GenAI tools amplify online fraud risks, report reveals

A new in-depth report from Transmit Security’s Research Lab, titled "The GenAI-Fueled Threat Landscape: A Dark Web Report," highlights the growing threat posed by generative AI (GenAI) platforms in the context of online fraud. The report, derived from continuous investigation by a team of fraud analysts, examines the evolution of dark web marketplaces and fraud tools following the release of ChatGPT, revealing an alarming trend of increased capability and accessibility for fraudsters.

The report underscores how easily accessible blackhat GenAI tools, such as FraudGPT and WormGPT, are lowering the barrier for novice fraudsters. Richard Metcalfe, Regional Vice President for Asia Pacific and Japan at Transmit Security, stressed the critical need for a unified approach to counter these threats. "The AT&T breach underscores the critical need for a unified approach to customer identity, identity verification, and fraud prevention," Metcalfe stated. "By removing silos and maintaining a contextual view of the customer throughout their entire journey, financial institutions can significantly reduce gaps and vulnerabilities, and increase the detection and prevention of these scams."

One of the key findings from the report is the proliferation of GenAI tools that require minimal expertise to use. These tools automate the creation of malicious code, data harvesting, and the execution of highly deceptive fraud campaigns. They have significantly increased the volume, velocity, and variety of these attacks, making it easier for fraudsters to operate on a global scale.

The report also highlights the enhanced techniques facilitated by GenAI, such as automated penetration testing (pentesting), which allows fraudsters to identify and exploit vulnerabilities within enterprise systems quickly. Moreover, the creation of synthetic identities has become increasingly sophisticated, enabling fraudsters to generate high-quality fake IDs that can bypass even AI-driven identity verification systems.

In addition to tools, the dark web marketplaces support a robust ecosystem where various fraudulent services are offered. These marketplaces provide remote desktop protocols (RDPs), credit card checkers, and other resources. They also include high seller ratings and escrow services, ensuring product efficacy and fostering a community of collaboration among fraudsters.

David Mahdi, Chief Identity Officer at Transmit Security, noted, "Fraudsters are doing a much better job working together as a community, collaborating, and sharing information on GenAI tools and techniques." This collaboration poses a significant challenge for IT leaders who must stay ahead of rapidly evolving threats by leveraging advanced technologies.

The report's findings are particularly relevant for regions such as Australia and New Zealand, where there has been a significant rise in sophisticated scams and fraud cases. According to the Australian Payment Fraud Report, fraud on payment cards increased by 35.6% in the 12 months leading up to June 2023, amounting to AUD $677.5 million. Additionally, during Fraud Awareness Week, the New Zealand banking ombudsman highlighted an increase in unauthorised payment scam cases, costing New Zealanders over NZD $200 million annually.

To counter these threats, the report recommends that organisations implement converged fraud prevention, identity verification, and customer identity management services powered by GenAI, AI, and machine learning. By adopting a unified and smart defence strategy, organisations can remove data silos, close security gaps, and detect and stop advanced fraud more effectively.

For a more comprehensive understanding of these evolving threats and detailed mitigation strategies, the full report, "The GenAI-Fueled Threat Landscape: A Dark Web Research Report by Transmit Security," is available for further reading.