚩 The criminal claimed they were generating $1M+ in revenue... within 24 hours of formation. 🚩 The business was registered in one state but claimed to operate in another where it wasn't registered. 🚩 And the biggest red flag? All deposited checks were withdrawn the same day. What did the bank miss? The inconsistencies. The urgency of withdrawals. The lack of operational history. The false legitimacy veneer crafted using public tools like EIN registration and virtual mailboxes. Meanwhile, the real business? They suffered delayed payments, lost vendor trust, and had to explain why checks that vendors mailed never reached their account. Their reputation was damaged—and the bank unknowingly helped do it. Fraud isn’t always loud. Sometimes, it’s built with real documents and fake intentions. If you're in banking, train your teams to look past surface-level legitimacy. 🔎 Investigate deeper. 📉 Look at account behavior. 🌐 Verify businesses beyond what’s on paper. The next fake LLC is already being filed. The question is: Will your bank catch it, or help fund it? You can't stop what you don't know. #FraudHero #fraudprevention #fraud #bankfraud