Phishing scams are evolving! ML crafts hyper-realistic emails & voice calls to steal money. Learn how to protect yourself and your business from these multilingual threats
Phishing emails have long been a favorite tool for cybercriminals looking to steal financial information. But as technology evolves, so do their tactics. One of the most alarming new trends is the use of machine learning (ML) to run sophisticated multilingual scams.
With ML, scammers can craft convincing, personalized messages to target victims worldwide, bypassing traditional security measures. The days of obvious red flags, like poor grammar or awkward phrasing, are gone.
This blog post delves into how scammers use ML for Business Email Compromise (BEC) and voice scams. Read on to discover our tips for protecting yourself and your business from these growing threats.
Understanding BEC scams
Business Email Compromise (BEC) is a scam where cybercriminals use email to trick organizations into transferring money or sharing sensitive information. These attacks often involve impersonating a trusted figure within the company, such as a CEO, CFO, or a known vendor, to deceive victims.
Scammers research the target organization and its key individuals to craft convincing emails. They may gain unauthorized access to real email accounts or spoof email addresses to appear legitimate.
Fraudulent emails often request:
- Wire transfers: Instructions to wire money to an account controlled by the scammer.
- Bank detail changes: Requests to update payment details for future transactions, redirecting funds to the scammer’s account.
- Sensitive Information: Demands for confidential company information (e.g., employee tax details or financial records).
BEC is particularly dangerous because it doesn’t rely on malware or phishing links. Instead, all attackers need is an email account and social engineering techniques.
The true cost of BEC scams
BEC attacks can lead to severe financial losses and data breaches. Just look at this staggering figure from the FBI: BEC scams have drained over $43 billion from businesses in recent years.
You may have heard of the groups “Midnight Hedgehog” and Mandarin “Capybara”. The former uses email spoofing to trick executives into paying for non-existent services, while the latter specializes in payroll diversion attacks.
For instance, one of Midnight Hedgehog’s scam templates involves the “CEO” urgently requesting a payment ranging from $17,000 to $45,000 from a UK company. The tricky part? The email is written in multiple languages to match the victim’s location and native tongue.
Combined, these groups have launched BEC attacks in over a dozen languages, including Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Spanish, and Swedish. A feat accomplished through translation tools and machine learning (ML) technologies.
How email fraudsters are upping their game
Here’s how scammers are using ML-powered tools to make their scams more convincing:
- Generating realistic text: Fraudsters train models on large datasets to craft emails with natural-sounding language. They can even replicate the tone and style of specific individuals, like your boss.
- Automated translation and localization: Advanced algorithms translate scam emails into different languages while keeping cultural nuances and idiomatic expressions intact.
- Personalization: ML can personalize scam emails with details about the recipient, gleaned from social media or other sources. This makes the emails seem more credible and less suspicious.
These tactics work. Employees receive well-crafted messages written in their language, with perfect spelling and grammar. Plus, they come from a trusted source (e.g., their boss) and even the sender’s writing style
It’s easy to see how these scams can trick individuals into following instructions, posing a significant risk for businesses.
Beyond emails: AI-enabled voice scams
ML isn’t limited to emails – it’s also driving a new wave of voice scams. Just a few seconds of audio; that’s all it takes for scammers to create realistic voice clones for fraudulent calls.
Traditional scam calls involve robocalls pretending to be healthcare providers or tax agencies. AI-enabled voice scams take things up a notch. They use cloned voices to impersonate people close to you, exploiting your emotional connections for financial gain.
Imagine this scenario: You receive a call that sounds like your child pleading for money to escape a dire situation. Chances are, you’d act quickly to help.
These survey statistics from MacAfee speak for themselves:
- 77% of people who fell for AI-enabled voice scams lost money.
- Over a third of these victims lost more than $1,000.
- 45% of adults admitted they’d respond to a voice message from a loved one asking for money.
- 48% might send money if they received a message claiming a friend or relative was in a car accident.
Protecting yourself from evolving scams
The good news is, while scammers are getting smarter, so can your defenses. Here are some strategies to protect your employees and data from digital fraud:
- Advanced email filtering
Invest in ML-powered solutions to identify phishing patterns even in multiple languages. This will help block malicious content before it reaches your employees.
- Educate your employees
Knowledge is power. Organize training sessions to raise their awareness about phishing risks. Make sure training materials are available in different languages for your global workforce.
- Implementing a dual-approval process
Enhance security by requiring dual authorization for large financial transactions.
- Constant vigilance
Conduct regular security audits to find and fix vulnerabilities in your email systems. And keep your security protocols updated to minimize attack risks.
Cyber threats are global and the rise of multilingual scams underscores the need for protection. Partnering with a reliable language service provider is more important than ever. We can help you create multilingual training materials and spot suspicious emails, ensuring your business stays one step ahead of cybercriminals.