Electrocution "evolves" with technology to counter-deception "cat and mouse game" odds

Source: China Consumer Daily

The Draft Anti-Telecommunications Network Fraud Law was made public at the end of October this year, and the deadline for widespread public comment is November 21, 2021.

In recent years, online fraud is not uncommon, and for the majority of netizens, telecommunications fraud and financial fraud are of great harm. In view of the complex and severe situation of the new type of network illegal crimes, the government clearly advocates the establishment of a work pattern of "anti-fraud for the whole people, anti-fraud by the whole police, and anti-fraud by wisdom". With the development of science and technology, fraud means have also become invincible, and between the financial anti-fraud and telecommunications anti-fraud that are constantly "fighting monsters and upgrading", a "cat and mouse game" of attack and defense has been formed.

There is a high incidence of telecommunications network fraud

"After more than a decade of evolution, telecommunications network fraud is no longer a new type of crime." Professor Wang Xiaowei, associate professor and graduate supervisor of the Investigation College of Chinese Min Public Security University, told the China Consumer Daily reporter, "The criminal means are constantly renovated, the deception is constantly escalating, and the universality and growth rate are unprecedented." At present, in the southeast coast and first-tier large cities, the criminal cases of telecommunications network fraud account for more than 50%. "Network communication technology is a double-edged sword, and in the field of crime, more and more criminals are choosing remote, non-contact means to commit fraud." Wang Xiaowei believes that not only telecommunications network fraud, but also criminal crimes as a whole have a trend of online, remote and contactless. "The online business of the financial industry is gradually accelerating the mobile and Internetization, prompting many financial businesses to switch to channels such as WeChat and Alipay." Yue Wei, lecturer of the anti-fraud project of the Payment and Clearing Association, security expert of the Tongdun technology industry, and member of the cryptographic algorithm research group of the State Secret Bureau, told the China Consumer Daily reporter, "The concentration of risk crimes is obviously rising with digital transformation, and the transformation of financial fraud to online is particularly prominent in the financial industry." "All crimes and deceptions come from life scenes." Wang Xiaowei said that nowadays, network production and lifestyle are becoming more and more abundant, and there are of course more and more criminal scenarios that scammers can use. "In addition, with the development of network technology, the living space of contact crimes is continuously compressed." Wang Xiaowei said. For example, video surveillance systems in cities like Skynet, coupled with the continuous innovation and advancement of detection technology, have made the space for exposure to sexual crimes very narrow, and the cost of crime is also very high. All of this determines the tendency of criminal offences as a whole to develop towards contactlessness.

Why are telecom scams more common than other types of cybercrime? Wang Xiaowei believes that this is because fraud is a kind of crime of embezzlement, and its purpose is easier to achieve in cyberspace. When committing theft through the network, criminals need to bypass multiple security precautions and verification methods of multiple institutions and operators, which is more difficult in comparison. "And as long as the criminals are good enough to fool people, consumers themselves will transfer the money." Those security measures are ineffective in the face of scammers. Wang Xiaowei added, "Why are there frequent thefts, pyramid schemes, and poisons?" Mainly because online fraud is relatively low risk, easy to achieve, and high profit. ”

Tailor-made precision scams

In April 2021, a mother-in-law in Hong Kong was defrauded of a record $250 million by telecom network fraudsters. "The single amount and number of cases of telecommunications fraud are all going up, and its core performance is that the funds involved in a single case are very high." Xiaodun security technology expert and lecturer at the Bank of China Lecture Hall told the China Consumer Daily reporter, "When I was in Yuhang District, Hangzhou City, Zhejiang Province, to carry out anti-fraud business training for the police in Yuhang District, the police received a phone call, reflecting that an employee of Alibaba suffered a 'pig killing disk' and was defrauded of 2 million yuan, of which more than 1 million yuan was still drawn through online loans. The impact on a person and a family is very large. This ordinary white-collar worker, I am afraid that there is no way to integrate into the work normally in the future. "In fact, the means of telecom network fraud are now being refurbished quickly and precisely." Wang Xiaowei said.

The "2020 Anti-Fraud Annual Report" (hereinafter referred to as the "Annual Report") released by Xiaodun Security shows that one of the trends in the evolution of telecommunications network fraud risks is the escalation and evolution of fraud methods, and the fraud risks continue to be exposed. The new type of telecommunications network fraud represented by "pig killing plate" and "fish killing plate" has developed rapidly, and most of the criminals and criminals have obtained the victim's information from illegal and illegal channels, and then carried out accurate fraud, and the modus operandi has been stolen by fraudulently obtaining the dynamic verification code of mobile phone TEXT messages, and has changed to actively inducing the victim to transfer funds.

"The connotation of precision fraud has also changed." Wang Xiaowei said that the criminal suspect will tailor the deception according to a certain type of group of people, or even for the situation of a certain person, and the success rate of fraud is high. In the past, precision fraud was to obtain personal information first and then customize the scam, but now precision fraud does not even need to obtain detailed personal information, because many of them are achieved through accurate network drainage. "All kinds of deception are channeled through network promotion, pop-up advertising, and circle of friends." Wang Xiaowei explained.

Fraudulent means accelerate escalation

The emergence of new technologies is often absorbed by the network black industry and used in network fraud crimes. One of the most typical and widely known cases is last year's "fake Jin Dong case". Through intelligent speech synthesis and AI face swapping, a brilliant Jin Dong smiled and laughed at middle-aged and elderly women. And a "Jin Dong" who can talk and laugh, and whose voice and image can be on the number, is really impossible to doubt.

Xiaodun Security's "Annual Report" shows that while the new technology brings people better personal account protection, it also continuously improves the specialization of online black industry gangs, and big data analysis, deep learning and artificial intelligence technologies are all being used by network black industry. With the help of cutting-edge technologies such as big data, fraud gangs accurately identify fraudulent targets and take appropriate measures, making attacks more targeted. The proportion of fraud in the network black industry underground social worker database is obvious, and the operation of dragging and shoving the database is more mechanized, centralized and intelligent, and the difficulty of attack and defense continues to escalate.

"Online black industry often uses big data to lock in targets, and then establish reliable people for themselves in a targeted manner to deceive the trust of victims." For example, the manipulator of the 'pig killing plate' will tell the bedtime story of half a year to the children of single mothers, and will send overseas orders to young girls and send genuine luxury goods. Wang Xiaowei said. Not only that, such as stock K-lines, chat screenshots, delivery bills, etc., have special fraud software to generate, in the past year, there were even transfer voucher simulators, fake trading software and investment software, etc., which look exactly the same as the real thing.

Yuewei said that with the tightening of online supervision of financial fraud, fraud methods have further accelerated and escalated. Vault collision replaces Trojan fishing with a higher success rate and is now the dominant mode of attack. In addition, there are some hidden dangers from the leakage of user identity information, partly due to the vulnerabilities of banks and operators, and the other part is the identity information vulnerabilities under the epidemic prevention and control technology. "In the process of providing risk control technology solutions for banks, it can be seen that on many leaked bank information sources, a lot of personal information is actually the travel information of users scanning codes, with personal sensitive information such as ID cards, face comparison pictures and mobile phone numbers." Criminals with this information can complete identity replacement, go to the bank to open an account or other financial business. Yue Wei said.

Promote an overall prevention and control mechanism

"Behind all telecom network fraud, the root cause comes from personal or corporate data." The fox said. Telecommunications fraud based on big data has subdivided the population very finely and accurately, taking the data of the public security department of Yuhang District as an example, the conversion rate of "pig killing plate" has reached more than 20%, and the number of highly educated deceived people has reached more than 60%. In the past, the conversion rate of the wide-net-casting lottery fraud was only about one in 100,000, and the amount of deception rarely exceeded 100,000 yuan.

The continuous specialization of fraud technology and the continuous escalation of the difficulty of attack and defense are another new feature of telecommunications fraud at this stage.

"The overall prevention and control mechanism is a long chain of steady progress and based on risk control technology." Wang Xiaowei believes that it is necessary to adopt a prevention and control mechanism step by step from the whole process of the occurrence and development of a case. For example, from the initial registration of a telephone number, operators and Internet companies must have the risk control of opening a card and opening an account, and there must be a review mechanism to ensure that the real name is real; mobile phone cards and bank cards are used for "gray and black production", sending out fraudulent information and making fraudulent calls, and at this stage, there must be technical measures to identify and intercept fraudulent calls; for online fraud-related information, there must be technical means to retrieve, identify, and block. If it is already in the process of fraud implementation, it is necessary to have technical means to timely feedback to the front end, through SMS reminders, telephone dissuasion and face-to-face dissuasion, etc., to prevent the masses from being deceived. If the victim has been defrauded and the victim has transferred out the funds, technical means should be used to stop the payment urgently. "These are precautions and technical countermeasures before and during the event." Wang Xiaowei introduced.

Online fraud is extremely stealthy, and from the time the victim is deceived to the police, the money defrauded is often transferred long ago. When arresting suspects, it will involve problems such as forged IP addresses on overseas websites, so the relevant departments are facing difficulties in prevention, arrest, and recovery of fraudulent funds. "In the face of more and more 'high-energy' fraudulent organizations, especially the financial industry represented by banks, it is necessary to upgrade weapons and innovate tactics." Yue Wei said. The core element of the bank's anti-fraud mechanism is to distinguish between true and false, mainly to identify whether it is a person is an machine, whether it is not myself, whether I am abnormal, whether it is a subjective operation that has been induced, or another person who operates on behalf of others after the information is leaked. "At present, anti-fraud methods are basically terminal security plus accurate profiling, plus machine learning and related knowledge graphs." Yuewei said, "Based on the operation link of wire fraud, we have deployed anti-wire fraud prevention and control ideas in the overall plan launched for the banking and financial industry: the first step is to do limited investigation, to achieve interception in some transactions, on the basis of the list and strong feature screening rules, through terminal security and expert gambling and fraud models, the current risks are quickly detected and stopped; the second step is to collect, clean, and process the user behavior data of the bank to achieve accurate fraud-related risk profiles. And through the relevant machine learning algorithms, to achieve real-time, accurate monitoring and prevention of transactions; the third step is to detect the criminal gang at the same time, find the upstream and downstream links related to the criminal gang, that is, borrow the knowledge graph to complete the upstream and downstream Shunteng melon. Because the criminal nature of gang crime, operational links, tool behavior, etc., are highly similar. "The world is not fraudulent" is not only the wish of the police, but also the pursuit of the technology industry. In this contest of science and technology war and data war, science and technology empowerment will certainly contribute to improving governance capabilities.

● Opinion

Use technology as a weapon to fight fraud

At present, even people in remote areas are inseparable from the Internet, and the Internet is gradually building an era of digital economy where everything is interconnected. However, the application of digital technology has brought us great convenience at the same time, but also derived new challenges such as data security and personal privacy protection.

Telecom network fraud is no longer a Trojan horse, pseudo base station, phishing website flood, nor is it sms, email, two-dimensional code bombardment, but involves the information chain, capital chain, technology chain, personnel chain and other links, based on big data, artificial intelligence and even psychology of a whole criminal chain. Criminal offenses have shown a trend of networking, remote, and contactless, and crimes such as telecommunications fraud have become the norm. The richer the network life, the more cybercrime scenarios there are for criminals, and the deception is renovated quickly, there are many routines, and the harm is great.

At the same time, the economic losses caused are also very large. The data shows that the total amount of telecommunications network fraud last year was as high as more than 30 billion yuan, and there were more than one single case of more than 100 million yuan, and there were also many tens of millions of yuan. Most of the victims are ordinary people, and many of the funds defrauded are money for schooling, money for medical treatment, liquidity for small businesses... Being deceived can lead to families returning to poverty, making life impossible, small businesses going bankrupt, and laying off workers. According to experts, suicides and sudden deaths occur every year by victims of telecommunications fraud.

From a legal point of view, it is necessary to strengthen the construction of preventive institutional measures to provide legal support for the actual needs of overall development and security, maintaining social management order, and ensuring the safety of people's property.

Since new technologies will soon be used in cybercrime, prevention and technical countermeasures in advance and in the event have become very important anti-fraud means. From the perspective of high-risk enterprises such as finance, it is necessary to rely on big data, apply artificial intelligence and other technical means, improve the real-time risk analysis and decision-making ability by promoting the construction of an intelligent risk control system, and build an intelligent risk control capability of active defense, accurate identification, and joint prevention and control.

At the same time, in the digital era, the needs of consumers are more personalized and scenario-based, the threats and challenges faced by users are more complex, and the awareness of the protection of their own rights and interests needs to be gradually improved. Industrial institutions need to further improve the consumer rights and interests protection system, use technology as a weapon, strengthen joint defense cooperation, jointly solve prominent problems, promote the innovative development of online business standards, and improve the level of consumer rights and interests protection.

Financial anti-fraud, telecommunications anti-fraud is obviously long-term and complex, in this cat and mouse offensive and defensive war, assist anti-fraud, scientific and technological means to empower is obviously indispensable.