Cyber Indicators Challenge 9 | AI-powered deception: Rising fraud threats and countermeasures

Introduction | Safety snapshot | Risk briefing
Defending in opposition to assaults | Knowledgeable profile 

Microsoft maintains a steady effort to guard its platforms and clients from fraud and abuse. From blocking imposters on Microsoft Azure and including anti-scam options to Microsoft Edge, to combating tech assist fraud with new options in Home windows Fast Help, this version of Cyber Indicators takes you contained in the work underway and vital milestones achieved that shield clients.

We’re all defenders. 

Between April 2024 and April 2025, Microsoft:

• Thwarted $4 billion in fraud makes an attempt.
• Rejected 49,000 fraudulent partnership enrollments.
• Blocked about 1.6 million bot signup makes an attempt per hour.

The evolution of AI-enhanced cyber scams

AI has began to decrease the technical bar for fraud and cybercrime actors in search of their very own productiveness instruments, making it simpler and cheaper to generate plausible content material for cyberattacks at an more and more speedy charge. AI software program utilized in fraud makes an attempt runs the gamut, from legit apps misused for malicious functions to extra fraud-oriented instruments utilized by dangerous actors within the cybercrime underground.

AI instruments can scan and scrape the online for firm info, serving to cyberattackers construct detailed profiles of workers or different targets to create extremely convincing social engineering lures. In some instances, dangerous actors are luring victims into more and more complicated fraud schemes utilizing pretend AI-enhanced product evaluations and AI-generated storefronts, the place scammers create whole web sites and e-commerce manufacturers, full with pretend enterprise histories and buyer testimonials. Through the use of deepfakes, voice cloning, phishing emails, and authentic-looking pretend web sites, risk actors search to look legit at wider scale.

Based on the Microsoft Anti-Fraud Staff, AI-powered fraud assaults are occurring globally, with a lot of the exercise coming from China and Europe, particularly Germany due partly to Germany’s standing as one of many largest e-commerce and on-line companies markets within the European Union (EU). The bigger a digital market in any area, the extra possible a proportional diploma of tried fraud will happen.

E-commerce fraud

Fraudulent e-commerce web sites may be arrange in minutes utilizing AI and different instruments requiring minimal technical data. Beforehand, it could take risk actors days or perhaps weeks to face up convincing web sites. These fraudulent web sites usually mimic legit websites, making it difficult for shoppers to determine them as pretend. 

Utilizing AI-generated product descriptions, photographs, and buyer evaluations, clients are duped into believing they’re interacting with a real service provider, exploiting shopper belief in acquainted manufacturers.

AI-powered customer support chatbots add one other layer of deception by convincingly interacting with clients. These bots can delay chargebacks by stalling clients with scripted excuses and manipulating complaints with AI-generated responses that make rip-off websites seem skilled.

In a multipronged method, Microsoft has applied strong defenses throughout our services and products to guard clients from AI-powered fraud. Microsoft Defender for Cloud gives complete risk safety for Azure assets, together with vulnerability assessments and risk detection for digital machines, container photographs, and endpoints.

Microsoft Edge options web site typo safety and area impersonation safety utilizing deep studying know-how to assist customers keep away from fraudulent web sites. Edge has additionally applied a machine learning-based Scareware Blocker to determine and block potential rip-off pages and misleading pop-up screens with alarming warnings claiming a pc has been compromised. These assaults attempt to frighten customers into calling fraudulent assist numbers or downloading dangerous software program.

Job and employment fraud

The speedy development of generative AI has made it simpler for scammers to create pretend listings on numerous job platforms. They generate pretend profiles with stolen credentials, pretend job postings with auto-generated descriptions, and AI-powered electronic mail campaigns to phish job seekers. AI-powered interviews and automatic emails improve the credibility of job scams, making it tougher for job seekers to determine fraudulent presents.

To forestall this, job platforms ought to introduce multifactor authentication for employer accounts to make it tougher for dangerous actors to take over legit hirers’ listings and use out there fraud-detection applied sciences to catch suspicious content material.

Fraudsters usually ask for private info, similar to resumes and even checking account particulars, below the guise of verifying the applicant’s info. Unsolicited textual content and electronic mail messages providing employment alternatives that promise excessive pay for minimal {qualifications} are sometimes an indicator of fraud.

Employment presents that embrace requests for cost, presents that appear too good to be true, unsolicited presents or interview requests over textual content message, and a scarcity of formal communication platforms can all be indicators of fraud.

Tech assist scams

Tech assist scams are a sort of fraud the place scammers trick victims into pointless technical assist companies to repair a tool or software program issues that don’t exist. The scammers could then acquire distant entry to a pc—which lets them entry all info saved on it, and on any community linked to it or set up malware that offers them entry to the pc and delicate knowledge.

Tech assist scams are a case the place elevated fraud dangers exist, even when AI doesn’t play a job. For instance, in mid-April 2024, Microsoft Risk Intelligence noticed the financially motivated and ransomware-focused cybercriminal group Storm-1811 abusing Home windows Fast Help software program by posing as IT assist. Microsoft didn’t observe AI utilized in these assaults; Storm-1811 as an alternative impersonated legit organizations by voice phishing (vishing) as a type of social engineering, convincing victims to grant them system entry by Fast Help. 

Fast Help is a device that permits customers to share their Home windows or macOS system with one other particular person over a distant connection. Tech assist scammers usually fake to be legit IT assist from well-known firms and use social engineering ways to achieve the belief of their targets. They then try to make use of instruments like Fast Help to hook up with the goal’s system. 

Fast Help and Microsoft usually are not compromised in these cyberattack situations; nevertheless, the abuse of legit software program presents threat Microsoft is concentrated on mitigating. Knowledgeable by Microsoft’s understanding of evolving cyberattack methods, the corporate’s anti-fraud and product groups work carefully collectively to enhance transparency for customers and improve fraud detection methods. 

The Storm-1811 cyberattacks spotlight the potential of social engineering to bypass safety defenses. Social engineering entails amassing related details about focused victims and arranging it into credible lures delivered by telephone, electronic mail, textual content, or different mediums. Numerous AI instruments can rapidly discover, set up, and generate info, thus appearing as productiveness instruments for cyberattackers. Though AI is a brand new growth, enduring measures to counter social engineering assaults stay extremely efficient. These embrace growing worker consciousness of legit helpdesk contact and assist procedures, and making use of Zero Belief ideas to implement least privilege throughout worker accounts and gadgets, thereby limiting the affect of any compromised property whereas they’re being addressed. 

Microsoft has taken motion to mitigate assaults by Storm-1811 and different teams by suspending recognized accounts and tenants related to inauthentic conduct. For those who obtain an unsolicited tech assist provide, it’s possible a rip-off. All the time attain out to trusted sources for tech assist. If scammers declare to be from Microsoft, we encourage you to report it on to us at https://www.microsoft.com/reportascam. 

Constructing on the Safe Future Initiative (SFI), Microsoft is taking a proactive method to making sure our services and products are “Fraud-resistant by Design.” In January 2025, a brand new fraud prevention coverage was launched: Microsoft product groups should now carry out fraud prevention assessments and implement fraud controls as a part of their design course of. 

Suggestions

• Strengthen employer authentication: Fraudsters usually hijack legit firm profiles or create pretend recruiters to deceive job seekers. To forestall this, job platforms ought to introduce multifactor authentication and Verified ID as a part of Microsoft Entra ID for employer accounts, making it tougher for unauthorized customers to achieve management.
• Monitor for AI-based recruitment scams: Firms ought to deploy deepfake detection algorithms to determine AI-generated interviews the place facial expressions and speech patterns could not align naturally.
• Be cautious of internet sites and job listings that appear too good to be true: Confirm the legitimacy of internet sites by checking for safe connections (https) and utilizing instruments like Microsoft Edge’s typo safety.
• Keep away from offering private info or cost particulars to unverified sources: Search for purple flags in job listings, similar to requests for cost or communication by casual platforms like textual content messages, WhatsApp, nonbusiness Gmail accounts, or requests to contact somebody on a private system for extra info.

Utilizing Microsoft’s safety sign to fight fraud

Microsoft is actively working to cease fraud makes an attempt utilizing AI and different applied sciences by evolving large-scale detection fashions based mostly on AI, similar to machine studying, to play protection by studying from and mitigating fraud makes an attempt. Machine studying is the method that helps a pc be taught with out direct instruction utilizing algorithms to find patterns in massive datasets. These patterns are then used to create a complete AI mannequin, permitting for predictions with excessive accuracy.

We’ve developed in-product security controls that warn customers about potential malicious exercise and combine speedy detection and prevention of latest forms of assaults.

Our fraud staff has developed area impersonation safety utilizing deep-learning know-how on the area creation stage, to assist shield in opposition to fraudulent e-commerce web sites and faux job listings. Microsoft Edge has included web site typo safety, and we now have developed AI-powered pretend job detection programs for LinkedIn.

Microsoft Defender Smartscreen is a cloud-based safety function that goals to stop unsafe searching habits by analyzing web sites, information, and purposes based mostly on their fame and conduct. It’s built-in into Home windows and the Edge browser to assist shield customers from phishing assaults, malicious web sites, and probably dangerous downloads.

Moreover, Microsoft’s Digital Crimes Unit (DCU) companions with others within the personal and public sector to disrupt the malicious infrastructure utilized by criminals perpetuating cyber-enabled fraud. The staff’s longstanding collaboration with legislation enforcement world wide to answer tech assist fraud has resulted in tons of of arrests and more and more extreme jail sentences worldwide. The DCU is making use of key learnings from previous actions to disrupt those that search to abuse generative AI know-how for malicious or fraudulent functions. 

Fast Help options and distant assist fight tech assist fraud

To assist fight tech assist fraud, we now have included warning messages to alert customers about potential tech assist scams in Fast Help earlier than they grant entry to somebody approaching them purporting to be a certified IT division or different assist useful resource.

Home windows customers should learn and click on the field to acknowledge the safety threat of granting distant entry to the system.

Microsoft has considerably enhanced Fast Help safety for Home windows customers by leveraging its safety sign. In response to tech assist scams and different threats, Microsoft now blocks a mean of 4,415 suspicious Fast Help connection makes an attempt each day, accounting for about 5.46% of worldwide connection makes an attempt. These blocks goal connections exhibiting suspicious attributes, similar to associations with malicious actors or unverified connections.

Microsoft’s continuous give attention to advancing Fast Help safeguards seeks to counter adaptive cybercriminals, who beforehand focused people opportunistically with fraudulent connection makes an attempt, however extra just lately have sought to focus on enterprises with extra organized cybercrime campaigns that Microsoft’s actions have helped disrupt.

Our Digital Fingerprinting functionality, which leverages AI and machine studying, drives these safeguards by offering fraud and threat alerts to detect fraudulent exercise. If our threat alerts detect a potential rip-off, the Fast Help session is routinely ended. Digital Fingerprinting works by amassing numerous alerts to detect and forestall fraud.

For enterprises combating tech assist fraud, Distant Assist is one other useful useful resource for workers. Distant Assistance is designed for inner use inside a company and contains options that make it perfect for enterprises.

By decreasing scams and fraud, Microsoft goals to boost the general safety of its merchandise and shield its customers from malicious actions.

Shopper safety ideas

Fraudsters exploit psychological triggers similar to urgency, shortage, and belief in social proof. Shoppers ought to be cautious of:

• Impulse shopping for—Scammers create a way of urgency with “limited-time” offers and countdown timers.
• Trusting pretend social proof—AI generates pretend evaluations, influencer endorsements, and testimonials to look legit.
• Clicking on advertisements with out verification—Many rip-off websites unfold by AI-optimized social media advertisements. Shoppers ought to cross-check domains and evaluations earlier than buying.
• Ignoring cost safety—Keep away from direct financial institution transfers or cryptocurrency funds, which lack fraud protections.

Job seekers ought to confirm employer legitimacy, be looking out for widespread job rip-off purple flags, and keep away from sharing private or monetary info with unverified employers.

• Confirm employer legitimacy—Cross-check firm particulars on LinkedIn, Glassdoor, and official web sites to confirm legitimacy.
• Discover widespread job rip-off purple flags—If a job requires upfront funds for coaching supplies, certifications, or background checks, it’s possible a rip-off. Unrealistic salaries or no-experience-required distant positions ought to be approached with skepticism. Emails from free domains (similar to [email protected] as an alternative of [email protected]) are additionally sometimes indicators of fraudulent exercise.
• Be cautious of AI-generated interviews and communications—If a video interview appears unnatural, with lip-syncing delays, robotic speech, or odd facial expressions, it could possibly be deepfake know-how at work. Job seekers ought to at all times confirm recruiter credentials by the corporate’s official web site earlier than partaking in any additional discussions.
• Keep away from sharing private or monetary info—On no account must you present a Social Safety quantity, banking particulars, or passwords to an unverified employer.

Microsoft can be a member of the World Anti-Rip-off Alliance (GASA), which goals to convey governments, legislation enforcement, shopper safety organizations, monetary authorities and suppliers, model safety businesses, social media, web service suppliers, and cybersecurity firms collectively to share data and shield shoppers from getting scammed.

Suggestions

• Distant Assist: Microsoft recommends utilizing Distant Assist as an alternative of Fast Help for inner tech assist. Distant Assistance is designed for inner use inside a company and incorporates a number of options designed to boost safety and decrease the danger of tech assist hacks. It’s engineered for use solely inside a company’s tenant, offering a safer different to Fast Help.
• Digital Fingerprinting: This identifies malicious behaviors and ties them again to particular people. This helps in monitoring and stopping unauthorized entry.
• Blocking full management requests: Fast Help now contains warnings and requires customers to verify a field acknowledging the safety implications of sharing their display screen. This provides a layer of useful “safety friction” by prompting customers who could also be multitasking or preoccupied to pause to finish an authorization step.

Kelly Bissell: A cybersecurity pioneer combating fraud within the new period of AI

Kelly Bissell’s journey into cybersecurity started unexpectedly in 1990. Initially working in pc science, Kelly was concerned in constructing software program for healthcare affected person accounting and working programs at Medaphis and Bellsouth, now AT&T.

His curiosity in cybersecurity was sparked when he observed somebody logged right into a telephone change trying to get free long-distance calls and traced the intruder again to Romania. This incident marked the start of Kelly’s profession in cybersecurity.

“I stayed in cybersecurity trying to find dangerous actors, integrating safety controls for tons of of firms, and serving to form the NIST safety frameworks and laws similar to FFIEC, PCI, NERC-CIP,” he explains.

At present, Kelly is Company Vice President of Anti-Fraud and Product Abuse inside Microsoft Safety. Microsoft’s fraud staff employs machine studying and AI to construct higher detection code and perceive fraud operations. They use AI-powered options to detect and forestall cyberthreats, leveraging superior fraud detection frameworks that repeatedly be taught and evolve.

“Cybercrime is a trillion-dollar downside, and it’s been going up yearly for the previous 30 years. I believe we now have a possibility right now to undertake AI sooner so we will detect and shut the hole of publicity rapidly. Now we now have AI that may make a distinction at scale and assist us construct safety and fraud protections into our merchandise a lot sooner.”

Beforehand Kelly managed the Microsoft Detection and Response Staff (DART) and created the World Looking, Oversight, and Strategic Triage (GHOST) staff that detected and responded to attackers similar to Storm-0558 and Midnight Blizzard.

Previous to Microsoft, throughout his time at Accenture and Deloitte, Kelly collaborated with firms and labored extensively with authorities businesses just like the Division of Homeland Safety’s Cybersecurity and Infrastructure Safety Company (CISA) and the Federal Bureau of Investigation, the place he helped construct safety programs inside their operations.

His time as Chief Info Safety Officer (CISO) at a financial institution uncovered him to addressing each cybersecurity and fraud, resulting in his involvement in shaping regulatory tips to guard banks and ultimately Microsoft.

Kelly has additionally performed a big function in shaping laws across the Nationwide Institute of Requirements and Know-how (NIST) and Cost Card Business (PCI) compliance, which helps make sure the safety of companies’ bank card transactions, amongst others.

Internationally, Kelly performed an important function in serving to set up businesses and enhance cybersecurity measures. As a advisor in London, he helped rise up the UK’s Nationwide Cyber Safety Centre (NCSC), which is a part of the Authorities Communications Headquarters (GCHQ), the equal of CISA. Kelly’s efforts in content material moderation with a number of social media firms, together with YouTube, had been instrumental in eradicating dangerous content material.

That’s why he’s enthusiastic about Microsoft’s partnership with GASA. GASA brings collectively governments, legislation enforcement, shopper safety organizations, monetary authorities, web service suppliers, cybersecurity firms, and others to share data and outline joint actions to guard shoppers from getting scammed.

“If I shield Microsoft, that’s good, however it’s not ample. In the identical method, if Apple does their factor, and Google does their factor, but when we’re not working collectively, we’ve all missed the larger alternative. We should share cybercrime info with one another and educate the general public. If we will have a three-pronged method of tech firms constructing safety and fraud safety into their merchandise, public consciousness, and sharing cybercrime and fraudster info with legislation enforcement, I believe we will make a giant distinction,” he says.

Subsequent steps with Microsoft Safety

To be taught extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our professional protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and X (@MSFTSecurity) for the newest information and updates on cybersecurity.

---

Methodology: Microsoft platforms and companies, together with Azure, Microsoft Defender for Workplace, Microsoft Risk Intelligence, and Microsoft Digital Crimes Unit (DCU), offered anonymized knowledge on risk actor exercise and developments. Moreover, Microsoft Entra ID offered anonymized knowledge on risk exercise, similar to malicious electronic mail accounts, phishing emails, and attacker motion inside networks. Extra insights are from the each day safety alerts gained throughout Microsoft, together with the cloud, endpoints, the clever edge, and telemetry from Microsoft platforms and companies. The $4 billion determine represents an aggregated whole of fraud and rip-off makes an attempt in opposition to Microsoft and our clients in shopper and enterprise segments (in 12 months).