Cyber Indicators Subject 9 | AI-powered deception: Rising fraud threats and countermeasures

Introduction | Safety snapshot | Menace briefing
Defending in opposition to assaults | Skilled profile 

Microsoft maintains a steady effort to guard its platforms and clients from fraud and abuse. From blocking imposters on Microsoft Azure and including anti-scam options to Microsoft Edge, to combating tech assist fraud with new options in Home windows Fast Help, this version of Cyber Indicators takes you contained in the work underway and vital milestones achieved that defend clients.

We’re all defenders. 

Between April 2024 and April 2025, Microsoft:

• Thwarted $4 billion in fraud makes an attempt.
• Rejected 49,000 fraudulent partnership enrollments.
• Blocked about 1.6 million bot signup makes an attempt per hour.

The evolution of AI-enhanced cyber scams

AI has began to decrease the technical bar for fraud and cybercrime actors on the lookout for their very own productiveness instruments, making it simpler and cheaper to generate plausible content material for cyberattacks at an more and more fast charge. AI software program utilized in fraud makes an attempt runs the gamut, from official apps misused for malicious functions to extra fraud-oriented instruments utilized by unhealthy actors within the cybercrime underground.

AI instruments can scan and scrape the online for firm data, serving to cyberattackers construct detailed profiles of workers or different targets to create extremely convincing social engineering lures. In some circumstances, unhealthy actors are luring victims into more and more advanced fraud schemes utilizing faux AI-enhanced product critiques and AI-generated storefronts, the place scammers create whole web sites and e-commerce manufacturers, full with faux enterprise histories and buyer testimonials. Through the use of deepfakes, voice cloning, phishing emails, and authentic-looking faux web sites, risk actors search to seem official at wider scale.

In line with the Microsoft Anti-Fraud Workforce, AI-powered fraud assaults are taking place globally, with a lot of the exercise coming from China and Europe, particularly Germany due partially to Germany’s standing as one of many largest e-commerce and on-line providers markets within the European Union (EU). The bigger a digital market in any area, the extra possible a proportional diploma of tried fraud will happen.

E-commerce fraud

Fraudulent e-commerce web sites will be arrange in minutes utilizing AI and different instruments requiring minimal technical information. Beforehand, it might take risk actors days or perhaps weeks to face up convincing web sites. These fraudulent web sites typically mimic official websites, making it difficult for customers to determine them as faux. 

Utilizing AI-generated product descriptions, pictures, and buyer critiques, clients are duped into believing they’re interacting with a real service provider, exploiting client belief in acquainted manufacturers.

AI-powered customer support chatbots add one other layer of deception by convincingly interacting with clients. These bots can delay chargebacks by stalling clients with scripted excuses and manipulating complaints with AI-generated responses that make rip-off websites seem skilled.

In a multipronged strategy, Microsoft has carried out sturdy defenses throughout our services to guard clients from AI-powered fraud. Microsoft Defender for Cloud gives complete risk safety for Azure assets, together with vulnerability assessments and risk detection for digital machines, container pictures, and endpoints.

Microsoft Edge options web site typo safety and area impersonation safety utilizing deep studying know-how to assist customers keep away from fraudulent web sites. Edge has additionally carried out a machine learning-based Scareware Blocker to determine and block potential rip-off pages and misleading pop-up screens with alarming warnings claiming a pc has been compromised. These assaults attempt to frighten customers into calling fraudulent assist numbers or downloading dangerous software program.

Job and employment fraud

The fast development of generative AI has made it simpler for scammers to create faux listings on varied job platforms. They generate faux profiles with stolen credentials, faux job postings with auto-generated descriptions, and AI-powered electronic mail campaigns to phish job seekers. AI-powered interviews and automatic emails improve the credibility of job scams, making it more durable for job seekers to determine fraudulent affords.

To forestall this, job platforms ought to introduce multifactor authentication for employer accounts to make it more durable for unhealthy actors to take over official hirers’ listings and use accessible fraud-detection applied sciences to catch suspicious content material.

Fraudsters typically ask for private data, comparable to resumes and even checking account particulars, beneath the guise of verifying the applicant’s data. Unsolicited textual content and electronic mail messages providing employment alternatives that promise excessive pay for minimal {qualifications} are usually an indicator of fraud.

Employment affords that embrace requests for fee, affords that appear too good to be true, unsolicited affords or interview requests over textual content message, and an absence of formal communication platforms can all be indicators of fraud.

Tech assist scams

Tech assist scams are a sort of fraud the place scammers trick victims into pointless technical assist providers to repair a tool or software program issues that don’t exist. The scammers could then achieve distant entry to a pc—which lets them entry all data saved on it, and on any community related to it or set up malware that offers them entry to the pc and delicate knowledge.

Tech assist scams are a case the place elevated fraud dangers exist, even when AI doesn’t play a job. For instance, in mid-April 2024, Microsoft Menace Intelligence noticed the financially motivated and ransomware-focused cybercriminal group Storm-1811 abusing Home windows Fast Help software program by posing as IT assist. Microsoft didn’t observe AI utilized in these assaults; Storm-1811 as a substitute impersonated official organizations by means of voice phishing (vishing) as a type of social engineering, convincing victims to grant them machine entry by means of Fast Help. 

Fast Help is a instrument that allows customers to share their Home windows or macOS machine with one other individual over a distant connection. Tech assist scammers typically faux to be official IT assist from well-known firms and use social engineering ways to achieve the belief of their targets. They then try and make use of instruments like Fast Help to hook up with the goal’s machine. 

Fast Help and Microsoft usually are not compromised in these cyberattack eventualities; nonetheless, the abuse of official software program presents danger Microsoft is targeted on mitigating. Knowledgeable by Microsoft’s understanding of evolving cyberattack methods, the corporate’s anti-fraud and product groups work carefully collectively to enhance transparency for customers and improve fraud detection methods. 

The Storm-1811 cyberattacks spotlight the aptitude of social engineering to bypass safety defenses. Social engineering includes accumulating related details about focused victims and arranging it into credible lures delivered by means of cellphone, electronic mail, textual content, or different mediums. Numerous AI instruments can shortly discover, manage, and generate data, thus performing as productiveness instruments for cyberattackers. Though AI is a brand new growth, enduring measures to counter social engineering assaults stay extremely efficient. These embrace rising worker consciousness of official helpdesk contact and assist procedures, and making use of Zero Belief rules to implement least privilege throughout worker accounts and gadgets, thereby limiting the influence of any compromised belongings whereas they’re being addressed. 

Microsoft has taken motion to mitigate assaults by Storm-1811 and different teams by suspending recognized accounts and tenants related to inauthentic habits. If you happen to obtain an unsolicited tech assist supply, it’s possible a rip-off. At all times attain out to trusted sources for tech assist. If scammers declare to be from Microsoft, we encourage you to report it on to us at https://www.microsoft.com/reportascam. 

Constructing on the Safe Future Initiative (SFI), Microsoft is taking a proactive strategy to making sure our services are “Fraud-resistant by Design.” In January 2025, a brand new fraud prevention coverage was launched: Microsoft product groups should now carry out fraud prevention assessments and implement fraud controls as a part of their design course of. 

Suggestions

• Strengthen employer authentication: Fraudsters typically hijack official firm profiles or create faux recruiters to deceive job seekers. To forestall this, job platforms ought to introduce multifactor authentication and Verified ID as a part of Microsoft Entra ID for employer accounts, making it more durable for unauthorized customers to achieve management.
• Monitor for AI-based recruitment scams: Firms ought to deploy deepfake detection algorithms to determine AI-generated interviews the place facial expressions and speech patterns could not align naturally.
• Be cautious of internet sites and job listings that appear too good to be true: Confirm the legitimacy of internet sites by checking for safe connections (https) and utilizing instruments like Microsoft Edge’s typo safety.
• Keep away from offering private data or fee particulars to unverified sources: Search for pink flags in job listings, comparable to requests for fee or communication by means of casual platforms like textual content messages, WhatsApp, nonbusiness Gmail accounts, or requests to contact somebody on a private machine for extra data.

Utilizing Microsoft’s safety sign to fight fraud

Microsoft is actively working to cease fraud makes an attempt utilizing AI and different applied sciences by evolving large-scale detection fashions based mostly on AI, comparable to machine studying, to play protection by studying from and mitigating fraud makes an attempt. Machine studying is the method that helps a pc study with out direct instruction utilizing algorithms to find patterns in massive datasets. These patterns are then used to create a complete AI mannequin, permitting for predictions with excessive accuracy.

We have now developed in-product security controls that warn customers about potential malicious exercise and combine fast detection and prevention of latest sorts of assaults.

Our fraud staff has developed area impersonation safety utilizing deep-learning know-how on the area creation stage, to assist defend in opposition to fraudulent e-commerce web sites and pretend job listings. Microsoft Edge has integrated web site typo safety, and we’ve got developed AI-powered faux job detection techniques for LinkedIn.

Microsoft Defender Smartscreen is a cloud-based safety characteristic that goals to stop unsafe looking habits by analyzing web sites, recordsdata, and purposes based mostly on their status and habits. It’s built-in into Home windows and the Edge browser to assist defend customers from phishing assaults, malicious web sites, and probably dangerous downloads.

Moreover, Microsoft’s Digital Crimes Unit (DCU) companions with others within the personal and public sector to disrupt the malicious infrastructure utilized by criminals perpetuating cyber-enabled fraud. The staff’s longstanding collaboration with legislation enforcement world wide to reply to tech assist fraud has resulted in lots of of arrests and more and more extreme jail sentences worldwide. The DCU is making use of key learnings from previous actions to disrupt those that search to abuse generative AI know-how for malicious or fraudulent functions. 

Fast Help options and distant assist fight tech assist fraud

To assist fight tech assist fraud, we’ve got integrated warning messages to alert customers about potential tech assist scams in Fast Help earlier than they grant entry to somebody approaching them purporting to be a licensed IT division or different assist useful resource.

Home windows customers should learn and click on the field to acknowledge the safety danger of granting distant entry to the machine.

Microsoft has considerably enhanced Fast Help safety for Home windows customers by leveraging its safety sign. In response to tech assist scams and different threats, Microsoft now blocks a mean of 4,415 suspicious Fast Help connection makes an attempt every day, accounting for about 5.46% of world connection makes an attempt. These blocks goal connections exhibiting suspicious attributes, comparable to associations with malicious actors or unverified connections.

Microsoft’s continuous give attention to advancing Fast Help safeguards seeks to counter adaptive cybercriminals, who beforehand focused people opportunistically with fraudulent connection makes an attempt, however extra just lately have sought to focus on enterprises with extra organized cybercrime campaigns that Microsoft’s actions have helped disrupt.

Our Digital Fingerprinting functionality, which leverages AI and machine studying, drives these safeguards by offering fraud and danger indicators to detect fraudulent exercise. If our danger indicators detect a potential rip-off, the Fast Help session is routinely ended. Digital Fingerprinting works by accumulating varied indicators to detect and stop fraud.

For enterprises combating tech assist fraud, Distant Assist is one other precious useful resource for workers. Distant Assistance is designed for inside use inside a corporation and contains options that make it splendid for enterprises.

By lowering scams and fraud, Microsoft goals to boost the general safety of its merchandise and defend its customers from malicious actions.

Shopper safety suggestions

Fraudsters exploit psychological triggers comparable to urgency, shortage, and belief in social proof. Shoppers must be cautious of:

• Impulse shopping for—Scammers create a way of urgency with “limited-time” offers and countdown timers.
• Trusting faux social proof—AI generates faux critiques, influencer endorsements, and testimonials to seem official.
• Clicking on adverts with out verification—Many rip-off websites unfold by means of AI-optimized social media adverts. Shoppers ought to cross-check domains and critiques earlier than buying.
• Ignoring fee safety—Keep away from direct financial institution transfers or cryptocurrency funds, which lack fraud protections.

Job seekers ought to confirm employer legitimacy, be looking out for frequent job rip-off pink flags, and keep away from sharing private or monetary data with unverified employers.

• Confirm employer legitimacy—Cross-check firm particulars on LinkedIn, Glassdoor, and official web sites to confirm legitimacy.
• Discover frequent job rip-off pink flags—If a job requires upfront funds for coaching supplies, certifications, or background checks, it’s possible a rip-off. Unrealistic salaries or no-experience-required distant positions must be approached with skepticism. Emails from free domains (comparable to johndoehr@gmail.com as a substitute of hr@firm.com) are additionally usually indicators of fraudulent exercise.
• Be cautious of AI-generated interviews and communications—If a video interview appears unnatural, with lip-syncing delays, robotic speech, or odd facial expressions, it might be deepfake know-how at work. Job seekers ought to at all times confirm recruiter credentials by means of the corporate’s official web site earlier than participating in any additional discussions.
• Keep away from sharing private or monetary data—In no way do you have to present a Social Safety quantity, banking particulars, or passwords to an unverified employer.

Microsoft can also be a member of the World Anti-Rip-off Alliance (GASA), which goals to convey governments, legislation enforcement, client safety organizations, monetary authorities and suppliers, model safety businesses, social media, web service suppliers, and cybersecurity firms collectively to share information and defend customers from getting scammed.

Suggestions

• Distant Assist: Microsoft recommends utilizing Distant Assist as a substitute of Fast Help for inside tech assist. Distant Assistance is designed for inside use inside a corporation and incorporates a number of options designed to boost safety and decrease the danger of tech assist hacks. It’s engineered for use solely inside a corporation’s tenant, offering a safer various to Fast Help.
• Digital Fingerprinting: This identifies malicious behaviors and ties them again to particular people. This helps in monitoring and stopping unauthorized entry.
• Blocking full management requests: Fast Help now contains warnings and requires customers to test a field acknowledging the safety implications of sharing their display screen. This provides a layer of useful “safety friction” by prompting customers who could also be multitasking or preoccupied to pause to finish an authorization step.

Kelly Bissell: A cybersecurity pioneer combating fraud within the new period of AI

Kelly Bissell’s journey into cybersecurity started unexpectedly in 1990. Initially working in pc science, Kelly was concerned in constructing software program for healthcare affected person accounting and working techniques at Medaphis and Bellsouth, now AT&T.

His curiosity in cybersecurity was sparked when he seen somebody logged right into a cellphone swap trying to get free long-distance calls and traced the intruder again to Romania. This incident marked the start of Kelly’s profession in cybersecurity.

“I stayed in cybersecurity attempting to find unhealthy actors, integrating safety controls for lots of of firms, and serving to form the NIST safety frameworks and rules comparable to FFIEC, PCI, NERC-CIP,” he explains.

At present, Kelly is Company Vice President of Anti-Fraud and Product Abuse inside Microsoft Safety. Microsoft’s fraud staff employs machine studying and AI to construct higher detection code and perceive fraud operations. They use AI-powered options to detect and stop cyberthreats, leveraging superior fraud detection frameworks that constantly study and evolve.

“Cybercrime is a trillion-dollar drawback, and it’s been going up yearly for the previous 30 years. I feel we’ve got a possibility at present to undertake AI sooner so we will detect and shut the hole of publicity shortly. Now we’ve got AI that may make a distinction at scale and assist us construct safety and fraud protections into our merchandise a lot sooner.”

Beforehand Kelly managed the Microsoft Detection and Response Workforce (DART) and created the World Looking, Oversight, and Strategic Triage (GHOST) staff that detected and responded to attackers comparable to Storm-0558 and Midnight Blizzard.

Previous to Microsoft, throughout his time at Accenture and Deloitte, Kelly collaborated with firms and labored extensively with authorities businesses just like the Division of Homeland Safety’s Cybersecurity and Infrastructure Safety Company (CISA) and the Federal Bureau of Investigation, the place he helped construct safety techniques inside their operations.

His time as Chief Data Safety Officer (CISO) at a financial institution uncovered him to addressing each cybersecurity and fraud, resulting in his involvement in shaping regulatory tips to guard banks and finally Microsoft.

Kelly has additionally performed a major position in shaping rules across the Nationwide Institute of Requirements and Expertise (NIST) and Fee Card Trade (PCI) compliance, which helps make sure the safety of companies’ bank card transactions, amongst others.

Internationally, Kelly performed an important position in serving to set up businesses and enhance cybersecurity measures. As a marketing consultant in London, he helped rise up the UK’s Nationwide Cyber Safety Centre (NCSC), which is a part of the Authorities Communications Headquarters (GCHQ), the equal of CISA. Kelly’s efforts in content material moderation with a number of social media firms, together with YouTube, have been instrumental in eradicating dangerous content material.

That’s why he’s enthusiastic about Microsoft’s partnership with GASA. GASA brings collectively governments, legislation enforcement, client safety organizations, monetary authorities, web service suppliers, cybersecurity firms, and others to share information and outline joint actions to guard customers from getting scammed.

“If I defend Microsoft, that’s good, nevertheless it’s not adequate. In the identical approach, if Apple does their factor, and Google does their factor, but when we’re not working collectively, we’ve all missed the larger alternative. We should share cybercrime data with one another and educate the general public. If we will have a three-pronged strategy of tech firms constructing safety and fraud safety into their merchandise, public consciousness, and sharing cybercrime and fraudster data with legislation enforcement, I feel we will make an enormous distinction,” he says.

Subsequent steps with Microsoft Safety

To study extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our knowledgeable protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and X (@MSFTSecurity) for the newest information and updates on cybersecurity.

---

Methodology: Microsoft platforms and providers, together with Azure, Microsoft Defender for Workplace, Microsoft Menace Intelligence, and Microsoft Digital Crimes Unit (DCU), offered anonymized knowledge on risk actor exercise and traits. Moreover, Microsoft Entra ID offered anonymized knowledge on risk exercise, comparable to malicious electronic mail accounts, phishing emails, and attacker motion inside networks. Further insights are from the every day safety indicators gained throughout Microsoft, together with the cloud, endpoints, the clever edge, and telemetry from Microsoft platforms and providers. The $4 billion determine represents an aggregated whole of fraud and rip-off makes an attempt in opposition to Microsoft and our clients in client and enterprise segments (in 12 months).