Cybersecurity

How AI helped fraudsters steal £20,000 from a UK woman

Ann Jensen, a woman from Salisbury, was deceived into losing £20,000 through an AI-powered investment scam that falsely claimed endorsement by UK Prime Minister Sir Keir Starmer. The scammers used deepfake technology to mimic Starmer, promoting a fraudulent cryptocurrency investment opportunity. After persuading her to invest an initial sum, they convinced her to take out a bank loan, only to vanish with the funds.

The scam left Ms. Jensen not only financially devastated but also emotionally shaken, describing the experience as a “physical reaction” where her “body felt like liquid.” Now facing a £23,000 repayment over 27 years, she reflects on the incident as a life-altering crime. “It’s tainted me for life,” she said, emphasising that while she doesn’t feel stupid, she considers herself a victim.

Cybersecurity expert Dr. Jan Collie highlighted how AI tools are weaponised by criminals to clone well-known figures’ voices and mannerisms, making scams appear authentic. She advises vigilance, suggesting people look for telltale signs like mismatched movements or pixelation in videos to avoid falling prey to these sophisticated frauds.

Meta tightens financial ad rules in Australia

Meta Platforms announced stricter regulations for advertisers promoting financial products and services in Australia, aiming to curb online scams. Following an October initiative where Meta removed 8,000 deceptive ‘celeb bait’ ads, the company now requires advertisers to verify beneficiary and payer details, including their Australian Financial Services License number, before running financial ads.

This move is part of Meta’s ongoing efforts to protect Australians from scams involving fake investment schemes using celebrity images. Verified advertisers must also display a “Paid for By” disclaimer, ensuring transparency in financial advertisements.

The updated policy follows a broader regulatory push in Australia, where the government recently abandoned plans to fine internet platforms for spreading misinformation. The crackdown on online platforms is part of a growing effort to assert Australian sovereignty over foreign tech companies, with a federal election looming.

DMM Bitcoin to shut down after $320 million hack loss

DMM Bitcoin, a Japanese cryptocurrency exchange, is preparing to wind down its operations after suffering a significant loss of $320 million in Bitcoin due to a hack in May. The breach, which compromised a private key linked to a wallet holding over 4,500 Bitcoin, forced the company to halt its restructuring efforts and focus on safeguarding customer assets. In response, DMM Bitcoin has arranged to transfer all customer accounts and assets to SBI VC Trade, a crypto exchange operated by financial giant SBI Group, with the transition expected to be completed by March 2025.

The company confirmed that customer assets, including Japanese yen and cryptocurrencies, will be secure during the move. Despite initial assurances that customer deposits would be protected, DMM Bitcoin was forced to suspend withdrawals, new account registrations, and trading following the attack. The company also pledged to compensate affected users by procuring an equivalent amount of Bitcoin, backed by its group companies.

The hack is one of Japan’s largest crypto breaches, second only to the $530 million Coincheck hack in 2018. Blockchain analysts have linked the breach to the Lazarus Group, a North Korean cybercrime organisation, suggesting similarities in laundering techniques. DMM Bitcoin, which launched in 2018, has also been facing challenges with its Web3 gaming project and stablecoin initiatives, ultimately leading to the decision to wind down its operations.

This attack is part of a broader trend of rising cyberattacks on cryptocurrency exchanges in 2024, including major breaches of other exchanges such as WazirX, BingX, and BtcTurk. The growing frequency of such incidents underscores the ongoing risks facing centralized crypto platforms.

SEMI calls for stronger EU semiconductor policy

Industry group SEMI Europe has urged the incoming European Commission to adopt a more unified industrial strategy and expand on the existing European Chips Act. The group highlighted the importance of Mario Draghi’s recommendations, including a centralised EU budget and expedited approvals for strategic high-tech initiatives, to maintain competitiveness against the US and China.

SEMI emphasised the need for additional funding to bolster Europe’s semiconductor ecosystem, particularly in light of global export restrictions on chip technology and critical minerals. Quick action on EU export policies is vital to protect strategic interests and strengthen Europe’s global influence, the group said.

While the Chips Act focuses on attracting new manufacturing, SEMI and other industry voices, like ESIA, have called for broader support. This includes incentives for ‘legacy and foundational’ chip production and innovations essential for Europe’s green transition. Together, SEMI and ESIA represent leading players such as ASML, Infineon, and STMicroelectronics.

A revamped Chips Act would not only counter state-subsidised competition from China but also enhance Europe’s semiconductor supply chain resilience, crucial for its economic and technological independence.

Australia begins trial of teen social media ban

Australia‘s government is conducting a world-first trial to enforce its national social media ban for children under 16, focusing on age-checking technology. The trial, set to begin in January and run through March, will involve around 1,200 randomly selected Australians. It will help guide the development of effective age verification methods, as platforms like Meta, X (formerly Twitter), TikTok, and Snapchat must prove they are taking ‘reasonable steps’ to keep minors off their services or face fines of up to A$49.5 million ($32 million).

The trial is overseen by the Age Check Certification Scheme and will test several age-checking techniques, such as video selfies, document uploads for verification, and email cross-checking. Although platforms like YouTube are exempt, the trial is seen as a crucial step for setting a global precedent for online age restrictions, which many countries are now considering due to concerns about youth mental health and privacy.

The trial’s outcomes could influence how other nations approach enforcing age restrictions, despite concerns from some lawmakers and tech companies about privacy violations and free speech. The government has responded by ensuring that no personal data will be required without alternatives. The age-check process could significantly shape global efforts to regulate social media access for children in the coming years.

India introduces new rules for critical telecom infrastructure

The government of India introduced the Telecommunications (Critical Telecommunication Infrastructure) Rules, 2024, on 22 November, which require telecom entities designated as Critical Telecommunication Infrastructure (CTI) to grant government-authorised personnel access to inspect hardware, software, and data. These rules are part of the Telecommunications Act, 2023, empowering the government to designate telecom networks as CTI if their disruption could severely impact national security, the economy, public health, or safety.

The rules mandate that telecom entities appoint a Chief Telecom Security Officer (CTSO) to oversee cybersecurity efforts and report incidents within six hours, a revised deadline from the original two hours proposed in the draft rules. This brings the telecom sector in India in line with existing Telecom Cyber Security Rules and CERT-In directions, though experts argue that the six-hour window does not meet global standards and may contribute to over-regulation.

Telecom networks are already governed under the Information Technology Act, creating potential overlaps with other regulatory frameworks such as the National Critical Information Infrastructure Protection Centre (NCIIPC). The rules also raise concerns about inspection protocols and data access, as they lack clarity on when inspections can be triggered or what limitations should be placed on government personnel accessing sensitive information.

Experts have also questioned the accountability measures in case of abuse of power and the potential for government officials to access the personal data of telecom subscribers during these inspections. To implement these rules, telecom entities must provide detailed documentation to the government, including network architecture, access lists, cybersecurity plans, and security audit reports. They must also maintain logs and documentation for at least two years to assist in detecting anomalies.

Additionally, remote maintenance or repairs from outside India require government approval, and upgrades to hardware or software must be reviewed within 14 days. Immediate upgrades are allowed during cybersecurity incidents, with notification to the government within 24 hours. A digital portal will be established to manage these rules, but concerns about the lack of transparency in communications have been raised. Finally, all CTI hardware, software, and spares must meet Indian Telecommunication Security Assurance Requirements.

Spotify misused for scams and malware

Scammers are misusing Spotify’s playlist and podcast features to promote pirated software, malware, and phishing schemes. By embedding popular search terms like ‘free download’ or ‘crack’ in playlists and podcast titles, these bad actors ensure their spam appears in Google search results. Users who click on these links often land on unsafe sites designed to install malicious software or steal personal data.

The schemes include playlists and short podcast episodes featuring synthetic voice prompts that redirect listeners to risky external sites. These scams exploit Spotify’s trusted reputation and indexed pages to rank high in search results. Scammers profit through ad clicks, fake surveys, and affiliate links while spreading malware or engaging in phishing attempts.

Experts warn users to avoid clicking on suspicious links, verify playlist or podcast creators, and stick to official sources for downloads. Spotify and search engines like Google face calls to strengthen safeguards to prevent misuse of their platforms. In the meantime, users are encouraged to report fraudulent content and use antivirus software to stay protected.

Dubai Police partners with Crystal Intelligence to bolster security in digital asset sector

Crystal Intelligence and Dubai Police have collaborated to address economic crimes within the rapidly growing digital asset space. By combining advanced blockchain analytics with law enforcement expertise, the two entities aim to predict and prevent financial crimes, ensuring robust security within the digital asset ecosystem.

That collaboration reflects Dubai’s commitment to remaining at the forefront of global blockchain innovation. Moreover, as part of its broader strategy, the UAE, particularly Dubai, has positioned itself as a leader in digital assets by creating a regulatory framework that fosters innovation while ensuring security and compliance.

Notably, establishing the Virtual Assets Regulatory Authority (VARA), the world’s first regulator for virtual assets, has attracted numerous blockchain companies and service providers to the city, further solidifying Dubai’s role as a central hub for digital assets. This collaboration also involves strengthening Dubai Police’s capabilities through Crystal Intelligence’s advanced tools in transaction monitoring, risk management, and predictive analytics.

Why does it matter?

These tools will enable law enforcement to proactively detect and address fraudulent activities across blockchain networks, thereby ensuring the integrity of Dubai’s digital asset market. By combining regulatory foresight with cutting-edge technology, Dubai demonstrates its leadership in integrating innovation with security. Ultimately, this partnership sets a new global standard for digital asset security and offers a model for other jurisdictions to follow as they navigate the complexities of financial crimes in the digital asset space.

Mixed reactions as Australia bans social media for minors

Australia’s recent approval of a social media ban for children under 16 has sparked mixed reactions nationwide. While the government argues that the law sets a global benchmark for protecting youth from harmful online content, critics, including tech giants like TikTok, warn that it could push minors to darker corners of the internet. The law, which will fine platforms like Meta’s Facebook, Instagram and TikTok up to A$49.5 million if they fail to enforce it, takes effect one year after a trial period begins in January.

Prime Minister Anthony Albanese emphasised the importance of protecting children’s physical and mental health, citing the harmful impact of social media on body image and misogynistic content. Despite widespread support—77% of Australians back the measure—many are divided. Some, like Sydney resident Francesca Sambas, approve of the ban, citing concerns over inappropriate content, while others, like Shon Klose, view it as an overreach that undermines democracy. Young people, however, expressed their intent to bypass the restrictions, with 11-year-old Emma Wakefield saying she would find ways to access social media secretly.

This ban positions Australia as the first country to impose such a strict regulation, ahead of other countries like France and several US states that have restrictions based on parental consent. The swift passage of the law, which was fast-tracked through parliament, has drawn criticism from social media companies, which argue the law was rushed and lacked proper scrutiny. TikTok, in particular, warned that the law could worsen risks to children rather than protect them.

The move has also raised concerns about Australia’s relationship with the United States, as figures like Elon Musk have criticised the law as a potential overreach. However, Albanese defended the law, drawing parallels to age-based restrictions on alcohol, and reassured parents that while enforcement may not be perfect, it’s a necessary step to protect children online.

Starlink operations halted in Namibia for lacking licence

Namibia’s communications regulator has ordered Starlink, operated by SpaceX, to cease its operations in the country. The Communications Regulatory Authority of Namibia (CRAN) stated that the company was running a telecommunications network without the required licence.

A cease-and-desist order was issued on 26 November, demanding that Starlink immediately halt all activities. CRAN has also advised the public against purchasing or subscribing to Starlink services, warning that these actions are illegal under Namibian law.

Investigators have already confiscated unlicensed terminals from consumers and have opened criminal cases with the police. The regulator emphasised its commitment to enforcing compliance with national telecommunications regulations.

Earlier this year, Cameroon faced a similar situation, seizing equipment at ports due to licence violations. SpaceX has yet to comment on the developments in Namibia.

Diplo chatbot can make mistakes. Consider checking important information.