Ann Jensen, a woman from Salisbury, was deceived into losing £20,000 through an AI-powered investment scam that falsely claimed endorsement by UK Prime Minister Sir Keir Starmer. The scammers used deepfake technology to mimic Starmer, promoting a fraudulent cryptocurrency investment opportunity. After persuading her to invest an initial sum, they convinced her to take out a bank loan, only to vanish with the funds.
The scam left Ms. Jensen not only financially devastated but also emotionally shaken, describing the experience as a “physical reaction” where her “body felt like liquid.” Now facing a £23,000 repayment over 27 years, she reflects on the incident as a life-altering crime. “It’s tainted me for life,” she said, emphasising that while she doesn’t feel stupid, she considers herself a victim.
Cybersecurity expert Dr. Jan Collie highlighted how AI tools are weaponised by criminals to clone well-known figures’ voices and mannerisms, making scams appear authentic. She advises vigilance, suggesting people look for telltale signs like mismatched movements or pixelation in videos to avoid falling prey to these sophisticated frauds.
Meta Platforms announced stricter regulations for advertisers promoting financial products and services in Australia, aiming to curb online scams. Following an October initiative where Meta removed 8,000 deceptive ‘celeb bait’ ads, the company now requires advertisers to verify beneficiary and payer details, including their Australian Financial Services License number, before running financial ads.
This move is part of Meta’s ongoing efforts to protect Australians from scams involving fake investment schemes using celebrity images. Verified advertisers must also display a “Paid for By” disclaimer, ensuring transparency in financial advertisements.
The updated policy follows a broader regulatory push in Australia, where the government recently abandoned plans to fine internet platforms for spreading misinformation. The crackdown on online platforms is part of a growing effort to assert Australian sovereignty over foreign tech companies, with a federal election looming.
DMM Bitcoin, a Japanese cryptocurrency exchange, is preparing to wind down its operations after suffering a significant loss of $320 million in Bitcoin due to a hack in May. The breach, which compromised a private key linked to a wallet holding over 4,500 Bitcoin, forced the company to halt its restructuring efforts and focus on safeguarding customer assets. In response, DMM Bitcoin has arranged to transfer all customer accounts and assets to SBI VC Trade, a crypto exchange operated by financial giant SBI Group, with the transition expected to be completed by March 2025.
The company confirmed that customer assets, including Japanese yen and cryptocurrencies, will be secure during the move. Despite initial assurances that customer deposits would be protected, DMM Bitcoin was forced to suspend withdrawals, new account registrations, and trading following the attack. The company also pledged to compensate affected users by procuring an equivalent amount of Bitcoin, backed by its group companies.
The hack is one of Japan’s largest crypto breaches, second only to the $530 million Coincheck hack in 2018. Blockchain analysts have linked the breach to the Lazarus Group, a North Korean cybercrime organisation, suggesting similarities in laundering techniques. DMM Bitcoin, which launched in 2018, has also been facing challenges with its Web3 gaming project and stablecoin initiatives, ultimately leading to the decision to wind down its operations.
This attack is part of a broader trend of rising cyberattacks on cryptocurrency exchanges in 2024, including major breaches of other exchanges such as WazirX, BingX, and BtcTurk. The growing frequency of such incidents underscores the ongoing risks facing centralized crypto platforms.
Scammers are misusing Spotify’s playlist and podcast features to promote pirated software, malware, and phishing schemes. By embedding popular search terms like ‘free download’ or ‘crack’ in playlists and podcast titles, these bad actors ensure their spam appears in Google search results. Users who click on these links often land on unsafe sites designed to install malicious software or steal personal data.
The schemes include playlists and short podcast episodes featuring synthetic voice prompts that redirect listeners to risky external sites. These scams exploit Spotify’s trusted reputation and indexed pages to rank high in search results. Scammers profit through ad clicks, fake surveys, and affiliate links while spreading malware or engaging in phishing attempts.
Experts warn users to avoid clicking on suspicious links, verify playlist or podcast creators, and stick to official sources for downloads. Spotify and search engines like Google face calls to strengthen safeguards to prevent misuse of their platforms. In the meantime, users are encouraged to report fraudulent content and use antivirus software to stay protected.
Crystal Intelligence and Dubai Police have collaborated to address economic crimes within the rapidly growing digital asset space. By combining advanced blockchain analytics with law enforcement expertise, the two entities aim to predict and prevent financial crimes, ensuring robust security within the digital asset ecosystem.
That collaboration reflects Dubai’s commitment to remaining at the forefront of global blockchain innovation. Moreover, as part of its broader strategy, the UAE, particularly Dubai, has positioned itself as a leader in digital assets by creating a regulatory framework that fosters innovation while ensuring security and compliance.
Notably, establishing the Virtual Assets Regulatory Authority (VARA), the world’s first regulator for virtual assets, has attracted numerous blockchain companies and service providers to the city, further solidifying Dubai’s role as a central hub for digital assets. This collaboration also involves strengthening Dubai Police’s capabilities through Crystal Intelligence’s advanced tools in transaction monitoring, risk management, and predictive analytics.
Why does it matter?
These tools will enable law enforcement to proactively detect and address fraudulent activities across blockchain networks, thereby ensuring the integrity of Dubai’s digital asset market. By combining regulatory foresight with cutting-edge technology, Dubai demonstrates its leadership in integrating innovation with security. Ultimately, this partnership sets a new global standard for digital asset security and offers a model for other jurisdictions to follow as they navigate the complexities of financial crimes in the digital asset space.
Advancements in AI voice cloning have revealed vulnerabilities in banking security, as a BBC reporter demonstrated how cloned voices can bypass voice recognition systems. Using an AI-generated version of her voice, she successfully accessed accounts at two major banks, Santander and Halifax, simply by playing back the phrase “my voice is my password.”
The experiment highlighted potential security gaps, as the cloned voice worked on basic speakers and required no high-tech setup. While the banks noted that voice ID is part of a multi-layered security system, they maintained that it is more secure than traditional authentication methods. Experts, however, view this as a wake-up call about the risks posed by generative AI.
Cybersecurity specialists warn that rapid advancements in voice cloning technology could increase opportunities for fraud. They emphasise the importance of evolving defenses to address these challenges, especially as AI continues to blur the lines between real and fake identities.
The Federal Trade Commission (FTC) has strengthened its rules to better protect consumers from tech support scams. With new amendments to the Telemarketing Sales Rule (TSR), the agency can now act against fraudsters even when victims initiate the call, closing a loophole that left many unable to seek justice.
Tech support scams commonly trick victims through fake pop-ups, emails, and warnings that urge them to contact bogus help desks. These scams have disproportionately affected older adults, who are five times more likely to be targeted, leading to over $175M in reported losses.
Previously, the US FTC could only pursue scammers if they made the initial call. The rule change now removes exemptions for technical support services, allowing the agency to crack down on deceptive practices regardless of how contact is made. Authorities are also targeting fraudulent pop-ups as part of a broader effort to combat these schemes.
With cases like the fake ‘Geek Squad’ scams resulting in millions in losses, the FTC’s expanded powers mark a significant step in holding scammers accountable and protecting vulnerable populations from financial harm.
T-Mobile has reported recent attempts by cyber attackers to infiltrate its systems. The US telecom giant confirmed that its security measures successfully prevented access to sensitive customer data, including calls, voicemails, and texts. The intrusion originated from a compromised network connected to T-Mobile’s systems, prompting the company to sever the connection.
The attackers’ traits resembled those of Salt Typhoon, a Chinese-linked cyber espionage group, though T-Mobile has not confirmed their identity. The firm’s Chief Security Officer, Jeff Simon, stated that customer information remained secure, with no disruption to services. Findings were reported to the US government for further investigation.
Simon attended a White House meeting last week to discuss escalating cyber threats. The FBI and the Cybersecurity & Infrastructure Security Agency recently disclosed an ongoing investigation into a Chinese-linked espionage campaign targeting several US telecom providers.
The broader operation reportedly infiltrated multiple companies, stealing sensitive call data and accessing private communications. Such breaches compromised the devices of individuals in government and politics, including campaign staff during the 2020 US presidential election, raising concerns about national security.
Starbucks is manually processing barista payroll after a ransomware attack disrupted the third-party software it uses for scheduling. Despite the outage, the company assured employees they would be paid correctly and instructed store managers on manual workarounds to keep operations running smoothly.
The attack targeted Blue Yonder, a cloud services provider whose clients include major grocery chains and Fortune 500 companies. Blue Yonder has faced backlash as its systems remain compromised, with multiple companies, including Ford, assessing potential impacts. The cybersecurity firm CrowdStrike is assisting with recovery efforts.
Ransomware attacks have surged globally, with hackers targeting critical operations, especially during high-demand periods like the holiday season. Starbucks’ new CEO Brian Niccol now faces an additional hurdle on top of three straight quarters of declining sales.
A Brighton tradesman lost £75,000 to a fake bitcoin scheme that used a deepfake video of Martin Lewis and Elon Musk. The kitchen fitter, Des Healey, shared his experience on BBC Radio 5 Live, revealing how AI manipulated Martin’s voice and image to create a convincing endorsement. Des admitted he was lured by the promise of quick returns but later realised the devastating scam had emptied his life savings and forced him into debt.
He explained that the fraudsters, posing as financial experts, gained his trust through personalised calls and apparent success in his fake investment account. Encouraged to invest more, he took out £70,000 in loans across four lenders. Only when his son raised concerns about suspicious details, such as background music on calls, did Des begin to suspect foul play and approach the police.
Martin Lewis, Britain’s most impersonated celebrity in scams, described meeting Des as emotionally challenging. He commended Des for bravely sharing his ordeal to warn others. Martin emphasised that scams prey on urgency and secrecy, urging people to pause and verify before sharing personal or financial details.
Although two banks cancelled loans taken by Des, he still owes £26,000 including interest. Des expressed gratitude for the chance to warn others and praised Martin Lewis for his continued efforts to fight fraud. Meanwhile, Revolut reaffirmed its commitment to combating cybercrime, acknowledging the challenges posed by sophisticated scammers.
