Crypto scammers hijacked Channel 7 News Australia's YouTube account to run a live stream of an Elon Musk deepfake on loop. The AI-generated version of the business tycoon was seen luring users to scan a QR code and invest in a money-doubling scheme through cryptocurrency. The news and media company is investigating claims even as traces of account takeover persist at the time this article was published.

Crypto Scammers Shift to Deepfake Deployment

Crypto scammers hijacking social media accounts of popular brands and celebrities on platforms like YouTube and X is not a novel thing. But what transpired on Thursday could very well be a snippet of things to come as we move towards the Age of AI.

Crypto scammers first took over the YouTube account of Channel 7 News and modified it in a way that it masqueraded the official Tesla channel.

[caption id="attachment_79292" align="aligncenter" width="300"] Hijacked Channel 7 News' YouTube Account Screenshot (Source: Reddit)[/caption]

After making aesthetic changes to the YouTube account, the crypto scammers replaced the videos in the channel with a deepfake live stream of Tesla chief Elon Musk. The AI-generated Musk was seen encouraging viewers to scan a QR code and invest in cryptocurrency.

[caption id="attachment_79296" align="aligncenter" width="600"] Musk's Deepfake Asking Users to Scan or Regret (Source: Reddit)[/caption] As per local media, the Musk deepfake said, "All you need to do is scan the QR code on the screen, go to the website and watch your cryptocurrency double. Today's event is a chance for all crypto enthusiasts and users to double their assets."

"This is an opportunity that cannot be missed." - Elon Musk Deepfake

The deepfake video was made in a way that Musk's AI version even interacted with the audience, where he continued to say that twice as much would return to investors' wallets.

The Channel 7 News has several region- and programming-specific YouTube channels, and most of them seemed to be hijacked at present, with all of them running the same deepfake live stream on loop. The page is no longer accessible via direct links from the company website, but as pointed by a Reddit user, if you go to the YouTube channel via the platform's search, it still displays the changes made by crypto scammers, which is a Tesla logo as seen in the images above.

Experts, Leaders Press for Deep Fake Regulations

Owing to the menace of deepfakes, nearly 1,500 AI and tech experts in February urged global regulation of deepfakes to curb risks like fraud and political disinformation. An open letter recommends that lawmakers criminalize deepfake child pornography, penalize creators and facilitators of harmful deepfakes, and hold software developers accountable.

"The whole deepfake supply chain should be held accountable, just as they are for malware and child pornography." - The Open Letter

Legal experts and technologists have also previously urged the U.S. Congress to regulate the use of deepfake technologies and provide new protections particularly for women and minority communities against the use of digitally manipulated media. Experts warned that the deceptive content is already affecting national security, personal privacy and public trust.

A coordinated international police operation led by Interpol has resulted in the disruption of global online scam networks that carried out phishing, investment fraud, romance and impersonation scams and operated fake online shopping sites. The global operation, codenamed “First Light,” led to the seizure of assets amounting to $257 million and froze more than 6,700 bank accounts linked to the online scam syndicates. Under the banner of Operation First Light 2024, the police also arrested a total of 3,950 suspects and identified another 14,643 as likely members of the global online scam syndicates.

“By confiscating such large amounts of money, and disrupting the networks behind them, we not only safeguard our communities but also deal a significant blow to the transnational organized crime groups that pose such a serious threat to global security.” - Director of Interpol’s Financial Crime and Anti-Corruption Centre (IFCACC), Dr Isaac Kehinde Oginni

Global Online Scam Crackdown Impact

The impact of this police operation against global online scam is “more than just numbers – they represent lives protected, crimes prevented, and a healthier global economy worldwide,” Oginni said. Interpol’s Global Rapid Intervention of Payments (I-GRIP) mechanism traced and intercepted the illicit proceeds from online scams across borders in both, fiat currency cash ($135 million) and cryptocurrency ($2 million). An example of this interception was a business email compromise fraud that involved a Spanish citizen who unwittingly transferred $331,000 to Hong Kong, China, the Interpol said. In another case, the Australian authorities successfully recovered AU$ 5.5 million (approximately $3.7 million) for an impersonation scam victim, after the online scammers fraudulently transferred the funds to Malaysia and Hong Kong-based bank accounts. The global nature of online scams was underscored by the operation’s diverse participants. From rescuing 88 young people forced to work in a Namibian scam ring to preventing a tech support scam targeting a senior citizen in Singapore, Operation First Light 2024 showcased the importance of international cooperation. Operations of First Light have been coordinated since 2014 and are designed to fight social engineering and telecom fraud. The operation is funded by China’s Ministry of Public Security and coordinated by Interpol. [caption id="attachment_79238" align="aligncenter" width="1024"] Operation First Light conclusion meeting in Tianjin, China (Source: Interpol)[/caption] In 2022, First Light saw a coordinated effort between law enforcement of 76 countries that resulted in the seizure of $50 million worth of illicit funds that was defrauded from more than 24,000 victims. “The world is grappling with the severe challenges of social engineering fraud, and organized crime groups are operating from Southeast Asia to the Middle East and Africa, with victims on every continent,” Oginni said.

“No country is immune to this type of crime, and combating it requires very strong international cooperation.” - Dr Isaac Kehinde Oginni

Investment and Phishing Scams Top Threats to U.S.

According to FBI's Internet Crime report (IC3), Investment scams led to the highest reported losses in the United Stated last year. Totaling $4.57 billion, investment scams saw a 38% increase from 2022. Crypto-investment fraud also rose 53% to $3.94 billion. Scammers mainly targeted individuals aged 30-49 in these scam types. Phishing schemes, on the other hand, were the most reported crime in 2023, with over 298,000 complaints, comprising 34% of all complaints received. In the FBI San Francisco division, there were 364 complaints with nearly $1.5 million in losses. Santa Clara County had the most complaints, while Alameda County had the highest losses at $500,000.

The Federal Bureau of Investigation (FBI) has warned the public about a new wave of cybercriminal activity targeting victims of cryptocurrency scams. These fraudsters are posing as lawyers and law firms, offering bogus cryptocurrency recovery services to steal funds and personal information from those already defrauded. This latest cryptocurrency investment scam alert is an update to a previous warning from the FBI's Internet Crime Complaint Center (IC3), which had highlighted a surge in scams involving fake services for recovering digital assets. The updated Public Service Announcement (PSA), titled "Increase in Companies Falsely Claiming an Ability to Recover Funds Lost in Cryptocurrency Investment Scams," was originally published on August 11, 2023. Moreover, in April 2024, the FBI warned of financial risks tied to using unregistered cryptocurrency transfer services, highlighting potential law enforcement actions against these platforms. The announcement focused on crypto transfer services operating without registration as Money Services Businesses (MSBs) and non-compliance with U.S. anti-money laundering laws. These platforms are often targeted by law enforcement, especially when used by criminals to launder illegally obtained funds, such as ransomware payments.

Cryptocurrency Scam: Emerging Criminal Tactic

The FBI's announcement aims to inform the public about a new criminal tactic designed to exploit cryptocurrency scam victims further. Using social media and other messaging platforms, fraudsters posing as lawyers from fictitious law firms are contacting scam victims and offering their services. These "lawyers" claim they have the authority to investigate fund recovery cases and often assert that they are working with, or have received information from, the FBI, Consumer Financial Protection Bureau (CFPB), or other government agencies to validate their legitimacy. In some instances, victims have reached out to these scammers through fake websites that appear legitimate, hoping to recover their lost funds. The scammers use various methods to further the recovery scam, including:

• Verification Requests: They ask victims to verify their identities by providing personal identifying information or banking details.
• Judgment Amount Requests: They request that victims provide a judgment amount they are seeking from the initial fraudster.
• Upfront Fees: They demand a portion of the fees upfront, with the balance due upon recovery of the funds.
• Additional Payments: They direct victims to make payments for back taxes and other fees purportedly necessary to recover their funds.
• Credibility Building: They reference actual financial institutions and money exchanges to build credibility and further their schemes.

Between February 2023 and February 2024, cryptocurrency scam victims who were further exploited by these fictitious law firms reported losses totaling over $9.9 million, according to the FBI Internet Crime Complaint Center (IC3).

Tips to Protect Yourself

The FBI offers several tips to help individuals protect themselves from falling victim to these scams:

• Be Wary of Advertisements: Be cautious of advertisements for cryptocurrency recovery services. Research the advertised company thoroughly and be suspicious if the company uses vague language, has a minimal online presence, and makes unrealistic promises about its ability to recover funds.
• Do Not Release Information: If an unknown individual contacts you claiming to be able to recover stolen cryptocurrency, do not release any financial or personal identifying information, and do not send money.
• No Fees from Law Enforcement: Remember that law enforcement does not charge victims a fee for investigating crimes. If someone claims an affiliation with the FBI, contact your local FBI field office to confirm their legitimacy.

Victim Reporting

The FBI urges victims to file a report with the Internet Crime Complaint Center. When filing a report, try to include the following information:

• Contact Information: Details about how the individual initially contacted you and how they identified themselves, including name, phone number, address, email address, and username.
• Financial Transaction Information: Details such as the date, type of payment, amount, account numbers involved (including cryptocurrency addresses), name and address of the receiving financial institution, and receiving cryptocurrency addresses.

The FBI's announcement highlights the importance of vigilance and caution when dealing with unsolicited offers of assistance, particularly in the highly targeted and vulnerable area of cryptocurrency investments. By staying informed and following the FBI's guidelines, individuals can better protect themselves from becoming victims of these crypto scams.

A new deepfake investment scam has emerged on the internet, misusing prominent Indian figures like Asia's richest person, Mukesh Ambani, and former captain of the Indian national cricket team, Virat Kohli. These deepfake scam videos falsely depict the billionaire and cricket star endorsing betting apps, leading unsuspecting viewers into potential scams. Using advanced deepfake techniques, the video manipulates their appearances and voices to make it seem like they are endorsing the app. This deceptive tactic exploits the trust and influence these figures hold.

The Strange Case of Deepfake Scams

This deepfake investment scam also targets well-known TV journalists, manipulating footage to create a false impression of authenticity. These altered videos imply endorsements from reputable sources, exploiting public trust for illicit gains. In the video, which is widely being circulated online, Ambani is falsely quoted as saying, “Our honest app has already helped thousands of people in India earn money. There is a 95% chance of winning here.” https://www.facebook.com/watch/?v=2401849440205008 Meanwhile, Kohli is shown endorsing the app, stating, "Aviator is an investment game where you can make huge profits. For example, if you have 500 Rupees, that will be enough because when the airplane flies your stake will automatically multiply by the number that the airplane reaches. Your investment can multiply 10 times. I personally recommended this app.” Both individuals seem to be discussing the game and promising high returns, claiming minimal investments can lead to significant profits. Such false promises prey on the aspirations of viewers seeking easy financial gains, ultimately leading to financial losses for many who fall victim to these deepfake investment scams. The Cyber Express has investigated these Aviator game scams and found out most of these apps have been banned on platforms like Google Play Store and Apple App Store due to their deceptive practices. Despite this, scammers continue to circulate these apps through alternate channels, using deepfake investment scams to lend a spirit of legitimacy.

The Aviator Game Scams Leveraging Deepfake Technology 

Similar incidents involving other public figures have also come to light, including cricket legend Sachin Tendulkar. Fake videos were created to deceive the public, and Tendulkar himself spoke out against such misuse of technology. In one deepfake video, Tendulkar is depicted talking about his daughter Sara playing a particular game, falsely quoting him as saying, “I am surprised how easy it is to earn well these days." [caption id="attachment_78100" align="alignnone" width="720"] Sachin Tendulkar Deepfake Scam (Source: X)[/caption] Following this, Sachin Tendulkar himself posted a tweet explaining the deepfake investment scam behind the deepfake videos. Tendulkar tweeted, “These videos are fake. It is disturbing to see rampant misuse of technology. Request everyone to report videos, ads & apps like these in large numbers. Social Media platforms need to be alert and responsive to complaints. Swift action from their end is crucial to stopping the spread of misinformation and deepfakes.” Previously, the Indian media company The Quint decoded another instance of deepfake videos involving Mukesh Ambani's son, Anant Ambani, and Virat Kohli promoting gaming apps in viral clips circulating on social media. Concerns arose about Ambani's video due to discrepancies in lip-sync and mechanical movements, suggesting a potential deepfake. [caption id="attachment_78102" align="alignnone" width="720"] Anant Ambani Deepfake (Source: The Quint)[/caption] Investigation revealed the original context of Ambani's video related to an animal rescue program launch. Similarly, Kohli's video was traced back to a different context involving discussions on religious harmony, debunking claims of both videos promoting gaming applications as false. In all the cases combined, a single app that was heavily promoted by social media pages and deepfake videos was the Aviator game. Aviator, an online casino game developed by Spribe, has become the most controversial game on the internet. The game’s unique, “easy to make money” has been tried and tested to be too good to be true. Inside the game, players engage by flying planes to earn money, influencing outcomes through their actions—a unique feature in online gaming. The game includes bonus rounds and mini-games, accessible on desktop, mobile, and tablet platforms to reach a broad audience. However, despite its popularity, the Aviator game has garnered notoriety for its misleading promises and unfair practices. Users have reported massive financial losses after investing in what turned out to be a fraudulent scheme. Reviews and user experiences highlight consistent patterns of manipulation and rigged outcomes designed to benefit the operators at the expense of trusting players. To top it all off, these fake deepfake videos of celebrities endorsing the app adds more questions about the authenticity of the app and the intent behind this aggressive marketing strategy.  The proliferation of deepfake videos exploiting the reputations of public figures like Mukesh Ambani and Virat Kohli highlights the urgent need for stringent measures against digital deception. As consumers, vigilance and skepticism are essential in understanding an increasingly complex technological era with potential scams and misinformation.

A 22-year-old British national, allegedly the leader of an organized cybercrime group that targeted nearly four dozen U.S. companies, was arrested in Palma de Mallorca at the behest of the FBI, said the Spanish National Police. The young man allegedly orchestrated attacks on 45 companies in the United States through phishing campaigns, and subsequently gained unauthorized access to sensitive company information and cryptocurrency wallets.

Cyber Scammer Used Familiar Playbook

The modus operandi of the cybercriminal was simple: use phishing techniques to obtain access credentials from individuals,; use these credentials to infiltrate corporate work systems; exfiltrate sensitive company data that was likely monetized and put up for sale on dark web forums; and also access victims' cryptocurrency wallets to siphon them off. This modus operandi allowed the scammer to amass a significant amount of bitcoins. The Spanish police said the young cyber scammer managed to gain control over 391 bitcoins - approximately valued at over $27 million - from his victims. The arrest occurred at Palma airport as the suspect was preparing to leave Spain on a charter flight to Naples. The operation was conducted by agents of the Spanish National Police in collaboration with the FBI. The investigation, led by the Central Cybercrime Unit and supported by the Balearic Superior Headquarters, began in late May when the FBI’s Los Angeles office requested information about the suspect that they believed was in Spain. The FBI reported that an International Arrest Warrant had been issued by a Federal Court of the Central District of California, prompting intensified efforts to locate the suspect.

Laptop, Phone Seized

The suspect was carrying a laptop and a mobile phone at the time of his arrest, which were seized. The judicial authority subsequently ordered the suspect to be placed in provisional prison. The FBI did not immediately provide a response on whether the young British man would be extradited to the U.S. to be tried, nor did they release details on an indictment, but many similar cases in the recent past show the possibility of that happening soon.

Linked to Scattered Spider?

The cybercrime-focused vx-underground X account (formerly known as Twitter) said the U.K. man arrested was a SIM-swapper who operated under the alias “Tyler.” Fraudster's transfer the target’s phone number in a sim swapping attack to a device they control and intercept any text messages or phone calls to the victim. This includes one-time passcodes for authentication or password reset links sent over an SMS. “He is a known SIM-swapper and is allegedly involved with the infamous Scattered Spider group,” vx-underground tweeted. The details, however, could not be confirmed but independent journalist Brian Krebs said the accused is a 22-year-old from Dundee, Scotland named Tyler Buchanan, also allegedly known as “tylerb” on Telegram chat channels centered around SIM-swapping.

“Most notably he is believed to be a key component of the MGM ransomware attack, and is believed to be associated with several other high profile ransomware attacks performed by Scattered Spider.” - vx-underground

The initial access vector in the attack on MGM included targeting of a help desk executive with social engineering tactics. Mandiant in its latest report found Scattered Spider aka UNC3944 using the same modus operandi, and although no victim names were stated, it now suggests the possible linkage between them. *Update (June 17 5:45 AM EST): Added details on the 22-year old young cyber scammer's identity and possible links to Scattered Spider group.