AI Daisy against criminals: scambaiting to counter spoofing

Security Awareness
21 November 2024
ai-nonna-daisy

While a man in Italy is being robbed of 39 thousand euros by spoofing, Britons are being protected by an adorable virtual granny: AI daisy!

We have all at one time or another in our lives stumbled upon a phone call with an elderly person who kept us on the phone for a long time, getting lost in details that were totally insignificant to us and speaking with a certain confusion and slowness. We may have listened to her with affection, though, because we had an emotional bond with her. Or we listened to an occasional word while doing something else but never hurting our interlocutor (or our interlocutor).

However, put yourself in the shoes of a cyber criminal who, in addition to having no time to waste, must avoid like the plague excessively long phone calls during his criminal activities, lest he incur the risk of being intercepted and traced.

AI Daisy, the adorable virtual grandmother from England.

From this situation, Britain has taken the cue to launch a chattering granny fruit of artificial intelligence that is used as a deterrent to spoofing attempts by cybercriminals.

It is called AI Daisy and answers calls instead of the user (chosen as the victim by the crime) with the aim of wasting the scammers’ time, up to 40 minutes, through meaningless conversations and providing false data. The pirates generally desist by giving up their scam attempt.

The cute Daisy is inspired by a habit called scambaiting, which consists precisely in wasting the time of crooks. In addition, conversations are typically shared on some platforms, through vigilantes with the purpose of taking sensitive information from the crooks themselves and also targeting them.

In short, the lovely Daisy arrives to save the face and wallets of the many Britons targeted(7 out of 10, according to data from Virgin Media O2-the British phone company), through spoofing, by cybercriminals and scammers.

What is Spoofing

The technique of spoofing consists of spoofing the Caller ID of the scammer’s number by masking it with an authoritative and trustworthy one and is used by cybercriminals and scammers to carry out attacks on assets, even sizable ones, against sometimes designated, sometimes random victims.

Thus, the Spoofer is one who falsifies data and protocols with the intent of appearing another person or gaining access to restricted areas.

Various methods are used to do this, among the most feared are:

  • Web site spoofing: when cyber criminals give a credible appearance to a deceptive Web site (even disguising the Url) with the goal of convincing users to enter credentials, credit card and login information;
  • E-mail spoofing: when the attacker sends messages from fake addresses (resembling one of the victim’s contacts) with the goal of distributing malware or stealing data;
  • Caller ID spoofing: when criminals, through VoIP technology, personalize phone number i caller IDs.

But there are also others: DNS server spoofing; ARP spoofing; IP spoofing.

One of the latest cases in Italy

One of the latest cases is from Italy and involves a 60-year-old man from Genoa who had 39,000 euros stolen. The victim suffered a breach of his bank account as a result of two false calls. The first by fake carabinieri and the second by a phantom employee of the anti-fraud section of the victim’s bank. Both informed the man of a breach of his bank account by convincing him to provide them with credentials for bank access.

Although spoofing techniques are many, at base they all have the same intent: to exploit the trust of the chosen victim to steal money, manipulate data, circumvent network access controls, and spread malware through malicious links and attachments.

This is a technique much feared by users and companies because of its effectiveness and the ease with which criminals, partly through social engineering techniques, are able to gain access to confidential information.

Of course we would also need an adorable granny here at home who entertains crooks with nonsensical chatter until they desist from their criminal intentions, but for now we have to make do with a public consultation launched last Nov. 13 by Agcom with the aim of introducing new measures to combat telephone fraud and wild telemarketing that employ spoofing. The consultation will serve to gather opinions and suggestions from the various operators in the sector, with the aim of defining an effective and shared regulation.

In the meantime, the only way to avoid falling victim to spoofing, and cybercrime in general, remains to acquire a digital posture that can detect the scam attempt immediately and nip it, and report it, in the bud.

Achieving this goal requires continuous, quality training that is up-to-date with the latest crime news, that is usable and user-friendly, and that is calibrated to the specific knowledge of each user.

With the right training, everyone can become a bit like the lovely Daisy, perhaps not quite as likable as she is, but certainly effective in deterring cybercrime.

Related Articles