LUSA 09/04/2024

Lusa - Business News - Portugal: Police agency used in 'phishing' scam using AI

Lisbon, Sept. 3, 2024 (Lusa) - Portugal's criminal investigation police agency, PJ, warned on Tuesday of an "intense and massive" scam campaign in which the PJ itself is used in fraudulent calls to trick citizens into transferring money to bank accounts.

At a press conference held at the PJ headquarters in Lisbon, criminal investigation coordinator José Ribeiro, from the National Unit for Combating Cybercrime and Technological Crime (UNC3T), highlighted the use of artificial intelligence techniques by foreign criminal networks to spread this campaign, which has resulted in "an unusual number of complaints" to the institution.

"At the moment, our concern lies with a current campaign in which thousands of telephone calls have been massively disseminated, resulting in an unusual number of complaints. Last weekend alone, we received more than a hundred," he said, assuring that the PJ was “working together with the operators” to identify these spoofing techniques.

According to José Ribeiro, the PJ has opened approximately 2,000 inquiries related to various types of computer scams, such as the "hello dad, hello mum"campaigns, since the beginning of the year. Still, he stressed the evolution of these criminal schemes. He said that the PJ has already developed "some techniques to identify threats" but assumed that "it's complicated to anticipate behaviour" in this matter.

"The concern with these techniques is the massive way the campaigns are disseminated and manage to have direct contact with the victims, in an almost individualised approach. They are developing individualised attack and scam patterns, they are doing profile analysis and using artificial intelligence. At the moment, they are developing targeted techniques and this case is frightening because it will bring us more difficulties," he emphasised.

Citizens are contacted, informed that their bank accounts are at risk or have been improperly accessed, and then have to choose one of several options, including speaking to a supposed PJ inspector, who will tell them to transfer the funds from their accounts to supposedly safe accounts.

Criminal networks associated with foreign groups use national mobile phone numbers to lend credibility to these contacts, according to José Ribeiro. This results in two types of victims: the "phishing" victims who end up transferring money and the real owners of the phone numbers who are unaware of the misuse.

"The fact that they belong to national numbers doesn't mean that the owners make them of those numbers. We want to alert the public that just because a national number appears doesn't mean it's traceable," he said.

José Ribeiro explained that the holder of the number from which the fraudulent contact is made has no record on the mobile phone, as it only serves as a "mask" for international numbers from criminal networks, which often obtain these contacts through databases sold on the Internet.

The criminal investigation coordinator emphasised that these calls are based on "recordings to capture the citizen's interest" and are then carried out with a real person using "social engineering techniques" (psychological manipulation of people to carry out certain actions, namely giving up data or sending money). He also said that the PJ is not yet aware of any people who have been financially harmed.

"There are always victims, there are always the unwary. This campaign is much more intense and massive in reaching citizens. We have detected with this spoofing and artificial intelligence campaign that the way to reach the citizen is much faster," he observed, concluding: "We shouldn't demonise artificial intelligence, but the fact is that criminal groups take advantage of artificial intelligence techniques."

JGO/ADB // ADB.

Lusa