fraud Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :


Is generative AI the next big cyber threat for businesses?

960 640 Stuart O'Brien

By Robert Smith, Product Manager, Cyber Security at M247

Unless you’ve been living under a rock over the past twelve months, you will have heard all about ChatGPT by now.

A shorthand for ‘Chat Generative Pre-Trained Transformer’, the smart chatbot exploded onto the tech scene in November last year, amassing 100 million users in its first two months to become the fastest growing consumer application in history. Since then, it has piqued the curiosity of almost every sector – from artists and musicians to marketers and IT managers.

ChatGPT is, in many ways, the poster child for the new wave of generative AI tools taking these sectors by storm – Bing, Google’s Vertex AI and Bard, to name a few. These tools’ user-friendly interfaces, and ability to take even the most niche, specific prompts, and convert them into everything from artwork to detailed essays, have left most of us wondering: what is next for us, and more specifically, what is next for our jobs? So much so that a report released last year found that nearly two thirds of UK workers think AI will take over more jobs than it creates.

However, while the question around AI and what it means for the future of work is certainly an important one, something that is too often overlooked in these discussions is the impact this technology is currently having on our security and safety.

The threat of ‘FraudGPT’

According to Check Point Research, the arrival of advanced AI technology had already contributed to an 8% rise in weekly cyber-attacks in the second quarter of 2023. We even asked ChatGPT if its technology is being used by cyber-criminals to target businesses. “It’s certainly possible they could attempt to use advanced language models or similar technology to assist in their activities…”, said ChatGPT.

And it was right. Just as businesses are constantly looking for new solutions to adopt, or more sophisticated tools to develop that will enhance their objectives, bad actors and cyber-criminals are doing the same. The only difference between the two is that cyber-criminals are using tools such as AI to steal your data and intercept your devices. And now we’re witnessing this in plain sight with the likes of ‘FraudGPT’ flooding the dark web.

FraudGPT is an AI-powered chatbot marketed to cyber-criminals as a tool to support the creation of malware, malicious code, phishing e-mails, and many other fraudulent outputs. Using the same user-friendly prompts as its predecessor, ChatGPT, FraudGPT and other tools are allowing hackers to take similar shortcuts and produce useful content in order to steal data and create havoc for businesses.

As with any sophisticated language model, one of FraudGPT’s biggest strengths (or threats) is its ability to produce convincing e-mails, documents and even replicate human conversations in order to steal data or gain access to a business’ systems. Very soon, it’s highly likely that those blatantly obvious phishing e-mails in your inbox may not be so easy to spot.

And it doesn’t stop there. More and more hackers are likely to start using these AI-powered tools across every stage of the cyber ‘kill chain’, leveraging this technology to develop malware, identifying vulnerabilities, and even operate their malicious attacks. There are already bots out there that can scan the entire internet within 24 hours for potential vulnerabilities to exploit, and these are constantly being updated. So, if AI is going to become a hacker’s best friend, businesses will need to evolve and adopt the latest technology too, in order to keep pace with them.

What can businesses do?

To start with, IT managers (or whoever is responsible for cyber-security within your organisation) must make it their priority to stay on top of the latest hacking methods and constantly scan for new solutions that can safeguard data.

Endpoint Threat Detection and Response (EDR) is one great example of a robust defence businesses can put in place today. EDR uses smart behavioural analysis to monitor your data and the things you usually do on your devices, and can therefore detect when there are even minor abnormalities in your daily activities. If an EDR system detects that an AI has launched an attack on your business, it can give your IT team a heads up so they can form a response and resolve the issue. In fact, most cyber insurers today insist that businesses adopt EDR as a key risk control before offering cover.

Cyber-security providers, such as Fortinet and Microsoft, have already begun incorporating AI into their solutions, too, but making sure you have the latest machine learning and AI (not just simple, predictive AI) operating in the background to detect threats will give your business the upper hand when it comes to hackers.

And finally, educate your workforce. Although many are worried that AI will overtake us in the workplace and steal our jobs, it’s unlikely the power of human intuition will be replaced anytime soon. So, by arming your team with the latest training on AI and cyber-threats – and what to do when they suspect an AI-powered threat is happening – you can outsmart this new technology and keep the hackers at bay.

International Fraud Awareness Week – Hear from the experts

960 640 Stuart O'Brien

Fraud is not a new concept – far from it. Since the dawn of time, fraudsters have looked to take advantage of circumstance and innocent people have fallen victim as a result. But, in our digital age, fraud is more prevalent than ever before. That’s why this International Fraud Awareness Week, we spoke to three experts in the field; to find out more about how organisations can protect themselves and their customers. Here’s what they had to say:

Ben Fraser, Global Head of Business Development, Insurance at Endava  

“As we enter International Fraud Awareness Week this year, it’s a startling realisation that fraud continues to plague consumers despite leaps and bounds in cybersecurity. Last year alone, scam attempts rose by 33%, resulting in £2.3bn in losses for consumers. As fraud continues to rise, the question needs to refocus not just on how we can prevent fraud, but also how consumers can take matters into their own hands.

“Part of the answer the answer may lie within embedded insurance, which allows insurers to reach consumers where they live and work: through offering solutions when they’re needed most, whether that’s while consumers are shopping online, checking their bank details, comparing cars for purchase, or looking for vets. 

“The concept of embedded insurance exists in a limited form today. There is, however, plenty of opportunity for insurers to better integrate solutions to eliminate the effort in consumers having to seek out support themselves, making it easier than ever to protect themselves from bad actors across their digital footprints. 

“As we head into International Fraud Awareness Week, hopefully we will see more of just that: better awareness of how technology can accelerate and combat the multiple threats we’ve see escalate as we all move toward a digital-first lifestyle. Making sure consumers have easy access to insurance is one – but one critical – element of that, and will go a long way in making sure consumers feel safe when heading online, flashing some cash, or hitting the road.”

Raj Samani, Chief Scientist and McAfee Enterprise fellow:

“International Fraud Awareness Week comes as a timely reminder that enterprises and individuals should all take time to shore up their cyber defences. The threat landscape is constantly evolving, and cybercriminals are expanding their tactics and target groups. As well as posing a threat to individuals across the country, fraud and scams intensify the threat for businesses. Today, many employees are accessing work files and information across both corporate and personal devices, meaning that while criminals could be targeting an individual, the end goal could be accessing sensitive enterprise information. Unfortunately, this threat has continued to increase due to the pandemic, with our research finding that 57% of UK organisations experienced increased cyber threats during COVID-19.

“To tackle rising fraud threats, businesses need to educate their workforce on best practices, such as reporting any suspicious activity, questioning whether a link is dodgy, or thinking before accepting an unknown phone call. Employees must be aware of and vigilant against threats to avoid making it too easy for criminals to cash in on both personal and company data.   

“It is also crucial that organisations deploy the necessary security protections across their enterprise. For example, they should adopt a Zero Trust mindset that can help them maintain control over access to the network and all instances within it, such as applications and data, and restrict them if necessary. By taking these measures, organisations can rest easy knowing that they have taken the correct steps to protect themselves and their workforce from cyber-led scams.”

Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business, Nuance Communications

“Fraud Awareness Week acts as a reminder to businesses and consumers alike that cyber security solutions and fraud prevention tools are no longer optional, especially in our current climate. Indeed, new research from Nuance has found that on average victims of fraud lost over £3,300 each in the last 12 months – three times higher than in 2019.”  

“As we transition into a post-pandemic world of remote working, shopping and socialising, it has never been more important for businesses to ensure that users are provided with a more sophisticated and secure experience. Now is the time to confine PINs and passwords to the history books, so that modern technologies – such as biometrics – can be more widely deployed in order to robustly safeguard customers. 

“Biometric technologies authenticate individuals immediately based on their unique characteristics – taking away the need to remember PINs, passwords and other knowledge-based credentials prone to being exploited by scammers and providing peace of mind, as well as security, for end-users.” 

Save £35k by deleting emails from your CEO

960 640 Guest Post

You work in finance. You get an email from your CEO addressing you by your first name, apologising for the late Friday email, but requesting you make an urgent payment to a regular supplier, with account details helpfully provided in the email. You’d pay it, right?

CEO fraud is an increasingly common type of phishing attack, where a threat actor impersonates a senior executive, and attempts to coerce an employee into transferring funds or personal information to the attacker’s account.

The average cost of this attack has risen to £35,000, but how do they keep getting away with it? Check out the latest advice from Corvid:

Home Office announces Government Counter Fraud Profession division

960 640 Stuart O'Brien

The Home Office has this week announced the Government Counter Fraud Profession (GCFP), which will create a new community of counter fraud specialists across government, with benefits for both individuals and organisations.

The GCFP will enhance the structure of the Government’s counter fraud capability and put the UK Government in a better position to find and fight fraud and economic crime.

The launch of the profession represents the culmination of two years work, with over 100 organisations having been involved in its development. It will provide counter fraud specialists across Government organisations with a common framework of Professional Standards and Competencies.

It will also introduce a Professional Skills Platform (PSP), a web-based tool through which members can register their knowledge, skills, and experience, and self-assess against a range of counter fraud roles.

According to the Home Office, by having common standards, organisations will be able to identify what skills they do, and do not, have and get those skills to the right areas. They will also be provided with the ability to improve access to counter fraud capability and help deliver better quality products, whether fraud investigations, risk assessments or data analytics. Working with a common framework of standards, organisations will also be able to share learning programmes and develop new initiatives together.

The Profession will move beyond a focus on investigation and will look more at preventing and understanding fraud. This is because the GCFP recognises that to build a world-class counter fraud capability in the public sector, the UK needs a professional structure that recognises the complexity of counter fraud activity.

“I am pleased to be announcing that the government will launch the new Counter Fraud Profession on the 9th October,” said Minister for the Constitution Chloe Smith.

“The launch of the GCFP will make the UK a global leader in the professionalisation of counter fraud and will give our specialist staff an excellent and well-deserved opportunity for career progression within the discipline.

“This government remains committed to tackling fraud in any capacity, including against the public purse, and this new Profession is one way we are enhancing our ability to do so.

“In recognition of our global lead in this field, our international partners have already asked us to lead an international working group in this area. The GCFP will continue to be flexible, evolving in line with the needs of its members, and the changing threat posed by fraud and economic crime.”