For all the recent focus on artificial intelligence and its potential for deepfake impostures, the boiler room is still very much active in the criminal underworld. WIRED describes the ways in which people in many parts of the world (Ireland, France, Nigeria, and Mexico) have been recruited to work as freelancers for a company that seeks to profit from lonely people looking for love.
This is how a typical operation runs. Freelancers are recruited to work as either customer service representatives or content moderators. Once on the job, however, they find themselves being used to cycle through a set of “virtuals,” or phony personae intended to engage marks romantically–they’ve been hired, they learn, to work as “catphish.”
The companies that hire them operate subscription-based dating sites. The freelancers are assigned a virtual with a brief, well-crafted and convincing backstory. They then riff on that backstory as they interact with the marks. One of the virtuals WIRED describes had this fictitious biography:
“Andrea667 (45), lonely divorcee looking for a man”
“Home: Chesham Bois – 3 bed House with her kids”
“Job: Owner of a makeup & beauty products shop in Watford 10-6pm, Mon-Sat”
“Food/Drinks: pub lunch, lamb jalfrezi, strong Brazilian coffee”
“Child 1: Ben – 15 (2006)”
It’s often not a lengthy relationship. Freelancers may cycle through personae at a rate of two minutes per virtual. The goal is to keep the mark engaged and paying.
Where labor is cheap and capital is expensive, the criminal market will go for a labor-intensive approach. Exploiting economically desperate people is still be an easy way to commit fraud at scale. What works for catphishing can work equally well for social engineering directed against organizations. But whether the threat comes from chatbots or boiler rooms, new school security awareness training can help any organization arm its people against social engineering.
WIRED has the story.
Free Phishing Security Test
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Here’s how it works:
- Immediately start your test for up to 100 users (no need to talk to anyone)
- Select from 20+ languages and customize the phishing test template based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organization compares to others in your industry
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW