Fraud prevention

As technology advances, fraudsters continuously adapt their methods, exploiting new tools and vulnerabilities to target individuals and businesses. Let’s explore two emerging threats which are generative AI and remote access takeover (RAT). Both can have devastating consequences if not understood and mitigated.

Remote Access Takeover (RAT)

This type of fraud happens when a fraudster takes control of your device and uses this control to make payments from your bank account without your knowledge or authorisation. This will usually happen after the fraudsters have sent you a link, asked you to visit a website or download a piece of software, which helps them to remotely access your device. They may know information about you and your business and use this information to appear credible.

Fraudsters use a number of tactics to steal your money using Remote Access Takeover. They may use more than one at a time. This can include :

• Calling you using spoofed Number
• Giving you links, website and software to click on or download
• Asking you to generate, enter and/or give authorisation codes

How to protect your business against Remote Access Takeover (RAT)?

• Never give out your Online Banking usernames, passwords, authorisation codes, or any One Time Passcodes (OTPs).
• Remember numbers can be spoofed and never rely on the caller ID to know who’s calling.
• For unexpected calls, don’t be afraid to return the call using an independently verified number, such as one from the caller’s official website. Use a different phone or call a known contact first to be sure the line is ‘clear’.
• Be wary of suspicious emails and text messages. Especially those which contain links and ask for information. Always validate these requests with the company directly, using the contact guidance above.
• Never click on any links, visit web addresses, or download software as a result of a phone call you weren’t expecting.
• Your security device, or secure key, is personal to you. If someone calls and asks you to use this device, end the call and contact your bank immediately.
• HSBC will never ask you to participate in an ongoing investigation, advise you how to answer questions or ask you to send your money to a safe account.

It's crucial to remember that legitimate organizations, including banks, will never ask for secure codes or remote access. Be aware that the fraudsters' goal is always to gain control over a victim's device to monitor activities, steal sensitive information, or initiate unauthorized transactions.

Generative AI (Artificial Intelligence)

Generative artificial intelligence (AI) is a technology that enables computers to perform complex tasks and generate writing, audio, or even video made content. AI tools are also capable of making decisions by analysing large amounts of data and using advanced models, giving the impression of interacting with a real person.

This technology significantly the capabilities of fraudsters, allowing them to impersonate individuals or businesses more easily. For instance, by improving fraudsters’ attacks, by impersonating voices during phone calls, or even by manipulating faces and voices through fake videos (deepfake).

How to protect your business against Generative AIs?

1. Regularly update anti-fraud controls.

2. Use daily security codes and enhanced verification processes.

3. Ensure active monitoring and provide regular training, especially on the risks related to deepfakes and phishing attempts.