On this occasion, we review the typical procedure that scammers follow in this type of scam, as well as remember how AI can help them create more realistic situations.
It is already well known that one of the methods that Internet scammers choose to try to steal money from a victim is to simulate the kidnapping of a family member or loved one close to them to ask for a ransom.
An anxious situation such as the one a person can enter when receiving a call pretending to be a kidnapping can deactivate their capacity for analysis and make them vulnerable to deception. Now, AI tools make it possible for criminals to generate an even more plausible scenario, and scams of this type have increased around the world, according to the antivirus company ESET Spain.
ESET refers to this phenomenon as ‘virtual kidnappings’, and warns that cybercriminals could use a perfect cocktail of resources to give legitimacy to the plot. Examples include the ChatGPT language model, voice cloning technologies, location information sharing on social networks, and SIM card sharing.
The Director of Research and Awareness of ESET Spain, Josep Albors, places special emphasis on “the quality of AI voice cloning technology, which is now convincing enough to deceive even close relatives.” These artificial intelligence voice imitation technologies could use videos shared by the users themselves on social networks to feed an algorithm that results in a synthetic voice similar to that of the person used as a false hostage.
Equally worrying can be SIM swapping, as it would make the victim unable to communicate with the impersonated loved one, helping to increase anxiety and confusion. Scammers could also use some type of face swap, sending the victim a falsified image of the face of the supposedly captured person.
The typical process of a virtual kidnapping
The cybersecurity company has explained how one of these scams usually works. First of all, scammers search for the ideal victim profile using OSINT techniques, that is, using publicly available information on the Internet, such as social networks.
This first stage could be automated and made more agile through the malicious use of artificial intelligence, they point out from ESET, since these models could suggest to scammers an ideal description of the type of person most likely to be scammed in a certain place.
After having identified and obtained information about the person who will be the victim of the scam, the next thing is to do the same with the person who will be the false kidnapped person, such as a child or other family member. Once this is done, they will contact the victim posing a terrible and urgent scenario that makes the person nervous and complicates rational thinking.
They will try to take advantage of a time when both people are in different places, such as on vacation, so that the victim cannot easily contact the person allegedly kidnapped.
The next phase could include sending audio files manipulated to make it appear that they are with the victim’s relative, as well as talking about details about this that they have been able to collect from social networks. For example, talk about a mole or tattoo that the person has.
Finally, they could request a payment in cryptocurrencies to a crypto wallet, to try to ensure that the transfer cannot be traced by the authorities.
Recommendations to protect our identity
As possible measures to prevent cybercriminals from trying to impersonate our identity, for example, through images, things are suggested such as: privatizing our profiles on social networks, not sharing images that reveal the exact location of a home, avoiding sharing videos of family members and Be discreet with vacation destinations.
On the other hand, as a possible solution to maintain peace of mind in case you have children or vulnerable relatives, there is the option of using trackers with geolocation to know where they are. We must remember, be careful, that this must always be done with prior consent. Likewise, the call must be reported to the police as soon as possible.