Fraud Alert: Malicious PDFs, Deepfakes and Romance Scams
Retired schoolteacher Eloise Parker lives by herself in Massachusetts, but she has a tenant in her barn, Adam Clay, living a quiet life as a beekeeper. One day, Eloise falls for a phishing scam through a malicious browser push notification. She is robbed of over US$2mn (million), the majority of which belongs to a charity organisation she manages. Devastated, she shoots herself dead. Clay (Jason Statham), an agent in a classified program called Beekeepers, sets out on a quest for vengeance and hunts and kills those responsible for the scam. This, in short, is the summary of Beekeeper, a film released last month. 
In the real world, many of us are Eloise Parker, but there are absolutely no beekeepers who could punish the scamsters or help us recover our money that has been looted. The fact is that scamming people has become much easier with new tech tools that also allow scamsters to go undetected or scot-free. At the same time, filing a complaint and recovering the money lost in an online scam or fraud remains a tedious and time-consuming process.     
According to security services-provider Avast, malicious portable document format (PDF) files, deepfakes, and romance scams are just some of the 10bn (billion) cyberattacks it saw last year. "Web threats continued to dominate, with scams, phishing, and malvertising (advertisements that clone websites/advertisements of genuine products to scam unsuspecting people) ranking overall as the top threat types. The use of malicious browser push notifications escalated, becoming a preferred tool for scammers across various domains, from adult content sites to technical support scams and financial frauds. Deepfake videos, especially those endorsing investment scams, displayed a heightened level of sophistication, challenging the ability to distinguish between real and fabricated content. Dating and romance scams, affecting approximately one in 20 of our users every month, showcased a global reach, expanding beyond Western countries to target the Arab states and Asia."
"With Valentine's Day approaching, an upward trend in these scams is anticipated. Furthermore, the conclusion of the year saw a surge in fake e-shops masquerading as renowned brands, leading unsuspecting victims into phishing traps. In addition, the mobile threat landscape continued to evolve, witnessing the resurgence of the Chameleon banker and the insidious spread of SpyLoans on the PlayStore, posing serious threats, including physical violence and blackmail," Avast says.
Portable document format or PDF, developed by Adobe in 1992, is widely used for saving files that cannot be modified but still can be easily shared and printed. Due to their platform-agnostic nature and consistent formatting across different devices and operating systems, almost everyone trusts and uses PDF files. 
However, the same ubiquity has made PDFs an attractive vector for cybercriminals seeking to discreetly deliver malware across devices, including PCs and mobiles. Cybercriminals are increasingly using PDFs to set up intricate scams and sneak in dangerous payloads, such as embedding a malicious file into a PDF file. 
In recent malware campaigns, Avast has observed a spectrum of threats and scams, ranging from simple ones like lottery and dating scams through phishing PDFs containing deceptive information and a link to a phishing page to complex campaigns delivering more sophisticated threats in JavaScript or embedded objects. "We have blocked more than 10mn (million) PDF-based attacks, protecting more than 4mn users worldwide."
The issue of serious challenges from deepfake was again brought to the fore when images using Taylor Swift's face surfaced on social media. As a security measure, OpenAI started adding watermarks to image metadata. However, even ChatGPT, a chatbot developed by OpenAI, admits that such watermarks are easy to remove from image metadata. 
According to Avast, these artificial intelligence (AI)-powered fakes are so convincing they are fooling people left and right, especially in investment scams. "It is more than a little unsettling how these deepfakes can mimic reality so closely – it is like we are in a sci-fi movie, but not in a good way. This is not just a step up for cybercriminals; it is a giant leap."
A big attraction in the world of scams for the fourth quarter of 2023 was the massive deployment of AI-generated videos in ads for financial or investment scams, Avast says, adding, "Scammers are still using known faces to lure users and entice people to click on the malicious links. Classics campaigns include the likes of Elon Musk, TV news reporters, and even presidents of countries. These advertisements use prestigious characters from the country where the advertisement is to be displayed."
The main issue and biggest challenge of deepfake is that we, as humans, tend to believe (well, most of the time) in what we see. Fraudsters are delivering high-quality deepfakes using new tools, making it very difficult to understand and spot them. 
Dating and romance scams are casting a wider net than ever, and with Valentine's Day around the corner, get ready for a spike in these heartless scams. "The scary thing about these dating scams is how they have gone global, proving that love truly knows no borders—and neither do scammers. They are getting really good at playing on local customs and emotions, making them all the more dangerous. It is a big, bold reminder that when it comes to cybercrime, our hearts can be our greatest weakness, and staying sharp and sceptical is a must, no matter where you are in the world," Avast says.
According to the security services-provider, in 2023, the overall number of unique blocked attacks surged, reaching an unprecedented milestone of more than 10bn attacks and a remarkable 49% increase year-over-year. This staggering figure, once considered unimaginable, now reflects the harsh reality of our digital landscape. 
Understanding the tricks and tactics of cybercriminals and spotting sneaky scams should be our frontline defence. Do remember, however, that this is not just about having the latest tech gizmos or mobile. It is more about arming with knowledge and cultivating a mindset that is always on the alert for online dangers.
Here are a few suggestions that would help you stay protected from online scams and frauds...
Create and use complex passwords using a combination of letters, numbers and symbols.
Whenever possible, enable two or multi-factor authentication for all accounts.
Be cautious when opening any attachments received through email or messaging platforms and downloading files from untrusted sources. Malware can often be disguised as legitimate files or attachments. Verify the sender's authenticity and only open attachments from trusted sources.
Avoid clicking on suspicious links in emails, messages, or websites.
Back up your important files and data on a regular basis to an external hard drive or cloud storage service.
Enable automatic updates for your device's operating system, as updates often include critical security patches. It applies to computer operating systems (Windows, macOS, and Linux) and mobile devices (iOS and Android). Install reputable antivirus software and keep it up-to-date.
Stay Alert, Stay Safe!
How To Report Cyber Fraud?
Do report cybercrimes to the National Cyber Crime Reporting Portal or call the toll-free National Helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c). 
If the fraud is related to your bank account, you need to immediately send an email to the official email ID of your branch (you can find it on the bank's website or your passbook) with a copy to the bank's customer care. Even if you have called the official number for customer care, you must still send an email describing your conversation with the bank executive, along with the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.
Fraud Alert: WhatsApp and Telegram Scams
Yogesh Sapkale, 02 February 2024
Delhi-based Ashish Kumar Tomer received a message on WhatsApp offering him the opportunity to earn money by rating restaurants on Google. The sender claimed to be from Career Builder Ltd. When he accepted the offer, he was added to...
Fraud Alert: Social Media Financial Scams
Yogesh Sapkale, 25 January 2024
A few days ago, one of my friends, working in a reputed organisation and earning a good salary, received a WhatsApp message offering a job opportunity to earn Rs3,000 per day just by clicking ratings on Google Maps to increase the...
Fraud Alert: Scams that Will Loot, Cheat You in 2024
Yogesh Sapkale, 19 January 2024
Last month, a 70-year-old senior journalist from Bengaluru received a call on WhatsApp informing her about a parcel being sent from Mumbai to Taiwan in her name that contained 240 grams of MDMA (drug), credit cards and passports....
Fraud Alert: SOP for Filing Complaint To Recover Lost Money
Yogesh Sapkale, 12 January 2024
Last month, the national consumer disputes redressal commission (NCDRC) directed HDFC Bank Ltd to refund Rs24,000 with an interest of 7%pa (per annum) and pay Rs10,000 litigation cost to a customer whose credit card was used for...
Free Helpline
Legal Credit