DIY ID attacks accessible to all with fraud-as-a-service

Israeli ID verification firm Au10tix has released its year-end 2024 Identity Fraud Report highlighting that mega cyber-attacks were carried out by otherwise novice fraudsters in the course of last year using Fraud-as-a-Service (FaaS) tools.

FaaS is an illicit business model whereby sophisticated technological fraud tools and services are sold on the dark web for the purposes of cybercrime.

Labelling 2024 as the year of FaaS, the report which was put together from millions of processed transactions between January and December last year, indicates that user-friendly fraud kits were available to amateurs in the industry’s dark engine to execute complex attacks against thousands of accounts in a very short time.

According to Au10tix, FaaS platforms provided services such as deepfake generators to create synthetic selfies and videos, botnets to automate mass-scale account creation and takeover, phishing kits for email and web-based scams, and dark web marketplaces to facilitate a hub for buying stolen data. the report also highlights a growing trend in the use of AI-driven identity fraud techniques.

The company referenced one FaaS-enabled fraud case which took place across four geographical regions of the world (APAC, EMEA, LATAM, NA) and three different industries (payments, crypto, social media). The incident, Au10tix says, involved 4,580 unique permutations of the same ID template and had all the markings of a FaaS-enabled attack.

“FaaS has elevated cybercrime, enabling a whole cohort of the population to join in on global fraud by launching large-scale attacks involving up to 8,000+ incidents,” said Dan Yerushalmi, CEO of Au10Tix, following the release of the report.

“Using AI-driven tactics such as deepfake selfies and synthetic identities, organized fraudsters are testing traditional security measures like never before. Only by adopting more advanced fraud prevention techniques and multi-layered defenses can businesses stay ahead of emerging threats and strengthen trust with their users,” he added.

On another note, the report portrays social media as the emerging place enabling identity fraud, in contrast to the payment sector that witnessed decreased fraud.

It indicates that 30% of identity fraud attacks targeted social media in Q4 of 2024, as opposed to a mere 3% in Q1 of the same year. This trend, the report notes, is because social media is increasingly becoming a hub for e-commerce, which is providing an opening for fraudsters to come in.

Amid the challenges, Au10tix proposes fraud-prevention measures which organizations can deploy in order to keep themselves safe from attacks.

These, among other things, include investing in smarter fraud prevention mechanisms for social media, engaging in transparent collaborations to enhance their fraud protection and risk mitigation capabilities, as well as being proactive by taking steps to predicting pre-empt what is likely to come next.

In a post for Biometric Update last month, Au10tix’s Chief Business Development officer, Ofer Friedman, discussed emerging AI-fraud trends and suggested some defence strategies. He also opined that the accelerated adoption of digital ID verification systems is also one reliable way of tackling identity fraud.

Article Topics

AU10TIX  |  biometrics  |  cybersecurity  |  Fraad-as-a-service (FaaS)  |  fraud prevention  |  identity verification  |  selfie biometrics  |  social media  |  synthetic data  |  synthetic identity fraud