US stops USD $15 billion in healthcare fraud amid AI scam surge
Authorities in the United States have prevented nearly USD $15 billion in healthcare fraud, shedding light on the rapid evolution of organised scams and prompting cybersecurity experts to highlight the increasing sophistication of digital attacks.
According to specialists at Webshare, the digital landscape has given rise to new forms of fraud, including AI-driven phishing, email cloning, and targeted gift card scams. These methods leverage personal data to craft convincing fraudulent attempts, making it more important than ever for individuals to understand the methods being used against them.
AI-powered deception
One of the notable evolutions in scam tactics is the use of artificial intelligence to impersonate victims' family members or friends. By collecting content from social media, fraudsters create realistic voice recordings or videos known as deepfakes. These are then used to solicit money or personal information, making the deception appear genuine.
Webshare advises: If an unexpected request is received, individuals should ask questions or for details that only the real person would know. A vague or incorrect response can be a strong indicator of criminal intent.
Gift card fraud
Gift card scams continue to be prevalent, with scammers analysing online shopping habits to tailor their approach. Victims are contacted with requests for gift card purchases, often relating to stores they frequent, particularly during busy shopping periods. Once codes are shared, the stolen funds are usually unrecoverable.
The recommended approach is simple: Treat any request for payment by gift card with suspicion, and confirm the legitimacy of the request by contacting the supposed sender directly.
Modern variants of phishing
Attackers also employ 'vishing' - voice phishing - by calling victims while posing as representatives from trusted organisations, such as banks or government bodies. They create urgency by claiming there is suspicious activity, pressuring individuals to disclose sensitive information.
Webshare's guidance notes that legitimate organisations will not request personal security information by phone. If there is any uncertainty, individuals should hang up and call the institution back using a verified number.
Another tactic, 'smishing' or SMS phishing, relies on deceptive text messages that mimic notifications from companies. These messages typically urge recipients to click malicious links under the guise of delivery updates or account issues, aiming to steal login credentials or install malware.
Recipients are advised to check the sender's phone number and confirm legitimacy through direct contact with the relevant company before responding to any prompts.
Email and social media threats
Email 'clone phishing' poses risks by replicating genuine emails such as receipts or notifications, but substituting safe links and attachments with harmful ones. Recipients may not suspect anything until their information has already been compromised.
Experts advise verifying the sender's address, carefully checking links by hovering over them, and contacting the sender independently if the email content seems dubious.
Similarly, social media phishing exploits fake or compromised profiles to circulate malicious links through direct messages, or set up fake giveaways aimed at harvesting personal information.
Webshare advises users to avoid clicking on unsolicited links, and to verify both the sender and authenticity of login pages before entering credentials.
Man-in-the-middle and sophisticated attacks
Man-in-the-middle (MitM) attacks remain a risk, particularly when accessing sensitive accounts on public Wi-Fi networks. Cybercriminals secretly intercept data sent between the user and a website, extracting private details such as passwords and banking information.
Precautions include avoiding important transactions on unsecured Wi-Fi, using a Virtual Private Network (VPN), and ensuring web addresses start with 'https://' for encryption.
Ransomware further complicates security, as it encrypts personal files and demands payment for their release. Such attacks commonly begin with phishing emails or downloads from malicious sites, targeting sensitive data such as photographs or business documents.
To guard against ransomware, individuals are urged to back up important files offline and refrain from interacting with suspicious messages or downloads. In the event of an attack, reporting to authorities and seeking professional help is advised.
DNS spoofing is another concern, redirecting users to fraudulent websites designed to steal passwords or financial information. Checking website addresses and using security tools can help defend against this type of fraud.
Meanwhile, fake job offers are also on the rise. Scammers pose as prospective employers with promises of high wages or flexible roles, aiming to extract fees or sensitive details from applicants. It is important to authenticate such proposals and verify company details through official channels before sharing any information.
"AI is changing how scammers operate, making their attacks more personal and harder to spot. They use tools to mimic voices, create fake videos, or send messages that seem to come from trusted contacts. It's now easier than ever to fall for a scam, whether it's a text from a friend asking for help or a gift card offer from a favorite store. Staying alert is important, as these scams can lead to serious financial losses. Under no condition should you share very personal data, such as passport details or credit card CVV, via email, phone, or any other method that can be easily accessed by hackers. Additionally, if you hear the voice of a close person asking for help, take extra precautions to verify their identity by asking specific questions or details only they would know, ensuring you're speaking to the real person."
Experts continue to urge vigilance as digital scams evolve, with attackers continually refining their strategies to exploit new technologies and user habits.
