This article is part of Money's new-year checklist — a 10-step guide to crushing your financial goals in 2024 (and beyond). For expert insights into new retirement-saving policies, the housing market and more, read our cover story.
Legitimate businesses aren’t the only ones paying attention to recent advances in commerce, communication and artificial intelligence. As the latest slate of identity theft scams makes clear, online fraudsters are on the hunt — and evolving their tricks.
But knowing about these sneaky schemes can help you stay safer in 2024.
Unsurprisingly, personal losses to scams have been on the upswing, at least according to the data. In a February 2023 blog post, the U.S. Federal Trade Commission, or FTC, indicated that consumers reported losing almost $8.8 billion to scams in 2022 (a 30% increase from 2021). The FBI’s Internet Crime Center reported even higher losses from online scams in 2022 — to the tune of $10.3 billion.
The FTC credited the upswing in part to scammy websites posing as legit stores. Such deceptions stand out for their sneakiness, according to Eva Velasquez, president and CEO of the Identity Theft Resource Center.
The craftiest con men now don’t necessarily “use brute force, like hacking into your accounts” or installing the rogue programs known as malware, Velasquez says. Instead, they increasingly — and expertly — leverage information readily found on the internet to create trust.
They then use bogus messages to turn that trust into stolen money.
Velasquez cites an example reported to her nonprofit of a fraudster who found a social media post from someone seeking a new kidney. The con man then came up with ways to ask the sick man’s friends to donate money to help cover the costs of a transplant. All victims had to do was enter their credit or debit card information on a website... that, of course, had nothing to do with their stricken pal.
AI and identity theft
Artificial intelligence can be a key weapon in helping stoke up false trust. As its capabilities and use cases explode, AI is increasingly becoming a worry for consumers afraid of getting fooled.
But criminals don’t actually extensively deploy those well-publicized “deepfake” AI voices to mimic the voices of loved ones in phone calls asking for money. Such scams require too much work to entrap any one victim, Velasquez says — although she worries about the emerging use of deep-faked celebrity voices to solicit donations and data from a wider audience.
Currently, the AI tool of choice for fraudsters is the writing function of bots like ChatGPT and Bard, according to Velasquez. These AI authors allow scammers to order up prose that looks and sounds as if written by a professional born and (well) educated in the U.S.
AI writing eliminates the telltale typos and grammatical goofs of such missives, Velazquez points out, meaning it’s easier to trick people. The bots can also accurately mimic the editorial voice and cadence of any type of U.S. source, she says, including that of financial institutions and government agencies.
According to a report by cybersecurity consultant SlashNext, this superior botwriting has helped to fuel a staggering 1,265% rise in the number of malicious emails between 2022 and 2023. Many, even most, of those nasty new messages are phishing attacks that use deceptive means to obtain a user's email address, ID or password combination. There’s also been an uptick in smishing (phishing via fraudulent SMS text messages) and quishing (phishing via bogus QR codes).
How to stay safe
Resisting these scams requires following the customary steps to protecting your identity — but with heightened awareness and caution. Knowing that typos and odd phrasing will no longer easily alert you to a bank imitator, for example, means you need to verify the identity of "bank representatives" who contact you before clicking or signing anything.
Impersonations of government officials are also on the rise, Velazquez says. In particular, any communication from a purported FBI Homeland Security agent should not be acted upon until you’ve located said person on a credible website, like a departmental directory or legitimate LinkedIn profile.
And don’t be duped by the many scammers today who imitate friends, using information stolen from social media posts and profiles, to carefully concoct a scam. Just because something sounds right doesn’t mean it’s real.
More than ever, Velasquez says, do not trust even the personas of purported friends for any request that involves money or personal details. Rather than simply handing over your bank account number in response to a call for help, you should call your friend to verify that your online correspondent is really them (or someone they’ve indeed empowered to assist them).
In particular, steer away from disclosing your phone number or Social Security number to anyone whose credibility you haven’t double-checked. Make it a habit to pull your credit reports from time to time to be sure your identity has not been hijacked without your knowledge to open new bank accounts or other credit products.
Money’s guide to the best identity theft protection plans — products you can buy to bolster your defenses — includes digital safeguards you can use regardless of whether you buy a protection program. These include creating and periodically updating strong passwords for your accounts and resisting the temptation to engage with phishing emails that purport to be legitimate vendors but may actually be skilled fraudulent imitators.