Netcraft Uses Its AI Platform to Trick and Track Online Scammers
At the RSA Conference last month, Netcraft introduced a generative AI-powered platform designed to interact with cybercriminals to gain insights into the operations of the conversational scams they’re running and disrupt their attacks.
At the time, Ryan Woodley, CEO of the London-based company that offers a range of services from phishing detection to brand, domain, and social media detection, said in a statement that “conversational scams through email, SMS, and other channels have become an acute pain point for financial institutions and individuals worldwide.”
“Our innovative approach leverages the thoughtful use of AI, extensive cloaking techniques, and proactive countermeasures, providing a potent blend of data extraction and criminal disruption,” Woodley said.
A month later, the company is giving the industry a peek into what it’s found, from a deeper look to how these scammers work and how they move their money the massive amounts of money they steal.
“The reach of these scams runs deep with criminal bank accounts, mule accounts, crypto wallets, and a connected web of malicious infrastructure used to further these scams,” the company wrote in a blog post Thursday.
A Lot of Money and Accounts
Netcraft researchers using the company’s Conversational Scam Intelligence platform so far have collected thousands of so-called money mule bank accounts spanning 73 countries and more than 600 financials institutions. In one conversation between Netcraft’s AI solution and a cybercriminal who thought they were talking to a real person, the company received 17 mule accounts.
In addition, the researchers wrote that the top four cryptocurrency wallets they identified have received more than $45 million, or 1,000 Bitcoin (BTC).
“One in six of our conversations with criminals has resulted in details of at least one bank account being sent,” they wrote. “Other conversations end with requests to buy gift cards, cryptocurrency payments, online payment providers (like PayPal), or money remittance services (like Western Union). While others fade out over time as the conversation naturally goes cold.”
Such conversational scams can take a number of forms and names – from investment scams and romance fraud to so-called pig-butchering schemes – but all involve the cybercriminal contacting a target online and over a period time and many private peer-to-peer conversations gaining the victim’s confidence and convincing them to send them money.
Long-Running Frauds
They also call for patience by the scammer. On average, cybercriminals send more than 32 messages, even though they receive an average of 15 replies, according to Netcraft. The bad actors tend to be eager to engage quickly and often with their targets, with the scams lasting more than 47 days on average.
According to the FBI, losses last year connected to such fraud reached $5.47 billion, a 38% year-to-year jump from 2022. Scams referencing cryptocurrency accounted for $3.96 billion, the agency said in its annual Internet Crime Report.
Different Scams Tracked
With advance fee frauds, the scammers convince victims to make modest upfront payments with the promise of getting a larger payment in return, though that never happens. In romance scams, the fraudsters work to strike up a false online romantic relationship with their targets and then use the trust built up to borrow or extort money from them.
“Romance scams usually span months and require a lot of interaction to extract intelligence, sometimes feeding into pig butchering scams,” Netcraft researchers wrote.
Pig butchering frauds refer to the criminal fattening up their victims before taking everything they can. Again, the relationship is built over time, during which the cybercriminal gradually encourages the victim to invest increasing amounts of funds, at times using a fake investment platform that they control to entice the target to put up their money.
“Once the criminal is satisfied with the invested funds (or if they think the victim is growing suspicious), they steal them,” they wrote, adding that “later, they sometimes return with promises of recovery.”
The targets aren’t the only victims. The United Nations in a report last year said criminal gangs in Southeast Asia were forcing people to participate in such scams, saying that at least 120,000 people in Myanmar and about 100,000 in Cambodia “may be held in situations where they are forced to carry out online scams.”
Chatty Cybercriminals
Netcraft wrote about a handful of the conversations the platform had with cybercriminals.
In one advanced fee fraud, the crypto wallet used by the bad actors had received more than $40 million in payments from victims. As with other such frauds, the minute the funds are sent to the address, they’re immediately laundered, being distributed among other addresses to make the money difficult to trace.
This conversation also disclosed WhatsApp accounts, Western Union remittance details, emails, and multiple phone numbers used in this attack, the researchers wrote.
In another case, attackers told the AI platform that they could unlock more than $5 million in inheritance and shared more than 17 accounts at 12 financial institutions. Through this, NetCraft was able to many accounts and more than 40 points of intelligence, including money mules and email addresses. There were more than 250 messages sent back and forth, which also meant the platform wasted a lot of the attacker’s time.
In another advance fee fraud, the bad actor passed themselves off as an investments team at “Deutsche Bank” working for the “Central Bank of Nigeria.” Through this month-long, 40-message conversation, the platform saw four back accounts, two crypto wallets, and a set of money remittance details.
The researchers also said scammers can get frustrated as the schemes move along. One bad actor – who had shown more than a dozen bank accounts – cursed at the AI platform, though they still tried to continue the scam using gift cards. When the gift card ploy didn’t work, they gave the platform another bank account.