The Dark Potential of AI in FinTech and How to Reduce It

The three riders of a potential AI-pocalypse

AI phishing attack

As AI's capabilities evolve, so do its threats to FinTech. Generative AI, particularly, heightens the efficacy of cyberthreats like phishing scams. Traditional phishing attacks, typically conducted via emails and spurious websites, now appear more convincing thanks to AI's ability to rectify errors and adopt professional writing styles. Moreover, large language models (LLMs) assimilate real-time information, enhancing the believability of phishing emails by incorporating up-to-the-minute details and creating a sense of urgency. AI chatbots exacerbate the issue by driving the success of phishing campaigns at an unprecedented rate.

Spear phishing, a more targeted form, utilizes social engineering techniques to tailor attacks to specific individuals. AI-generated spear phishing emails, crafted with meticulous precision, are compelling and tend to deceive recipients at alarming rates. In a study conducted at Black Hat USA 2021, simulated spear phishing emails generated by AI prompted significantly more clicks than their human-crafted counterparts. 

Vishing

With the advancement of LLM technology, generative AI can swiftly curate sensitive information to tailor highly personalized messages, including deepfake phone calls and videos, posing an even greater threat. Voice phishing, or vishing, leverages phone calls and voice messages to extract sensitive information from unsuspecting victims.

Traditionally, vishing scams rely on social engineering tactics to create a sense of urgency, often impersonating trusted contacts to deceive targets. Generative AI revolutionizes vishing attacks by streamlining the research phase, enabling attackers to gather information rapidly for social engineering purposes. Furthermore, AI can clone the voices of trusted individuals, producing deepfake audio that sounds remarkably authentic. Imagine an employee receiving a voice message from someone who sounds exactly like the CFO, requesting an urgent bank transfer. 

Such a situation came true for a Hong Kong-based multinational company just recently. In this shocking case, the company's finance worker fell victim to not just a fake call but a fake video conference. All of its participants, including the CFO, were AI-generated.

In another case, a Canadian lost $11,000 to fraudsters, persuaded by deepfakes of the Canadian Prime Minister Justin Trudeau and Elon Musk to make an investment on a platform they endorsed.

Overall, 2023 was a year of vishing, as far as cyberthreats are concerned: experts note that fake voice calls were on the rise this year.

Deepfake

Deepfakes, sophisticated manipulations of reality driven by AI machine learning algorithms, have the power to alter videos and audio recordings seamlessly.

These synthetic creations, crafted by training AI models on extensive datasets, can produce hyper-realistic impersonations that challenge even the most discerning observer. In finance, the deceptive potential of deepfakes poses a significant threat as they can bypass facial recognition and other biometrics.

This blurring of truth and fiction carries dire consequences, including eroded confidence in financial institutions, mass withdrawals, and market crashes instigated by manipulative deepfakes, thus posing a significant risk to global economies.

How to battle an AI-powered fraud

Deepfake detection

Since we focused on cybercrime in the first part of this article, let’s start the second with a solution to the deepfake problem. 

Several technical solutions exist to detect deepfakes, each with its own approach:

Software for detecting AI output: This software scrutinizes the digital traces left behind by AI-generated content to discern any manipulations in images, videos, or audio files.

AI-powered watermarking: This method involves embedding a unique identifier into an image or text to denote its origin. It facilitates tracking and tracing the source of media, aiding in authenticity verification.

Content provenance: This strategy focuses on elucidating the origins of digital media, both natural and synthetic. By maintaining a comprehensive record of a piece of media's sources and history, it helps identify potential tampering.

However, detection is still incomprehensive, and universal standards for differentiating between real and fake content are lacking. Also, the absence of watermarks on open-source AI models makes it challenging to verify the authenticity of media generated by these models.

Sybrin's Liveness tries to overcome these limitations and take deepfake detection to the highest standards. Rigorously tested against the latest technologies and compliant with ISO/IEC 30107-3 standards, this solution combines image processing techniques and neural networks to deliver rapid results using only a selfie in under half a second.

Preventing phishing and vishing

Some basic safety recommendations that can save you and your company from such attacks are the following:

• Never reveal or confirm your personal details over the phone, via email, or any other way, even to your bank.
• Don’t answer calls and open emails from numbers and senders you don’t know.
• Add your number to “Do Not Call” register if it's available for your country. Be sure that the register is legitimate.

Also, you can conduct a vishing or phishing attack simulation to test your company’s security.

To create a solid firewall against vishing and phishing, use tools such as Imperva. The solution provides a Web Application Firewall, thwarting attacks with top-tier web traffic analysis to your applications. Such WAF can detect and handle unauthorized access, including the one involving vishing, using device threat intelligence.

Summing up on AI threats and opportunities

The emergence of sophisticated threats like AI phishing attacks, vishing, and deepfakes underscores the importance of robust cybersecurity measures and innovative detection solutions. That’s a vast room for improvement and an opportunity spot for would-be founders. 

Here I explain how to build an AI-powered credit scoring solution. If you want to know more about our expertise in AI for FinTech, feel free to schedule a call with our team.