Apr 29 2024

AI-Fueled Scams

Digital life is getting more dangerous.  Literally every day I have to fend off attempts at scamming me in one way or another. I get texts trying to lure me into responding. I get e-mails hoping I will click a malicious link on a reflex. I get phone calls from people warning me that I am being scammed, when in fact they are just trying to scam me. I even get snail mail trying to con me into sending in sensitive information. My social media feeds are also full of fake news and ads. Some of this is just the evolution of online scamming, but there has also been an uptick due artificial intelligence (AI). It’s now easier for scammers to create lots of fake content, and flood our digital space with traps and lures.

Here is just one example – have you heard yet of “cloaking”. Facebook uses algorithms to filter out fake or malicious ads on their site. But scammers have quickly figured out how to bypass the filters. They use AI generated fake news articles with links to more information. Those links go to malicious pages that will try to get money from you. Facebook will block ads that direct to malicious webpages. So the scammers “cloak” their behavior by linking to a benign page first. Once they get approval from Facebook, they then add a redirect from the benign page to their malicious scamming page.

Facebook says it will remove such pages when they are brought to their attention, but this is not adequate. The scammers only need to be up and running for a short time. Once Facebook catches up to them, they just create new fake ads directing to their malicious page. AI makes it easy to create lots of fake content for this purpose. Facebook also says that now that they are aware of this phenomenon they will try to account for it, to filter out such cloaking pages from the start. That is much better, but again we are just in a digital arms race. The scammers will find some other workaround and exploit that as long as they can.

This is just one of countless examples. To me it seems like the situation is unsustainable. Online scams jumped to $12.5 billion in 2023 in the US, up from 10.2 the year before. That is certainly an underestimate and only includes reported losses. Individuals can lose thousands, even their life savings. With so much money to be made, there is a massive motivation for scammers to be tireless and creative.

Of course individuals need to protect themselves. Essentially you have to be suspicious of every single interaction you have on any media. Anyone who initiates contact is immediately suspect. Don’t click links that are sent you, never give out personal information, and double check everything. While this is good advice, it’s also exhausting, and it seems like a matter of time before you slip up. As hyperaware as I am of all this, I have come close to clicking links I shouldn’t have, usually because of a coincidental alignment between something I have legitimately done online and a phishing scam. But that, of course, is what they do – send out e-mails hoping for a chance hit with a small percentage of people, who will click through as a reflex.

Also there are many people who are vulnerable, and are unlikely to be vigilant or savvy enough to filter out every attempt at scamming them. As a group, older individuals tend to be less tech savvy and also may be experiencing some degree of cognitive impairment. They are deliberately targeted for this reason. Also, at the end of their life they are more likely to have considerable savings.

At this point it seems that the institutions that should be protecting the public from theft and fraud are mostly failing. Government agencies are likely doing their best but have limited power and resources. Tech giants are simply doing too little, probably for a complex set of reasons. In the end the consumer is mostly left to fend for themselves. We shouldn’t have to live our lives one innocent mistake away from financial ruin.

I don’t think that incremental safety measures, like what Facebook is talking about, are enough. Again, this is just an endless arms race, and the scammers only have to be one tiny step ahead to have a space in which they can operate. I think we need systemic change. We need multiple layers of automatic protection built into the very functioning of not only social media and other digital outlets, but the internet itself. We need to squeeze that space that scammers operate in down as small as possible. I don’t know the exact details these protections will take, that is for the experts to determine. But something like more robust digital identification would be nice. It should not be possible to give your identity away to someone else. The system needs to have better filters in place so that the scams never reach their marks.

I suspect these protections will have to involve AI. Imagine if every scam were identified by sophisticated AI algorithms and shut down before they can cause harm. Yes, the scammers can have their own AI, but this is why the government and tech giants need to dedicate massive resources to this protection. It needs to be much bigger than the scammers can manage. You have to make it cost more to bypass the scam filters than you will get from the scam. You have to making online scams unprofitable.

This may be just shifting the cost, but that is reasonable. We do that all the time – it’s called insurance. Everyone shoulders a bit of the cost, through our taxes, and everyone is then protected from catastrophic loss. The government pays the cost up front, and the rest of us can go about our lives without having to spend precious intellectual capital fending off countless scams.

In addition we need more robust cybersecurity in the form of hunting down online scammers and putting them in prison for a long time. We have to make the risk vs benefit not worth it. Of course, this will require international cooperation. Most lawful countries will want to cooperate. Unlawful countries that are cooperating with or are the scammers (I am looking at you, Nigeria) should be the target of severe sanctions. This should be treated as seriously as invading another country’s borders. That is what is happening, digitally. Our digital security is rapidly becoming as or more important than our physical security, and the two are blending together. Cybersecurity is also necessary for our democracy to function. Russia used social media to influence the 2016 presidential election. What you may think about the results likely depends on your political ideology, but either way, that election was not Russia’s to influence.

This might need a cabinet level position – the secretary of cybersecurity. Whatever form it takes, I really believe we should be dedicating orders of magnitude more resources to the problem than we are. We are still in reactive mode, when we need to get seriously proactive.  I’m sure I am not aware of everything that is happening behind the scenes, but I know the net effect is inadequate. Scams are skyrocketing, costing innocent people billions and threatening our democracy. I would love to see this as a primary topic of upcoming presidential debates and media coverage.

No responses yet