Using artificial intelligence (AI) tools to create false profiles, photo IDs, employment histories and even deepfake videos for interviews, these fraudsters aim to secure remote jobs, CNBC reported Tuesday (April 8).

In these jobs, they can then steal the company’s data, trade secrets or funds; install malware and then demand a ransom; or, in some cases, collect a salary that they can give to the North Korean government, according to the report.

These scams often target cybersecurity and cryptocurrency firms but are also common across industries, the report said.

By 2028, 1 in 4 job candidates will be fake, the report said, citing research and advisory firm Gartner.

Firms that have encountered fake job seekers have deployed solutions to prevent it from happening again. These include using identity-verification companies to vet candidates and video authentication programs to spot deepfake videos, per the report.

Remote hiring, onboarding and training are some of the toughest tests faced by employers, according to the 2021 PYMNTS Intelligence and Jumio collaboration, “Digital Identity Tracker®.”

The report found that during the pandemic, digital identity verification solutions emerged as valuable tools for employers to remotely hire and onboard new workers and to replace cumbersome manual processes.

Businesses are harnessing AI to bolster security measures and combat increasingly sophisticated cyber threats, PYMNTS reported in May.

For example, Proofpoint addresses the increasing risks associated with business email compromise (BEC) and malicious URLs with a predelivery defense system that protects against social engineering tactics and malicious links.

“Organizations need a simple, unified and effective way to catch every threat, every time, every way a user may encounter it, using every form of detection,” Darren Lee, executive vice-president and general manager of People Protection Group, Proofpoint, said at the time in a press release.

Businesses are a prime target for bad actors and scammers, PYMNTS reported in April 2024. The FBI Internet Crime Report said that in 2023, business email compromise (BEC) attacks in the U.S. resulted in $2.9 billion in adjusted losses annually, while malware attacks represented $59.6 million in adjusted losses annually.

The post Fraudsters Use Generative AI Tools to Secure Remote Jobs appeared first on PYMNTS.com.

The “explosive growth” of these tools may impact lenders in 2025 and beyond, the provider of AI solutions for consumer lending said in a Tuesday (March 25) press release.

“An analysis of criminal Telegram channels revealed a 644% increase in conversations about AI and deepfakes used for fraud between 2023 and 2024, featuring sophisticated schemes such as synthetic identity generators, deepfake videos aimed at bypassing identity verification and AI-generated counterfeit identification documents,” Point Predictive said in the release.

The company said this while reporting that auto lenders suffered $9.2 billion in fraud losses in 2024. That total was the highest ever measured, according to the release.

The biggest share of auto lenders’ fraud risk exposure — 69% — was first-party fraud in which borrowers or dealerships misrepresented information to lenders, the release said. First-party fraud in the form of income and employment misrepresentation accounted for 43% of total fraud risk.

“Borrowers using their own names who inflate their income, misrepresent their employment, utilize credit washing techniques, or create new credit profiles with Credit Profile Numbers (CPNs) account for the overwhelming majority of risk fraud, yet these patterns often go undetected,” Point Predictive Chief Innovation Officer Frank McKenna said in the release.

Another fast-growing form of fraud is bust-out fraud in which criminals build credit profiles and make initial payments to appear legitimate before maxing out all their available credit lines and disappearing, according to a report the company released Tuesday. Bust-out fraud increased by 26% over the last 24 months, according to the press release.

The threat landscape has grown exponentially in the age of generative AI because fraudsters have access to AI tools for synthetic identity generation and real-time phishing attacks, PYMNTS reported Wednesday (March 19).

Financial institutions are increasingly turning to AI to enhance their fraud detection capabilities, according to the PYMNTS Intelligence and The Clearing House collaboration, “Instant Impact: AI’s Role in Advancing Real-Time Payments.”

The report found that 94% of payments professionals view AI primarily as a tool for improving fraud detection and that the adoption of AI and machine learning technologies is transforming how transactions are monitored and secured.

The post Auto Lenders Face Emerging Threat From AI-Powered Fraud Tools appeared first on PYMNTS.com.

Companies like eBay and British insurer Beazley have warned about an uptick in fraudulent emails containing personal details, likely obtained via artificial intelligence (AI) analysis of online profiles, the Financial Times (FT) reported Thursday (Jan. 2).

“This is getting worse and it’s getting very personal, and this is why we suspect AI is behind a lot of it,” Kirsty Kelly, chief information security officer at Beazley, told the FT. “We’re starting to see very targeted attacks that have scraped an immense amount of information about a person.”

According to the report, cyber security experts say these attacks are increasing as AI grows in sophistication. AI bots can quickly consume mass quantities of information about a company’s or person’s style and tone and recreate them to plot an effective scam.

They can also scrape victims’ online and social media presence to find the topics they may be most likely to respond to — helping hackers create large-scale bespoke phishing scams.

“The availability of generative AI tools lowers the entry threshold for advanced cyber crime,” said Nadezda Demidova, a cybercrime security researcher at eBay. “We’ve witnessed a growth in the volume of all kinds of cyber attacks,” particularly in “polished and closely targeted” phishing scams, she added.

AI helped add to a larger cyberattack landscape in 2024, PYMNTS wrote recently, part of a catalogue of threats that include ransomware, zero-day exploits and supply chain attacks.

“It is essentially an adversarial game; criminals are out to make money and the [business] community needs to curtail that activity. What’s different now is that both sides are armed with some really impressive technology,” Michael Shearer, chief solutions officer at Hawk, said in an interview with PYMNTS.

Training and education, PYMNTS wrote, remain crucial components of a robust cybersecurity strategy, as people are often the most vulnerable point in any system. Employees should be updated regularly on the latest phishing tactics and cyber threats, while simulated real-world attack scenarios can help bolster preparedness and resilience.

And while AI can help cybercriminals carry out their schemes, it can also help companies shore up their defenses.

Research from the PYMNTS Intelligence report “The AI MonitorEdge Report: COOs Leverage GenAI to Reduce Data Security Losses” shows that 55% of companies are employing AI-powered cybersecurity measures.

That survey, taken in August of 2024, marked a sharp increase from the 17% of chief operating officers who reported using AI-driven security tools in May.

The post 90% of Cyberattacks Originate With Phishing Emails appeared first on PYMNTS.com.

These groups are still ramping up their efforts in spite of increased law enforcement activity, Bloomberg News reported Monday (Oct. 7), citing a new United Nations (UN) report.

“The transnational organized crime threat landscape in Southeast Asia is evolving faster than in any previous point in history,” reads the report, compiled by the UN Office on Drugs and Crime.

That evolution has led to a rise in cybercrimes such as crypto fraud, romance scams and money laundering in the Mekong region, countries such as Cambodia, Laos and Myanmar. The report says the success of these activities has led criminal groups to employ “service-based” business models and technologies such as malware and generative AI.

“The sheer scale of proceeds being generated within the region’s booming illicit economy has required the professionalization and innovation of money laundering activities, and transnational criminal groups in Southeast Asia have emerged as global market leaders,” the report says.

The report adds that the victims of the groups go beyond just those being scammed, with thousands of people being trafficked to work in “scam centers” as casinos, hotels and special economic zones among the property developments “become hubs for the booming illicit economy, adding to existing governance challenges in many of the region’s border areas.”

And so, online fraud has only increased, with losses of between $18 billion and $37 billion for victims in eastern and Southeast Asia last year, the report said.

PYMNTS examined the rise of organized scam operations earlier this year in an interview with Featurespace Chief Operating Officer Tim Vanderham.

Speaking with PYMNTS CEO Karen Webster, he noted that “when you think about the billions and billions of dollars that come from scams globally,” the money made from ill-gotten gains surpasses the revenues of some of the largest businesses around the world.

In just the U.S., Vanderham said, the $2.7 billion in fraud reported just a few years ago represents just a small fraction of the true total — primarily because people are embarrassed to report that they’ve fallen victim to unscrupulous scams.

“In the meantime, the crime syndicates are using the stolen funds to bankroll other crimes such as human trafficking and the drug trade,” PYMNTS wrote.

The post SE Asia-Based Scam Groups Raked in $37 Billion in 2023 appeared first on PYMNTS.com.

The company had said Monday (July 1) that some of its systems could be down as late as the morning of Thursday (July 4), according to the report.

“We are ahead of the anticipated schedule,” Tony Macrito, senior communications director at CDK, told Bloomberg in a report posted Tuesday (July 2).

CDK’s dealership management system serves as a hub for car dealers’ day-to-day business, helping with everything from service to parts to sales, the report said.

The taking down of the company’s system may have slowed vehicle sales to an annualized rate of 15.8 million vehicles in June, compared with 16.1 million during the same month last year, per the report.

Some of the largest dealership groups in North America have said the cyberattack may have a “material” impact on their finances, according to the report.

CDK had its systems knocked offline by two cyberattacks in mid-June, impacting some 15,000 car dealerships that use its software.

Dealerships found themselves having to use pen and paper, because the takedown of the dealership management system left them unable to conduct credit checks, generate auto loans, complete sales contracts, track their inventory or executive other sales processes digitally.

It was reported Friday (June 28) that the hackers who struck CDK are affiliated with a Russia-backed group that has been tied to 96 extortion attempts since May 2023 and has likely committed dozens more.

This is one of several such incidents that have happened in recent weeks.

On Wednesday (June 26), Arkansas-based Evolve Bank & Trust publicly confirmed news that a ransomware gang had hacked the bank and was posting customer data on the dark web.

On June 24, retailer Neiman Marcus notified customers of a data breach that affected 64,472 people. The company said the “external system breach (hacking)” occurred on April 14 and was discovered on May 24.

In another recent incident, Live Nation said its Ticketmaster system could have been compromised by a hacker who then tried to sell customer information on the dark web.

The post CDK Says It’s Recovering From Hack Faster Than Expected appeared first on PYMNTS.com.

The hackers who struck car dealership software-as-a-service (SaaS) platform CDK Global on June 18 and 19 are reportedly affiliated with a Russia-based group called BlackSuit.

This cybercriminal group has been tied to 96 extortion efforts since May 2023 and has likely committed dozens more, Bloomberg reported Friday (June 28).

BlackSuit includes members who were formerly affiliated with cyber gangs called Conti and Royal, according to the report.

Little is known about BlackSuit and its members, but security experts have described the group as low-key and business-like, the report said.

The group specializes in “double extortion” attacks that include two elements: locking victims’ systems with ransomware and stealing data that they then threaten to sell or leak, per the report.

It uses phishing and social engineering to get the information it needs to break into a computer network, according to the report.

Its ransom demands typically range from $300,000 to $5 million, and it has been known to negotiate terms with its victims, per the report.

CDK Global suffered a cyberattack on June 18, followed by another on June 19, just as it was starting to restore systems shut down in the previous attack.

The company’s dealer management platform is used by thousands of car dealerships across the United States and by automakers that leverage its software solutions to handle things like customer relationship management, financing, payroll, support and service, inventory and back-office operations.

The cyberattack left many businesses either effectively shuttered and unable to return to normal business or forced to turn to paper-based processes and other workarounds for record-keeping and other administrative tasks.

It was reported June 21 that CDK Global had begun to restore its systems, and that it expected the process to take “several days.”

On Tuesday (June 25), the company told its car dealership customers that its systems would continue to be down for at least the rest of the month.

Eighty-two percent of eCommerce merchants endured cyber or data breaches in the last year, and 47% said the breaches resulted in both lost revenue and lost customers, according to “Fraud Management in Online Transactions,” a PYMNTS Intelligence and Nuvei collaboration.

The post CDK Global Hackers Tied to 96 Cyberattacks in Past Year appeared first on PYMNTS.com.

The incident occurred on April 14 and was discovered on May 24, the retailer said in a data breach notification filed with the Office of the Maine Attorney General.

The company’s filing identified the incident as “external system breach (hacking).”

In a notification letter sent to affected people on Monday (June 24), Neiman Marcus said that an unauthorized third party gained access to personal information stored in a database platform used by the retailer, including name, contact information, date of birth, and Neiman Marcus or Bergdorf Goodman gift card numbers (without gift card PINs).

“Promptly after learning of the issue, we took steps to contain it, including by disabling access to the relevant database platform,” the company said in the letter. “We also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement. We will continue to enhance our safeguards for protecting personal information.”

This incident is the latest in a wave of cyberattacks that have targeted a range of organizations, including city governments, healthcare systems and a sensitive data storage cloud infrastructure platform. 

Neiman Marcus itself also suffered an earlier hack. In September 2021, the retailer notified around 4.6 million online users that their personal data could have been accessed in a data breach dating back to May 2020. 

For the millions of consumers notified about the incident, “approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid,” the company said in a statement released at the time.

It was reported in May that 90% of companies said their cybersecurity risks increased in the last year. Nearly all mid-sized businesses — defined in the report as having between $50 million and $1 billion in revenue — said they felt cyber threats had risen.

Global financial technology provider Adyen estimated in April that 45% of all businesses around the globe fell victim to fraudulent activity, cyberattacks or data leaks in 2023, which marked a 32% increase over 2022’s numbers.

The firm also said that fraudsters scammed retailers out of $429 billion in 2023.

The post Neiman Marcus Reports Data Breach Affecting 64,472 Customers appeared first on PYMNTS.com.

As The Wall Street Journal (WSJ) reported Monday (June 10), online businesses say they are losing customers to fraudsters who use the sellers’ videos, logos and social media posts to steal their identities to sell customers cheap knockoffs or just take their money.

“We used to think you’d be targeted because you have a brand everywhere,” Alastair Gray, director of anticounterfeiting for the International Trademark Association, a nonprofit representing brand owners, told the WSJ.

“It now seems with the ease at which these criminals can replicate websites, they can cut and paste everything.”

As the report notes, technology has been something of a double-edged sword for small businesses: It lets them connect with customers around the world, while also helping these copycats, who are using artificial intelligence (AI) tools to avoid the language or spelling errors that can indicate fraud.

And while giant companies like Amazon and Meta have the tools to block misleading ads, fake accounts or counterfeit goods, smaller businesses are in a different situation, said Thomas Moga, a patent attorney in Bloomfield Hills, Mich.

“Large corporations have the in-house ability or can connect with outside counsel to monitor and take down content. They are multilingual,” he said. “Individuals and small businesses don’t have that at the ready. They are really at a significant disadvantage.”

The report follows news from last month about a criminal network of over 75,000 fake eCommerce shops that has scammed more than 800,000 shoppers in the U.S. and Europe. Victims visited these scam shops in search of deals on things like shoes and apparel, and instead had their credit card information stolen.

It’s a tactic known as “triangulation fraud,” a complex scam that leverages the interconnectedness of global eCommerce platforms to exploit both businesses and consumers, who run the risk of having their identity stolen as well as being scammed.

“For businesses, the impact of this type of triangulation fraud can be devastating, and result in a surge of things like chargebacks that not only affect the bottom line but can also damage a company’s reputation and its relationship with payment processors,” PYMNTS wrote.

PYMNTS also spoke recently with Mike Lemberger, senior vice president, chief risk officer, North American Region at Visa, about the growing threat of triangulation scams.

Criminals are “using tools to automate this,” he said. “They’ve got skimmers set up on their site. Larger businesses, they may have some tools inside to prevent fraud and scams … but smaller businesses typically have a little less sophistication.”

The post Scammers Pose as Small Business to Sell Knockoff Goods appeared first on PYMNTS.com.

And with the news Wednesday (May 8) that a criminal network of over 75,000 fake eCommerce shops has scammed over 800,000 shoppers in the U.S. and Europe, embracing digital innovation while at the same time ensuring payments security is top of mind for businesses, particularly smaller ones just starting their online journey. 

That’s because there is a growing juxtaposition where many of the modern tools that are helpful in growing and scaling a small business, like creating an eCommerce site or building a presence across consumer review platforms, are also being used by fraudsters and bad actors for illicit purposes. 

Per the report, the cybercriminal network’s fake eCommerce sites processed over a million orders with an aggregate order volume of $50 million during the past three years. Victims accessed the scam web shops hoping for deals on items like designer shoes and apparel, but instead had their credit card information stolen. 

This tactic is known as triangulation fraud, and its mechanics are complex, leveraging the interconnectedness of global eCommerce platforms to exploit consumers and businesses alike. At its core, triangulation fraud involves a fraudster setting up fake storefronts on popular online marketplaces or creating standalone eCommerce sites that offer high-demand goods at below-market prices.

Of course, the goods — if they ever arrive — tend to be counterfeit, while equally counterfeit payment pages are used to collect victims’ contact and credit card details. 

The sheer scale of the newly uncovered operation highlights the sophisticated methods employed by fraudsters to exploit the online retail ecosystem, as well as underscores the need for businesses to remain vigilant against today’s dynamic threat backdrop. 

Read more: How Small Businesses Can Optimize Their eCommerce Efforts

A Deal That Sounds Too Good To Be True Probably Is 

For consumers, the immediate allure of below-market prices on high-demand goods can be tempting, but the risks are considerable. Not only do they end up indirectly supporting fraudulent activities, but they also expose themselves to potential identity theft and financial loss. 

For businesses, the impact of this type of triangulation fraud can be devastating, and result in a surge of things like chargebacks that not only affect the bottom line but can also damage a company’s reputation and its relationship with payment processors.

Last week (May 2), PYMNTS spoke with Mike Lemberger, senior vice president, chief risk officer, North American Region at Visa, about triangulation scams as a growing problem. He explained that criminals are “using tools to automate this … They’ve got skimmers set up on their site.

“Larger businesses, they may have some tools inside to prevent fraud and scams … but smaller businesses typically have a little less sophistication,” Lemberger added, emphasizing that Visa is seeing smaller businesses across three main categories being vulnerable: traditional Main Street businesses; online-only stores; and businesses within the creator and content economy.

“If you’re taking payments online, there are vulnerabilities there,” Lemberger said. 

Combating or protecting against triangulation fraud requires a multi-faceted approach. Enhanced security measures, such as improved verification processes and fraud detection algorithms, are becoming essential for identifying and preventing fraudulent transactions. 

But consumers also play a critical role by remaining vigilant, reporting suspicious activities and avoiding deals that seem too good to be true — and that role makes education and awareness of web shop scams crucial. 

Read more: Consumers Dissatisfied by Small Merchants’ Digital Presences

How Online Security Supports Online Growth 

The rise in the industrialization and scale of online crimes is happening against a backdrop where more and more businesses are embracing online sales channels as a growth engine and business pillar. 

As PYMNTS’ Karen Webster observed in a feature last fall: “It takes three minutes between meetings to place an order on Instacart — it takes 60 minutes or more to drive to and from the store and shop.”

And PYMNTS Intelligence has found nearly eight in 10 Main Street businesses use online channels, while an additional 16% are interested in implementing them. Moreover, the average Main Street small business generates half its sales via online channels. Main Street retail businesses lead the way, generating 54% of their sales from these channels. 

At the same time, according to separate PYMNTS Intelligence in the report, “Fraud Management in Online Transactions, 82% percent of eCommerce merchants have experienced cyberattacks or data breaches in the last year. That’s likely why 95% of eCommerce merchants said they have either begun revamping their anti-fraud capabilities or are committed to doing so soon.

As for consumers, it’s important for them to remember to only give out their credit card and payment information to trusted and reputable vendors and websites. 

The post Online Merchants Grapple With Surge in Sophisticated Counterfeit Goods Scheme appeared first on PYMNTS.com.

And that’s bad news for small businesses, whose lack of resources and challenges when accessing financing often leaves them ill-prepared for fraud schemes and scams — particularly given the shot in the arm that innovations like artificial intelligence (AI) have given to bad actors.

“Larger businesses, they may have some tools inside to prevent fraud and scams … but smaller businesses typically have a little less sophistication,” Mike Lemberger, senior vice president, chief risk officer, North American Region at Visa, told PYMNTS CEO Karen Webster.

With the use of generative artificial intelligence (GenAI) and other emerging technologies, scams are more convincing than ever, leading to unprecedented losses for consumers, and Lemberger highlighted the emergence of “triangulation fraud” schemes — a complex process where scammers set up fake websites offering high-demand goods at significantly reduced prices.

Unsuspecting buyers, lured by the promise of a deal, input their payment credentials, which the scammers then use to purchase real products using another victim’s stolen credentials. The buyer receives the item, unaware of the illicit process behind their transaction, while the scammer profits from the price difference and potentially uses the buyer’s credentials for future scams, Lemberger explained.

“They’re using tools to automate this … They’ve got skimmers set up on their site,” he added.

This level of complexity not only allows scammers to steal directly from consumers but also to maintain a facade of legitimacy, often receiving high ratings from satisfied customers who are oblivious to the scam.

In just one month of 2022 alone, the payments industry estimated triangulation fraud led to merchant financial loss of $660 million to over $1 billion.

Businesses and Consumers Are Vulnerable

The calculated strategies fraudsters employ to deceive both businesses and consumers are catching fire across today’s digital environment, where purchases increasingly happen online. 

It has created a juxtaposition where a lot of the tools that are very helpful in getting small businesses off the ground, such as creating a website and a social presence, are also being used by fraudsters to penetrate their defenses. 

“If you’re taking payments online, there are vulnerabilities there,” stressed Lemberger.

He said Visa is seeing a lot of smaller businesses being vulnerable in three main categories: traditional Main Street businesses; online-only stores; and businesses within the creator and content economy.

Main Street businesses tend to be vulnerable on the supply side and via omnichannel attack vectors; while online stores suffer from first-party fraud, triangulation scams and other digitally native schemes. Content creators can be vulnerable through the payments and micropayment mechanisms they rely on for their livelihoods, as well as behaviorally driven scams.

One of the key takeaways, Lemberger said, is the critical role of awareness and education in preventing fraud. The allure of an unbeatable deal often clouds judgment, leading consumers and businesses alike to overlook potential red flags.

Fighting Fraud Is a Team-Based Effort

Lemberger emphasized the importance of collaboration within the network to combat fraud.

“We’re only as good as the community,” he said. “Visa doesn’t have the silver bullet for every fraud.”

He highlighted ongoing efforts to stay ahead of scammers, including investing in technology and sharing information across the network to identify and address emerging patterns of fraud.

The fight against fraud demands a collective effort. And as businesses and consumers navigate an increasingly digital landscape, awareness becomes paramount. Recognizing the signs of deceit, from suspiciously low prices to unfamiliar payment processes, can mean the difference between falling victim and staying secure.

“If it doesn’t feel right, verify with your financial institutions and use the trusted brands that you know — and that will provide a good layer of protection,” Lemberger said.

Visa’s commitment to sharing insights and investing in innovative technologies reflects a broader imperative within the industry. By fostering a culture of information exchange and leveraging cutting-edge tools, stakeholders can adapt to emerging threats and fortify their defenses against exploitation, Lemberger said.

Ultimately, the battle against fraud is a dynamic one, and businesses and consumers must remain vigilant, educating themselves about the signs of fraud and working together to create a safer business environment for all.

With National Small Business Week coming to a close, it’s never been more important for small businesses and entrepreneurs to protect both themselves and their customers.

For all PYMNTS B2B coverage, subscribe to the daily B2B Newsletter.

The post Visa Stresses Education as Small Businesses Confront Fraud Vulnerabilities appeared first on PYMNTS.com.