Identity thieves are increasingly turning to AI to set businesses up in advance of a scam.
Identity thieves know that the warmer the introduction to the mark, the person they’re attempting to scam, the easier the scam becomes. And the easier it can be to make the target overlook any discrepancies in a transaction or application.
Here’s how one of those setups might work at a car dealership.
It will start with an e-mail to a salesperson at the dealership inquiring about a certain car on the lot. “Hey, I was driving past and I noticed that lime rush 4Runner on your lot. Is that new or used?”
That simple question can launch a conversation, and eventually a relationship, with the recipient. For example, it could be followed up with “it’s not for me but my wife. She just loves that color.”
In the signature at the end of the e-mail there’s a link – and a trap.
For example, the signature could identify the sender/scammer as, say, a junior partner at a law firm, and clicking on that link will take the recipient to a completely legitimate website for that law firm.
A website that lists all partner bios (including that of the sender), a complete management team, articles and blogs, media stories, social media, testimonials and reviews, contact information, address and so on.
Except it’s all completely fake and all completely generated by AI. In one recent demo, a security team used AI to create just such a site, including a shopping cart capable of stealing credit card information, and in just a few minutes and at the press of a button was able to create hundreds of similar websites.
The goal of the thief is to persuade the dealership that they’re a legitimate, credible, and verified entity before they ever even show up at the dealership or provide any documentation.
It’s a simple form of social engineering that can help make the transaction more plausible, and maybe even trick the dealer into turning a blind eye to any discrepancies or suspicions.
Maybe they don’t want to inconvenience or irritate a lawyer planning on buying an expensive car, or maybe they’re hoping for referrals to other employees or clients of that firm.
Criminals call them comfort clues. Instead of brightly waving red flags, they can be subtle clues to help trick the recipient into trusting the thief before they even meet.
It’s all about building trust, context, background, and believability that a busy dealership could easily fall for.