A leading UK security agency has warned of AI-generated fraud in the coming weeks, after citing new figures that shoppers lost £10.6m ($13m) to scams last festive season.
The National Cyber Security Centre (NCSC) referenced new research from the National Fraud Intelligence Bureau (NFIB), run by the City of London Police.
Also known as Action Fraud, the NFIB has yet to officially publish the stats, but the NCSC claimed they were based on victim reports to the bureau between November 2022 and January 2023.
Over half (51%) of these reports cited social media as the medium by which victims were defrauded, with estimates calculating that each victim lost £639 on average. Most likely to fall victim were 25-34-year-olds, followed by the 35-44 and 18-24 age groups.
Read more on holiday season scams: FBI: 2021 Holiday Season Fraud Could Exceed $53m
The NCSC warned that online scammers are likely to use AI tools to scale up convincing fraud campaigns such as phishing emails, fake adverts and bogus websites this Christmas. These tactics are designed to trick victims into giving away their personal and financial details and/or unwittingly installing malware.
Generative AI (GenAI) is particularly good at composing text in fluent local languages, helping to overcome a major handicap many non-native speaking fraudsters have.
However, while users may no longer be able to spot a phishing email by the quality of the grammar and spelling, they should still be able to watch out for other warning signs, the NCSC said.
Such campaigns typically try to create a sense of urgency for the victim to respond, they may exploit current events like Black Friday, and they may target items in short supply, which eager shoppers want to snap up.
“Regrettably, cyber criminals view this time of year as an opportunity to scam people out of their hard-earned cash, and the increased availability and capability of technology like large language models is making scams more convincing,” argued NCSC COO, Felicity Oswald.
“I would urge shoppers to follow the steps in our online shopping guidance, which includes setting up two-step verification and using passwords with three random words, so they’re easier to remember and harder to hack.”