Cybercriminals have found a new way to steal money. They can steal phone users’ faces and access their bank accounts to loot them.
ING is warning customers and is taking “visible and invisible measures” to prevent this. “People can steal your face and copy it,” warns Ott van Dalen, principal law attorney and researcher at the Information Law Institute.
Chinese hacking group GoldFactory uses so-called Malware To extract faces from iOS and Android devices. Malware consists of apps that do not come from the official Play Store or App Store and aims to steal data from devices.
Face scan
These types of malware install themselves on phones unintentionally and often unnoticed via phishing. Hackers can then access data on that device, such as login details, fingerprint and facial scans that people use to unlock their phones and apps.
Once criminals have access to that data, they can use AI to create fake images of someone’s face relatively easily, which is called a deepfake. They use these images to trick facial scans into your bank account, for example, and then emptying it is easy.
It’s a new method of hacking that surprises even experts and shows how quickly criminals can abuse the sophistication of artificial intelligence (or artificial intelligence) and deepfakes.
“I’ve never seen this before, but it was expected,” says lawyer and researcher Ot van Dalen, of the Information Law Institute.
“The technology of copying faces and thus creating deepfakes continues to evolve. Banks are still using facial recognition technology as a means of identifying people. It is becoming increasingly tempting for criminals to ransack bank accounts in this way.
The face is no longer yours
Chinese hackers are currently looking for victims with a lot of money in their accounts, especially in Asia, according to technology website Techradar. But danger threatens us too. According to Van Dalen, this will definitely be a problem in the Netherlands.
He fears that this would ultimately require not only having malware on your phone at all, but criminals could also misuse photos and video captured elsewhere.
“There’s nothing you can do about it. Pictures of your face are all over the Internet, you pass by cameras on the street and they film you. This data can also be stolen. It’s impossible to avoid that.”
This is partly because our society is “organized on the basis of the trust that a face is your face and that you can’t change it, but that’s no longer true. People can steal your face and copy it,” says Van Dalen.
An extra layer of security is not enough
If our face is no longer safe from malicious parties, it is no longer up to the consumer and app users to prevent their bank accounts from being ransacked. According to Van Dalen, responsibility for security falls on banks and other companies that use facial recognition technology. “Banks must now ensure that security methods take this method of theft into account. If they use facial recognition technology, they must defend themselves against deepfakes.
“Don’t click on links”
Upon inquiry, ING appears to be aware of the dangers of fake faces. The bank itself states that it “takes many visible and invisible measures to ensure that our customers are able to conduct banking transactions safely.”
Read more below the picture
The bank stresses that customers themselves could also be on alert for malware that could steal this data from their devices. “We always warn our customers against clicking on links that may lead to downloading malware.”
Fraud and theft
Just like Van Dalen, ING sees that the way criminals operate is constantly changing and becoming more creative. “Artificial Intelligence is an important development that is already widely used in the world around us. We take these types of technologies very seriously and are monitoring developments to determine how to take them into account in our services.
ING says that thanks to artificial intelligence, criminals have many new opportunities to commit fraud and theft.
Social media
However, ING responds to Van Dalen’s call. “ING will, as we have done for years, warn clients through our campaigns about the latest developments.” In the fight against fraud, we also cooperate with the police and the Dutch Banking Association, among others.
Ultimately, consumers can’t do anything about having their faces stolen; Pictures of this are often found on Facebook, Instagram or other social media.
Consumers themselves can pay close attention to the applications they download. Only download apps from the App Store and Play Store, and never download apps from other websites. This is how hackers try to put their malware on your phone while they search for new victims.
“Professional web ninja. Certified gamer. Avid zombie geek. Hipster-friendly baconaholic.”