A recent monograph by the Federal Reserve Bank of Richmond outlines the evolution of scams from old school to high-tech.
A century ago, growing use of checks spawned the crime of kiting, covering one bad check with another. Then crooks began stealing checks from the mailbox and “washing” the ink with solvent. In some cases, thieves lowered glue-covered bottles on strings into Postal Service mailboxes to snag envelopes.
Scammers have graduated from fishing to phishing, utilizing artificial intelligence tools including large language models like Chat GPT to ensnare more victims than ever. Cybersecurity software firm Imperva estimates that scamming apps account for 37% of all internet traffic. While law enforcement and financial institutions are on the case, traps are increasingly realistic and demand a heightened level of diligence on the part of consumers.
The scourge of AI-enhanced cybercrime has taken a giant leap forward with the despicable emergence of Southeast Asian cybercrime factories employing victims of human trafficking to mass produce attacks at a previously unimaginable scale. These enterprises, known locally as scam compounds, are operated by organized crime with near impunity and employ a mix of high-tech tools old-fashioned slave labor to victimize people around the world, including billions in fraud against Americans each year.
A lucrative gambling industry flourished in Asia throughout the 2010s. However, a crackdown in 2019 by the Cambodian government followed by China’s 2020 COVID travel restrictions severely constricted the region’s wagering revenue and left dozens of casinos, hotels and resorts largely empty.
Owners of these unused facilities colluded with Chinese criminal gangs to convert these buildings and their infrastructure into armed camps dedicated to AI-driven mass scamming operations operated by imprisoned laborers. Workers are lured by professional looking advertisements on social media promising high-paying careers in marketing, hospitality and information technology. Once they arrive, they discover a very different reality, often forcibly retained within compounds surrounded by barbed wire and guard towers cranking out cyber scams including social engineering and deepfake attacks at an industrial scale.
Experts believe that hundreds of compounds exist across the region. The U.S. Institute of Peace reports that Asian cybercrime accounts for 40% of the total GDP of Cambodia, Laos and Myanmar. The agency believes that 500,000 people are imprisoned in these compounds by physical force or coercion, and many are subject to punishment including isolation in “dark rooms” or even physical torture for failing to meet production quotas.
Revenue is often redirected into drug production and arms trafficking by organized crime, corrupt local officials and even the military junta ruling Myanmar. Massive money laundering operations utilizing cryptocurrencies also flourish, along with seedy recruiters and brokers that specialize in snaring recruits and even trading captives among scam factory operators.
Workers sit for up to 12 hours at banks of computers blasting out texts and emails by the millions in search of potential victims. Messages are increasingly believable thanks to AI tools that can scrape public social media and include personal information to convince a target that the sender knows them. Once the scammer receives a response, the long game begins.
Trafficked workers follow a scripted procedure to build a phony relationship over weeks or months, gradually gaining the victim’s trust and often cultivating an imagined romantic relationship. Once the trap is set, the scammer solicits a large investment in a bogus scheme or obtains personal information to clean out accounts. The derogatorily descriptive Chinese term for this scam translates into “pig butchering.”
Scam compounds also create authentic-looking deepfake audio or video to impersonate government officials like IRS agents demanding payment of tax penalties or even loved ones seeking financial assistance. They operate bogus e-commerce operations selling nonexistent products and perpetrate malware attacks and other cyber scams. And while 90% of this new slave labor crime is based in Southeast Asia, Interpol reports that new hubs are popping up in West Africa, Central America and the Middle East.
Given the increasing volume, sophistication and believability of these new AI-enabled fraud attacks, what can the average person do to minimize the chances of being victimized?
— Be suspicious. Unsolicited communications requesting action, especially the divulging of personal information or movement of money, should always be regarded as a threat. Verify independently by reaching out through a separate channel like a phone call before acting on a message, no matter how believable.
— Limit your digital presence. The more information you post on social media platforms or email promotions you sign up for, the greater the chances your information will be swept up by an AI bot to use in a phishing attack. Maybe 25 cents off your next chili cheese dog isn’t worth the risk.
— Consider codewords. You might create a word or phrase known only to your family that you can use to authenticate in case you are targeted with a deepfake video of Aunt Mabel imploring you to wire her bail money.
— Use multifactor authentication. Most critical applications offer (or mandate) the use of a second step after entering a password, like a text or email verification or an authenticator app on your phone. It’s annoying, but in this age of increasing threats it is essential.
— Fix your passwords. Make your passwords complex (at least 15 characters) including special characters and never reuse a password for more than one account. This use of a password keeper will change your life, eliminating the need to recall them or write them down.
— Beware public Wi-Fi. Scammers are adept at creating fake hotspots that can spoof a familiar public connection and intercept your data. Disable automatic Wi-Fi connections on your devices and use your mobile provider’s phone hot spot whenever possible.
A growing and highly organized cyber scam industry is employing human trafficking and artificial intelligence to ramp up attacks. Awareness and diligence are essential to protect against these insidious threats.
Christopher A. Hopkins, CFA, is a co-founder of Apogee Wealth Partners in Chattanooga.
