Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development

Top Cyber Extortion Defenses for Battling Virtual Kidnappers

Fraudsters Keep Honing 'Crisis-Induced Urgency,' Warns Trend Micro's Craig Gibson
Craig Gibson, principal threat defense architect, Trend Micro

Deepfake and other AI-enabled tools are helping supercharge the arsenal that virtual kidnappers can use against victims, warns Craig Gibson, principal threat defense architect at Trend Micro.

See Also: AI and ML: Ushering in a new era of network and security

Virtual kidnapping refers to extortionists pretending to have abducted an individual and threatening violence or death unless their loved ones or other targets pay up, typically before they end the phone call. Such scams have been steadily rising, according to the FBI.

Gibson said attackers can use SIM hijacking - aka swapping - to take over an individual's mobile phone account, complicating attempts to communicate with the supposedly kidnapped individual. AI-driven, voice-faking tools can make it sound as if the purported abductee is pleading for help.

Such tactics play on victims' emotions, stoking a "crisis-induced urgency" for them to act quickly, which is what the fraudsters want, Gibson said. "Crisis overrides a lot of the hesitancy that may come from other kinds of social engineering, like helping a Nigerian prince engage in fraud or something like that."

In this video interview with Information Security Media Group at Black Hat Europe 2023 in London, Gibson also discussed:

  • How fraudsters refine their use of social engineering and technology to make for more convincing blackmail and other extortion schemes;
  • Nontechnical tactics and techniques - such as "secret knowledge" shared between a family or employees - that can foil such scams;
  • Advice for employing more sophisticated, identity-based signals within a zero trust framework to mitigate many threats, including virtual kidnapping.

Gibson's research is dedicated to the threat landscape of government, health, banking and the telecommunications sectors. He has served on a United Nations delegation to China and spoken internationally on such topics as telecommunications, public safety, payment cards, securing voice services, wiretapping and SIM swapping.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.