If you can be messaged, you can be scammed. Photo / File
OPINION:
Scams appear to be exploding in New Zealand. I suffer daily calls from different numbers for crypto scams, Visa credit card and Spark scams, and most recently scams where you need to pay to release a fictitious parcel for delivery.
Many of us know victims. What worries me moreis not the scams we know about, but the ones that will inevitably emerge.
Scams are going to be slicker and much harder to spot. As they do, we're all just one click away from losing money.
We can look at lessons from recent history to see how existing scams will evolve, says Sam Leggett, senior threat analyst in CERT NZ's incident response team.
An example, says Leggett, is FluBot malware (malicious software), which emerged in 2021. FluBot texts say you have a parcel delivery that's pending. The aim is to harvest your contacts to spread to new victims and access your online banking or crypto app.
Leggett points out that this scam has already evolved to new variants in less than a year. The language used by the scammers changed to inviting recipients of the text to click a link to see photos of themselves online, or to listen to a voicemail by clicking.
Soon people who clicked and paid the small sum asked, such as $1.50, found they'd signed up to a recurring subscription for a larger sum of money, which some people don't notice or know how to stop. Just like Covid-19, we don't know what the next variant of FluBot or romance scams or any of the existing other scams will look like in the future.
World events will multiply scams, says Leggett. "Scammers are opportunists, at the core of things. They will take advantage of whatever they can to make these scams more likely to be successful." When Covid vaccines were developed, the scammers were soon mass messaging: "click here to get your vaccine pass", says Leggett. The war in Ukraine was only days old when scam relief funds requesting donations appeared within days of the invasion.
Looking forward, says Leggett, whatever the methodology, scams are going to target cryptocurrencies and non-fungible tokens (NFTs) to a greater degree. Unlike the bank, you can't call Bitcoin and ask for your money back.
While SMS messaging is the thrust of scams currently, expect every new messaging platform to be targeted in future. "If you can be messaged you can be scammed," says Leggett. Also if you pay with it, you can be scammed on it.
Looking further forward than the immediate future, NZ Police's detective inspector Christiaan Barnard of the Financial Intelligence Unit highlights the looming threat of deep fakes and AI (artificial intelligence) in the scammers' toolkit.
We've recently seen fake videos of Ukrainian president Volodymyr Zelenskyy allegedly telling his troops to surrender. Romance and other scammers who once always found reasons to not do video chats with their intended victims could create a reasonably convincing deep fake persona that could have whatever facial features they choose, says Barnard.
The other technology on the cusp of making scammers many times more effective at what they do is AI, which will enable computers to be responsive enough to behave like humans "Scamming is quite labour intensive (currently) and scammers are only able to have four or five (victims) on the go at one time," says Barnard.
With AI the scammer could use a botnet of hijacked computers to interact with hundreds of victims at a time, who wouldn't realise there isn't a real human at the other end, he says.
The good news is that organisations such as the Police, Netsafe and CERT NZ and international organisations work closely together to protect our money. As soon as CERT NZ becomes aware of a scam it inserts IP addresses, URLs or other indicators into an API that IT vendors can use to update their software and firmware, protecting us in the background. But ultimately everyone needs to be wary before clicking any links online.