Pension scam warning for South Africa
Artificial intelligence (AI) has slowly taken over the world in the past year, which is good news for fraudsters.
According to Actuary and damages expert Gregory Whittaker, FraudGPT (an AI tool sold on the dark web) poses a significant risk to retirees, who could lose their retirement savings to cybercriminals.
Whittaker said that FraudGPT is “the beginning of a new era of cybercriminal at scale”.
FraudGPT will allow anyone to commit a cybercrime by creating sophisticated phishing emails, building hacking tools, and uncovering weaknesses in IT systems.
Whittaker said, “it is likely that we will soon see the end of badly punctuated, misspelt, misdirected and factually inaccurate phishing emails, ” making it much harder to distinguish between honest communication between financial services providers and fraudsters.
The US Federal Bureau of Investigation (FBI) Internet Crime Report 2023 showed that most cybercrime victims were older than 60, having suffered losses of over $3.4 billion last year.
Whittaker said that while similar research does not exist in South Africa, one can assume South African retirees are just as vulnerable.
Whittaker said cybercriminals frequently target retirees, as they will likely have access to capital through retirement savings.
He adds that the increasing complexity of financial products, coupled with more retirees using computers and smartphones and scammers aided by AI, creates extreme risks for retirees.
Thus, he said that it is essential that pensioners are educated about the types of scams and provided with practical risk mitigation strategies that can be used to avoid cyber scams.
He also recommends that employers implement social media literacy programmes and cybersecurity training for older employees in preparation for retirement.
Although there are many scams targeting consumers, Whittaker said that retirees should be aware of the following cybercrime:
- Phishing and spearfishing
The majority of consumers who bank online have been warned about phishing attempts. In these attempts, criminals try to access information such as passwords via emails or text messages that appear to come from a legitimate company.
While phishing attempts are sent out widely and randomly, spearfishing attempts are more targeted.
Whittaker said AI tools like FraudGPT can help criminals review large volumes of data to identify potential victims and tailor messages that capture the retiree’s circumstances.
This makes each approach far more believable and increases the chances that confidential personal information will be shared with the criminal.
- Deepfakes
Whittaker said that a common deepfake scam uses images of celebrities or trusted public figures claiming to have made enormous profits from online trading on social media, Telegram, or WhatsApp.
Retuirress looking to increase their retirement savings are tricked into signing up and parting with their money.
When an attempt is made to withdraw their invested funds, their accounts are locked, and the bogus investment company is gone.
- Grandparent scam (voice cloning)
Criminals clone a younger relative’s voice with AI tools and then call the retiree.
The fraudsters then claim an emergency, such as a car accident or an arrest, and ask for money. The grandparents are then pressured into keeping the call secret and immediately giving access to their money.
Although it is difficult to remain calm and think clearly when a family member calls in distress, Whittaker said that any suspicious behaviour should prompt the grandparent to end the call and either call another family member for guidance or return the call on the number known to be genuine.
Families should also want to establish safe words for all family members to help prove that the caller is authentic.
The best defence
Whittaker said that all consumers should never share sensitive information over the phone, via email or social media.
“Instead of asking on social media whether something or someone is legitimate, call the company you believe you are dealing with, check in with your financial adviser, or call the Financial Sector Conduct Authority to check whether the company or individual is registered.”