Full Report
Deepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here's how to fight back
Analysis Summary
# Main Topic
The increasing sophistication and prevalence of identity theft driven by Artificial Intelligence (AI), specifically through the use of deepfakes, synthetic identities, and advanced AI-powered scams, making detection and prevention significantly harder for both consumers and financial institutions.
## Key Points
- AI-driven fraud now accounts for over two-fifths (43%) of all fraud attempts in the financial and payments sector, with nearly a third (29%) believed to be successful.
- Over a third of banking risk and innovation leaders cite the rise of AI-generated fraud and deepfakes as their biggest current challenge.
- Deepfakes are used to impersonate legitimate users to bypass Know Your Customer (KYC) and biometric checks during account takeovers (ATOs) or new account creation.
- Deepfakes account for 24% of fraudulent attempts against motion-based biometric checks and 5% against static selfie-based checks.
- Digital document forgeries are surging, accounting for over 57% of all document fraud, showing a 244% annual increase, often facilitated by Generative AI (GenAI) for speed and scale.
- Synthetic fraud involves creating new identities by combining stolen and fabricated PII, with 76% of US fraud professionals believing their organization has synthetic customers, surging 17% annually.
- AI assists in automating and scaling credential stuffing attacks by rapidly generating lists of stolen credentials and mimicking human login behavior.
- The impact of this fraud includes severe emotional distress for victims, reduced corporate profits passed on as higher consumer prices, negative impacts on national economies (lower tax receipts), and erosion of public confidence.
## Threat Actors
- Threat actors are employing AI and GenAI tools to enhance their existing identity fraud schemes.
- No specific named threat actors or groups were attributed in the report concerning these general trends.
- Motivations are primarily financial gain through identity theft, account takeover, and synthetic identity fraud.
## TTPs
- **Deepfake Account Takeovers (ATOs) and Creation:** Injecting deepfake audio/video likenesses into the data stream during verification processes to fool authentication systems.
- **Digital Document Forgery:** Altering stolen or template document images (e.g., passports) using tools like Photoshop, accelerated by GenAI.
- **Synthetic Identity Fraud:** Creating entirely new identities by blending stolen PII with fabricated data, subsequently used to open new financial accounts.
- **Virtual Kidnapping:** Using deepfake audio of a victim's voice to trick friends or family into paying ransoms.
- **Credential Stuffing:** Leveraging AI to rapidly generate high-quality lists of stolen credentials for ATOs, potentially including AI-mimicked login behavior.
## Affected Systems
- Financial services KYC/AML verification systems (both motion-based and static selfie biometrics).
- Online banking and payment platforms targeted for account takeovers and new account openings.
- Corporate systems storing Personal Identifiable Information ($\text{PII}$) which is repurposed for synthetic identity creation.
- Consumer devices and accounts targeted by phishing and social engineering tactics ($\text{e.g.}$, virtual kidnapping).
## Mitigations
- **Data Minimization:** Consumers must minimize oversharing PII, audio, and video data on social media and restrict privacy settings.
- **Phishing Awareness:** Scrutinize sender domains, check for typos, and avoid clicking links/attachments in unsolicited communications.
- **Strong Authentication:** Enable Multi-Factor Authentication ($\text{MFA}$) on all accounts.
- **Password Hygiene:** Use strong, unique passwords stored in a reliable password manager.
- **Device Security:** Keep all software updated on laptops and mobile devices.
- **Vigilance:** Regularly monitor bank and card accounts for suspicious activity and freeze accounts immediately if anomalies are detected.
- **Defense in Depth:** Install multi-layered security software from reputable vendors on all devices.
- **Education:** Stay informed about the latest AI-powered fraud tactics and educate friends/family about deepfakes.
## Conclusion
The rise of AI-powered tools has fundamentally escalated the threat landscape for identity fraud, shifting tactics toward advanced synthetic identities and convincing deepfakes that evade traditional controls. While organizations are defending with AI, the most immediate and effective countermeasures for individuals revolve around stringent PII hygiene, robust digital security practices ($\text{MFA}$, password management), and heightened awareness of novel social engineering scenarios like virtual kidnapping. This arms race necessitates continuous adaptation from consumers to avoid being caught in the middle.