Cyber Alerts Subject 9 | AI-powered deception: Rising fraud threats and countermeasures

Introduction | Safety snapshot | Risk briefing
Defending towards assaults | Professional profile 

Microsoft maintains a steady effort to guard its platforms and prospects from fraud and abuse. From blocking imposters on Microsoft Azure and including anti-scam options to Microsoft Edge, to combating tech help fraud with new options in Home windows Fast Help, this version of Cyber Alerts takes you contained in the work underway and vital milestones achieved that defend prospects.

We’re all defenders. 

Between April 2024 and April 2025, Microsoft:

• Thwarted $4 billion in fraud makes an attempt.
• Rejected 49,000 fraudulent partnership enrollments.
• Blocked about 1.6 million bot signup makes an attempt per hour.

The evolution of AI-enhanced cyber scams

AI has began to decrease the technical bar for fraud and cybercrime actors searching for their very own productiveness instruments, making it simpler and cheaper to generate plausible content material for cyberattacks at an more and more speedy price. AI software program utilized in fraud makes an attempt runs the gamut, from legit apps misused for malicious functions to extra fraud-oriented instruments utilized by dangerous actors within the cybercrime underground.

AI instruments can scan and scrape the net for firm data, serving to cyberattackers construct detailed profiles of workers or different targets to create extremely convincing social engineering lures. In some circumstances, dangerous actors are luring victims into more and more complicated fraud schemes utilizing pretend AI-enhanced product opinions and AI-generated storefronts, the place scammers create whole web sites and e-commerce manufacturers, full with pretend enterprise histories and buyer testimonials. Through the use of deepfakes, voice cloning, phishing emails, and authentic-looking pretend web sites, risk actors search to look legit at wider scale.

In accordance with the Microsoft Anti-Fraud Staff, AI-powered fraud assaults are taking place globally, with a lot of the exercise coming from China and Europe, particularly Germany due partially to Germany’s standing as one of many largest e-commerce and on-line providers markets within the European Union (EU). The bigger a digital market in any area, the extra possible a proportional diploma of tried fraud will happen.

E-commerce fraud

Fraudulent e-commerce web sites may be arrange in minutes utilizing AI and different instruments requiring minimal technical information. Beforehand, it could take risk actors days or perhaps weeks to face up convincing web sites. These fraudulent web sites usually mimic legit websites, making it difficult for shoppers to determine them as pretend. 

Utilizing AI-generated product descriptions, pictures, and buyer opinions, prospects are duped into believing they’re interacting with a real service provider, exploiting shopper belief in acquainted manufacturers.

AI-powered customer support chatbots add one other layer of deception by convincingly interacting with prospects. These bots can delay chargebacks by stalling prospects with scripted excuses and manipulating complaints with AI-generated responses that make rip-off websites seem skilled.

In a multipronged method, Microsoft has carried out strong defenses throughout our services to guard prospects from AI-powered fraud. Microsoft Defender for Cloud offers complete risk safety for Azure sources, together with vulnerability assessments and risk detection for digital machines, container pictures, and endpoints.

Microsoft Edge options web site typo safety and area impersonation safety utilizing deep studying know-how to assist customers keep away from fraudulent web sites. Edge has additionally carried out a machine learning-based Scareware Blocker to determine and block potential rip-off pages and misleading pop-up screens with alarming warnings claiming a pc has been compromised. These assaults attempt to frighten customers into calling fraudulent help numbers or downloading dangerous software program.

Job and employment fraud

The speedy development of generative AI has made it simpler for scammers to create pretend listings on numerous job platforms. They generate pretend profiles with stolen credentials, pretend job postings with auto-generated descriptions, and AI-powered electronic mail campaigns to phish job seekers. AI-powered interviews and automatic emails improve the credibility of job scams, making it tougher for job seekers to determine fraudulent gives.

To stop this, job platforms ought to introduce multifactor authentication for employer accounts to make it tougher for dangerous actors to take over legit hirers’ listings and use accessible fraud-detection applied sciences to catch suspicious content material.

Fraudsters usually ask for private data, equivalent to resumes and even checking account particulars, underneath the guise of verifying the applicant’s data. Unsolicited textual content and electronic mail messages providing employment alternatives that promise excessive pay for minimal {qualifications} are usually an indicator of fraud.

Employment gives that embody requests for fee, gives that appear too good to be true, unsolicited gives or interview requests over textual content message, and an absence of formal communication platforms can all be indicators of fraud.

Tech help scams

Tech help scams are a kind of fraud the place scammers trick victims into pointless technical help providers to repair a tool or software program issues that don’t exist. The scammers might then achieve distant entry to a pc—which lets them entry all data saved on it, and on any community linked to it or set up malware that provides them entry to the pc and delicate knowledge.

Tech help scams are a case the place elevated fraud dangers exist, even when AI doesn’t play a job. For instance, in mid-April 2024, Microsoft Risk Intelligence noticed the financially motivated and ransomware-focused cybercriminal group Storm-1811 abusing Home windows Fast Help software program by posing as IT help. Microsoft didn’t observe AI utilized in these assaults; Storm-1811 as a substitute impersonated legit organizations via voice phishing (vishing) as a type of social engineering, convincing victims to grant them gadget entry via Fast Help. 

Fast Help is a software that permits customers to share their Home windows or macOS gadget with one other individual over a distant connection. Tech help scammers usually fake to be legit IT help from well-known firms and use social engineering techniques to achieve the belief of their targets. They then try to make use of instruments like Fast Help to hook up with the goal’s gadget. 

Fast Help and Microsoft aren’t compromised in these cyberattack situations; nonetheless, the abuse of legit software program presents danger Microsoft is concentrated on mitigating. Knowledgeable by Microsoft’s understanding of evolving cyberattack strategies, the corporate’s anti-fraud and product groups work carefully collectively to enhance transparency for customers and improve fraud detection strategies. 

The Storm-1811 cyberattacks spotlight the aptitude of social engineering to avoid safety defenses. Social engineering entails gathering related details about focused victims and arranging it into credible lures delivered via cellphone, electronic mail, textual content, or different mediums. Varied AI instruments can rapidly discover, manage, and generate data, thus appearing as productiveness instruments for cyberattackers. Though AI is a brand new improvement, enduring measures to counter social engineering assaults stay extremely efficient. These embody growing worker consciousness of legit helpdesk contact and help procedures, and making use of Zero Belief ideas to implement least privilege throughout worker accounts and units, thereby limiting the impression of any compromised belongings whereas they’re being addressed. 

Microsoft has taken motion to mitigate assaults by Storm-1811 and different teams by suspending recognized accounts and tenants related to inauthentic conduct. If you happen to obtain an unsolicited tech help supply, it’s possible a rip-off. At all times attain out to trusted sources for tech help. If scammers declare to be from Microsoft, we encourage you to report it on to us at https://www.microsoft.com/reportascam. 

Constructing on the Safe Future Initiative (SFI), Microsoft is taking a proactive method to making sure our services are “Fraud-resistant by Design.” In January 2025, a brand new fraud prevention coverage was launched: Microsoft product groups should now carry out fraud prevention assessments and implement fraud controls as a part of their design course of. 

Suggestions

• Strengthen employer authentication: Fraudsters usually hijack legit firm profiles or create pretend recruiters to deceive job seekers. To stop this, job platforms ought to introduce multifactor authentication and Verified ID as a part of Microsoft Entra ID for employer accounts, making it tougher for unauthorized customers to achieve management.
• Monitor for AI-based recruitment scams: Firms ought to deploy deepfake detection algorithms to determine AI-generated interviews the place facial expressions and speech patterns might not align naturally.
• Be cautious of internet sites and job listings that appear too good to be true: Confirm the legitimacy of internet sites by checking for safe connections (https) and utilizing instruments like Microsoft Edge’s typo safety.
• Keep away from offering private data or fee particulars to unverified sources: Search for purple flags in job listings, equivalent to requests for fee or communication via casual platforms like textual content messages, WhatsApp, nonbusiness Gmail accounts, or requests to contact somebody on a private gadget for extra data.

Utilizing Microsoft’s safety sign to fight fraud

Microsoft is actively working to cease fraud makes an attempt utilizing AI and different applied sciences by evolving large-scale detection fashions primarily based on AI, equivalent to machine studying, to play protection by studying from and mitigating fraud makes an attempt. Machine studying is the method that helps a pc be taught with out direct instruction utilizing algorithms to find patterns in giant datasets. These patterns are then used to create a complete AI mannequin, permitting for predictions with excessive accuracy.

Now we have developed in-product security controls that warn customers about potential malicious exercise and combine speedy detection and prevention of recent kinds of assaults.

Our fraud workforce has developed area impersonation safety utilizing deep-learning know-how on the area creation stage, to assist defend towards fraudulent e-commerce web sites and pretend job listings. Microsoft Edge has integrated web site typo safety, and we have now developed AI-powered pretend job detection techniques for LinkedIn.

Microsoft Defender Smartscreen is a cloud-based safety characteristic that goals to stop unsafe searching habits by analyzing web sites, information, and functions primarily based on their popularity and conduct. It’s built-in into Home windows and the Edge browser to assist defend customers from phishing assaults, malicious web sites, and probably dangerous downloads.

Moreover, Microsoft’s Digital Crimes Unit (DCU) companions with others within the non-public and public sector to disrupt the malicious infrastructure utilized by criminals perpetuating cyber-enabled fraud. The workforce’s longstanding collaboration with regulation enforcement all over the world to reply to tech help fraud has resulted in a whole bunch of arrests and more and more extreme jail sentences worldwide. The DCU is making use of key learnings from previous actions to disrupt those that search to abuse generative AI know-how for malicious or fraudulent functions. 

Fast Help options and distant assist fight tech help fraud

To assist fight tech help fraud, we have now integrated warning messages to alert customers about attainable tech help scams in Fast Help earlier than they grant entry to somebody approaching them purporting to be a licensed IT division or different help useful resource.

Home windows customers should learn and click on the field to acknowledge the safety danger of granting distant entry to the gadget.

Microsoft has considerably enhanced Fast Help safety for Home windows customers by leveraging its safety sign. In response to tech help scams and different threats, Microsoft now blocks a median of 4,415 suspicious Fast Help connection makes an attempt every day, accounting for roughly 5.46% of worldwide connection makes an attempt. These blocks goal connections exhibiting suspicious attributes, equivalent to associations with malicious actors or unverified connections.

Microsoft’s continuous concentrate on advancing Fast Help safeguards seeks to counter adaptive cybercriminals, who beforehand focused people opportunistically with fraudulent connection makes an attempt, however extra not too long ago have sought to focus on enterprises with extra organized cybercrime campaigns that Microsoft’s actions have helped disrupt.

Our Digital Fingerprinting functionality, which leverages AI and machine studying, drives these safeguards by offering fraud and danger indicators to detect fraudulent exercise. If our danger indicators detect a attainable rip-off, the Fast Help session is routinely ended. Digital Fingerprinting works by gathering numerous indicators to detect and stop fraud.

For enterprises combating tech help fraud, Distant Assist is one other precious useful resource for workers. Distant Assistance is designed for inside use inside a company and contains options that make it superb for enterprises.

By decreasing scams and fraud, Microsoft goals to reinforce the general safety of its merchandise and defend its customers from malicious actions.

Client safety suggestions

Fraudsters exploit psychological triggers equivalent to urgency, shortage, and belief in social proof. Customers must be cautious of:

• Impulse shopping for—Scammers create a way of urgency with “limited-time” offers and countdown timers.
• Trusting pretend social proof—AI generates pretend opinions, influencer endorsements, and testimonials to look legit.
• Clicking on adverts with out verification—Many rip-off websites unfold via AI-optimized social media adverts. Customers ought to cross-check domains and opinions earlier than buying.
• Ignoring fee safety—Keep away from direct financial institution transfers or cryptocurrency funds, which lack fraud protections.

Job seekers ought to confirm employer legitimacy, be looking out for frequent job rip-off purple flags, and keep away from sharing private or monetary data with unverified employers.

• Confirm employer legitimacy—Cross-check firm particulars on LinkedIn, Glassdoor, and official web sites to confirm legitimacy.
• Discover frequent job rip-off purple flags—If a job requires upfront funds for coaching supplies, certifications, or background checks, it’s possible a rip-off. Unrealistic salaries or no-experience-required distant positions must be approached with skepticism. Emails from free domains (equivalent to johndoehr@gmail.com as a substitute of hr@firm.com) are additionally usually indicators of fraudulent exercise.
• Be cautious of AI-generated interviews and communications—If a video interview appears unnatural, with lip-syncing delays, robotic speech, or odd facial expressions, it may very well be deepfake know-how at work. Job seekers ought to at all times confirm recruiter credentials via the corporate’s official web site earlier than partaking in any additional discussions.
• Keep away from sharing private or monetary data—Not at all must you present a Social Safety quantity, banking particulars, or passwords to an unverified employer.

Microsoft can also be a member of the World Anti-Rip-off Alliance (GASA), which goals to carry governments, regulation enforcement, shopper safety organizations, monetary authorities and suppliers, model safety companies, social media, web service suppliers, and cybersecurity firms collectively to share information and defend shoppers from getting scammed.

Suggestions

• Distant Assist: Microsoft recommends utilizing Distant Assist as a substitute of Fast Help for inside tech help. Distant Assistance is designed for inside use inside a company and incorporates a number of options designed to reinforce safety and decrease the chance of tech help hacks. It’s engineered for use solely inside a company’s tenant, offering a safer various to Fast Help.
• Digital Fingerprinting: This identifies malicious behaviors and ties them again to particular people. This helps in monitoring and stopping unauthorized entry.
• Blocking full management requests: Fast Help now contains warnings and requires customers to test a field acknowledging the safety implications of sharing their display screen. This provides a layer of useful “safety friction” by prompting customers who could also be multitasking or preoccupied to pause to finish an authorization step.

Kelly Bissell: A cybersecurity pioneer combating fraud within the new period of AI

Kelly Bissell’s journey into cybersecurity started unexpectedly in 1990. Initially working in laptop science, Kelly was concerned in constructing software program for healthcare affected person accounting and working techniques at Medaphis and Bellsouth, now AT&T.

His curiosity in cybersecurity was sparked when he seen somebody logged right into a cellphone change making an attempt to get free long-distance calls and traced the intruder again to Romania. This incident marked the start of Kelly’s profession in cybersecurity.

“I stayed in cybersecurity trying to find dangerous actors, integrating safety controls for a whole bunch of firms, and serving to form the NIST safety frameworks and rules equivalent to FFIEC, PCI, NERC-CIP,” he explains.

Presently, Kelly is Company Vice President of Anti-Fraud and Product Abuse inside Microsoft Safety. Microsoft’s fraud workforce employs machine studying and AI to construct higher detection code and perceive fraud operations. They use AI-powered options to detect and stop cyberthreats, leveraging superior fraud detection frameworks that constantly be taught and evolve.

“Cybercrime is a trillion-dollar drawback, and it’s been going up yearly for the previous 30 years. I feel we have now a chance at the moment to undertake AI sooner so we will detect and shut the hole of publicity rapidly. Now we have now AI that may make a distinction at scale and assist us construct safety and fraud protections into our merchandise a lot sooner.”

Beforehand Kelly managed the Microsoft Detection and Response Staff (DART) and created the World Looking, Oversight, and Strategic Triage (GHOST) workforce that detected and responded to attackers equivalent to Storm-0558 and Midnight Blizzard.

Previous to Microsoft, throughout his time at Accenture and Deloitte, Kelly collaborated with firms and labored extensively with authorities companies just like the Division of Homeland Safety’s Cybersecurity and Infrastructure Safety Company (CISA) and the Federal Bureau of Investigation, the place he helped construct safety techniques inside their operations.

His time as Chief Info Safety Officer (CISO) at a financial institution uncovered him to addressing each cybersecurity and fraud, resulting in his involvement in shaping regulatory tips to guard banks and ultimately Microsoft.

Kelly has additionally performed a major position in shaping rules across the Nationwide Institute of Requirements and Expertise (NIST) and Cost Card Trade (PCI) compliance, which helps make sure the safety of companies’ bank card transactions, amongst others.

Internationally, Kelly performed an important position in serving to set up companies and enhance cybersecurity measures. As a advisor in London, he helped get up the UK’s Nationwide Cyber Safety Centre (NCSC), which is a part of the Authorities Communications Headquarters (GCHQ), the equal of CISA. Kelly’s efforts in content material moderation with a number of social media firms, together with YouTube, have been instrumental in eradicating dangerous content material.

That’s why he’s enthusiastic about Microsoft’s partnership with GASA. GASA brings collectively governments, regulation enforcement, shopper safety organizations, monetary authorities, web service suppliers, cybersecurity firms, and others to share information and outline joint actions to guard shoppers from getting scammed.

“If I defend Microsoft, that’s good, however it’s not enough. In the identical manner, if Apple does their factor, and Google does their factor, but when we’re not working collectively, we’ve all missed the larger alternative. We should share cybercrime data with one another and educate the general public. If we will have a three-pronged method of tech firms constructing safety and fraud safety into their merchandise, public consciousness, and sharing cybercrime and fraudster data with regulation enforcement, I feel we will make a giant distinction,” he says.

Subsequent steps with Microsoft Safety

To be taught extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our professional protection on safety issues. Additionally, observe us on LinkedIn (Microsoft Safety) and X (@MSFTSecurity) for the newest information and updates on cybersecurity.

Methodology: Microsoft platforms and providers, together with Azure, Microsoft Defender for Workplace, Microsoft Risk Intelligence, and Microsoft Digital Crimes Unit (DCU), supplied anonymized knowledge on risk actor exercise and developments. Moreover, Microsoft Entra ID supplied anonymized knowledge on risk exercise, equivalent to malicious electronic mail accounts, phishing emails, and attacker motion inside networks. Extra insights are from the every day safety indicators gained throughout Microsoft, together with the cloud, endpoints, the clever edge, and telemetry from Microsoft platforms and providers. The $4 billion determine represents an aggregated complete of fraud and rip-off makes an attempt towards Microsoft and our prospects in shopper and enterprise segments (in 12 months).