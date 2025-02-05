Investment fraud involving the use of artificial intelligence (AI) is on the rise. Increasingly, fraudsters are using generative AI (Gen AI) tools to gain access to financial accounts and create new accounts in the names of unsuspecting investors.

How Fraudsters Are Using Gen AI

Gen AI is a type of AI that can create new content based on a user's prompts. For example, tools using Gen AI technology can write essays and computer code; generate realistic images, audio and video; drive chatbots that interact with humans; and perform more functions than database searches that simply return results in response to word or information queries. Gen AI is making it easier for bad actors to fraudulently open new accounts using investors' identities and to improperly gain access to investors' accounts.

Fraudsters are using Gen AI's capabilities to exploit traditional identification (ID) verification processes and commit new account fraud and account takeovers in multiple ways, including the following:

Social Engineering -- Social engineering involves tricking or manipulating targets into giving away sensitive information or allowing remote access to their computer. Fraudsters might use Gen AI to analyze your social media activity to create highly personalized phishing emails that could lead you to fraudulent websites embedded with malicious links.

-- Social engineering involves tricking or manipulating targets into giving away sensitive information or allowing remote access to their computer. Fraudsters might use Gen AI to analyze your social media activity to create highly personalized phishing emails that could lead you to fraudulent websites embedded with malicious links. Voice Clones -- With Gen AI, fraudsters need only three seconds of audio of you speaking to create a credible-sounding imitation, or voice clone. Using this voice clone, they might persuade you to grant access to your accounts, for example, by impersonating a loved one of yours in distress or under financial duress.

-- With Gen AI, fraudsters need only three seconds of audio of you speaking to create a credible-sounding imitation, or voice clone. Using this voice clone, they might persuade you to grant access to your accounts, for example, by impersonating a loved one of yours in distress or under financial duress. Fake ID Documents -- Fraudsters can use Gen AI to create convincing fake ID documents -- such as driver's licenses or professional credentials -- that might also incorporate AI-generated images. They can use these documents to verify identity to fraudulently open a new account or to take over an existing account.

-- Fraudsters can use Gen AI to create convincing fake ID documents -- such as driver's licenses or professional credentials -- that might also incorporate AI-generated images. They can use these documents to verify identity to fraudulently open a new account or to take over an existing account. Deepfake Selfies -- Some firms have incorporated requests for selfie photos and videos into their customer-verification process. Fraudsters can take images from investors' social media and use Gen AI to create deepfakes to get around these security checks.

Protecting Your Accounts

Gen AI's ability to create credible-looking (or -sounding) fakes increases fraud risk. However, you can take steps to help protect your financial accounts:

Choose strong passwords. Create complex passwords that are unique to each account, and avoid using easily guessable passwords and security questions.

Create complex passwords that are unique to each account, and avoid using easily guessable passwords and security questions. Use a password manager. A password manager is a software application that securely stores and manages your login credentials, including usernames and passwords, for various online accounts. The main benefits of using a password manager include secure storage, unique and complex passwords, and centralized management.

A password manager is a software application that securely stores and manages your login credentials, including usernames and passwords, for various online accounts. The main benefits of using a password manager include secure storage, unique and complex passwords, and centralized management. Enable multi-factor authentication (MFA). Enabling MFA on all of your accounts adds an extra layer of security beyond just a password by requiring you to also enter a code that's sent to your mobile phone via text message or through an authentication application to your account. Choose to have MFA codes or messages sent to your phone rather than via email (if given a choice). Ignore or reject all MFA codes and messages that you weren't expecting, and then follow the steps in the next bullet.

Enabling MFA on all of your accounts adds an extra layer of security beyond just a password by requiring you to also enter a code that's sent to your mobile phone via text message or through an authentication application to your account. Choose to have MFA codes or messages sent to your phone rather than via email (if given a choice). Ignore or reject all MFA codes and messages that you weren't expecting, and then follow the steps in the next bullet. Protect against impersonation scams. If you receive a security-related message over phone, text or email claiming to be from one of your service providers, don't respond with identity-verifying information or click on links in case the message is a phishing attempt. Instead, contact the firm directly through its website or by a phone number provided on an account statement or its website. This will help you ensure that the company or individual you're communicating with is legitimate.

If you receive a security-related message over phone, text or email claiming to be from one of your service providers, don't respond with identity-verifying information or click on links in case the message is a phishing attempt. Instead, contact the firm directly through its website or by a phone number provided on an account statement or its website. This will help you ensure that the company or individual you're communicating with is legitimate. Use biometric verification. Some biometric identifiers, like facial scans or fingerprints, are unique to each person and can be harder for fraudsters to replicate.

Some biometric identifiers, like facial scans or fingerprints, are unique to each person and can be harder for fraudsters to replicate. Be aware of phishing attempts. Be cautious of incoming emails, texts or calls that ask for personal information, especially if they seem urgent or suspicious. Avoid sharing sensitive details like passwords, account numbers or credit card information with unknown individuals, and limit the personal details you share on social media.

Be cautious of incoming emails, texts or calls that ask for personal information, especially if they seem urgent or suspicious. Avoid sharing sensitive details like passwords, account numbers or credit card information with unknown individuals, and limit the personal details you share on social media. Monitor account activity regularly. Actively review your account statements and online activity for suspicious transactions or logins from unfamiliar locations that could indicate a potential account takeover. Login history for your account is often found in the platform's "security" or "privacy" section. Some platforms proactively alert you by email when there's a login for your account from an unfamiliar location.

Actively review your account statements and online activity for suspicious transactions or logins from unfamiliar locations that could indicate a potential account takeover. Login history for your account is often found in the platform's "security" or "privacy" section. Some platforms proactively alert you by email when there's a login for your account from an unfamiliar location. Use identity-theft protection and credit monitoring services. These services can warn you of possible data breaches and initiate protective measures. If you believe your data has been compromised, consider requesting a credit freeze. This might decrease the chances of a bad actor opening fraudulent financial accounts in your name.

These services can warn you of possible data breaches and initiate protective measures. If you believe your data has been compromised, consider requesting a credit freeze. This might decrease the chances of a bad actor opening fraudulent financial accounts in your name. Report suspicious activity immediately. If you suspect fraudulent activity, contact your financial institution, regulatory authorities and local police or law enforcement (see below) right away to report the issue and initiate security measures.

Monitoring for New Account Fraud

Watch for new account fraud by:

monitoring your credit reports regularly for accounts opened in your name that you didn't authorize;

looking into notifications regarding new accounts that are unfamiliar to you; and

checking your bank statements for transactions you don't recognize.

Some of the same actions that can help you avoid having your existing account information stolen -- including securing your accounts and avoiding phishing attempts -- might also reduce your chances of facing new account fraud.

Gen AI has made it easier to impersonate consumers and commit fraud. Although financial institutions are working to fight fraud on their platforms, it's in your interest to also take actions to protect yourself and to alert firms to any suspicious activity.

If you think you've been a target or victim of Gen AI or other investment fraud, submit a regulatory tip to FINRA, the SEC and/or the FBI's Internet Crimes Complaint Center (IC3). Learn more about the use of Gen AI and financial fraud.

