Is it Elon or AI? Nomani is here!
The tactic is called Nomani (yeah, that’s “no money”) and combines AI video, malicious ads on social media and email phishing. It started spiking May 2024 and grew 335% by the second half of the year. From May to November, ESET Cybersecurity says they blocked about 100 new scam URLs a day, adding up to 8,500 sites.
STOP! DO NOT GIVE THEM YOUR MONEY!
Cybercriminals love AI. A new deepfake scam is spreading on social media. Many people have lost millions to it. Here are the details to help you avoid becoming a victim.
I HATE TO BREAK IT TO YOU…IT’S NOT ELON.
The tactic is called Nomani (yeah, that’s “no money”) and combines AI video, malicious ads on social media and email phishing. It started spiking May 2024 and grew 335% by the second half of the year. From May to November, ESET Cybersecurity says they blocked about 100 new scam URLs a day, adding up to 8,500 sites.
The video features a celebrity or politician (think Elon Musk, etc.) promoting a cryptocurrency investment on social media platforms like YouTube or Facebook. These videos may look like news segments or exclusive interviews and often involve a recognizable figure. The accounts sharing this content usually have many followers and use eye-catching graphics to attract viewers, claiming huge profits with no risk. If you click on their websites, you might just be sharing your information with a scam artist. In the worst case, the site could contain malware that steals your money or personal information.
IT GETS NASTIER…
Most of these tricks end with an “investment manager” calling to walk you through the process of transferring all your hard-earned money right to them. They pretend they’re helping you put it into a crypto investment account. Nope.
If you’ve already fallen for Nomani, you’re at even more risk. Scammers are going after victims a second time, pretending to be law enforcement trying to help recover your lost funds. Just awful.
KNOW THE RED FLAGS
Even if you think, “This could never happen to me,” read this list and store these tidbits away. They could save you someday.
Hey, that’s blurry: Deepfake videos are often in low resolution to hide glitches. If your internet connection is just fine and other videos are clear, move on.
What if the video quality is OK? Look for strange speech patterns, unnatural breathing, poorly synced audio and video, jerky body movements, and robotic-sounding dialogue.
Don’t click: They want to get you off social media and over to their website to plant malware. Solid antivirus software can spy malware tricks you can’t.
High pressure: If an ad says you can double your money by doing nothing, your scam radar should be going off!! No legitimate investment opportunity is urgent. When they pull out the pressure tactics, move on.
No matter the form, get-rich-quick schemes end one way: With less money and more regret than you started with. You have to be smart!
AI & ChatGPT Threats and the arrival of Fleeceware
Scammers are in rare form these days, especially with arrival of mass news coverage of AI and ChatGPT. In today's blog, Todd answers questions about new scams, what are the biggest threats with AI and ChatGPT. Todd also addresses the question of using AI or ChatGPT for business purposes.
What are the biggest threats to each of us right now?
GETTY IMAGE
Scammers are using AI and ChatGPT as a tool to create even cheekier scams than normal!
THE ARRIVAL OF FLEECEWARE
One of the more irreverent scams is called Fleeceware, a type of mobile application (or website) that comes with excessive subscription fees you may quickly forget you’re paying. The ones oriented around these AI apps have catchy names like Genie – AI Chatbot. It can also be a website that looks like a legitimate site or uses a similar name to a trusted site to give a false sense of legitimacy.
The goal of these apps or websites is to get your to complete a sign up for a weekly/monthly subscription for what you’ll quickly find out is pretty useless.
HOW WELL DOES THE SCAM WORK?
Sophos reports that the people who publish the Genie AI Chatbot app (still available in the Apple apps store btw) are raking in $1 Million a month in subscription fees for something better, and free if you go to the source, https://openai.com/blog/chatgpt
IS THERE AN OFFICIAL OPEN AI IPHONE OR ANDROID APP FOR CHATGPT?
There is only one official app released as an iPhone app for ChatGPT and there is not one for Android, yet.
If you search the app store for ChatGPT, you’ll see dozens (maybe hundreds of apps) but only one is the official Open AI ChatGPT app. There isn’t an official app for Android yet, but there are more than a few pretenders available.
The only official app OpenAI has published, download it here for the iPhone: https://apps.apple.com/us/app/openai-chatgpt/id6448311069
SHOULD I BE SUSPICIOUS OF EMAILS RELATED TO CHATGPT?
The scams wouldn’t be complete without using the headlines to send phishing emails. The current hearings in Congress are news, and news means new subject lines for phishing emails.
There are new domain names popping up related to ChatGPT, many of which are common misspellings of legitimate domain names. BE EXTRA SUSPICIOUS of any email or text messages you receive with subjects or links related to ChatGPT. If you intend to use ChatGPT, be sure to access the service through the official OpenAI site, https://openai.com/blog/chatgpt
SHOULD I USE CHATGPT FOR BUSINESS?
For businesses, these tools bring the added risk of your employees inputting sensitive information into these tools. Your best protection is to have a policy around the use of these AI tools, similar to what you probably already have to social media usage.
If you have a legitimate business use for these AI tools, great – review their privacy policies and terms of use. You’ll have better privacy and control over your data usage is you pay for a subscription vs. using free ones.
Be sure to know how the service will use any data you give it before committing.