Last spring, a well-meaning mom shared a Facebook ad with our parenting group — Chico’s was going out of business and every piece of clothing was $9.90! With a vacation looming before me, I clicked on the ad and went shopping, gleefully filling my online cart. I noticed that no matter how many times I clicked “buy,” my total remained at $56.40.
“How clever I am for finding these deals on quality merchandise! And how lucky that every size and color I desire is available!” I thought to myself.
You can see where this is going.
I entered my credit card information and the site glitched. My email inbox filled with a barrage of messages from “Chico’s online,” but with a bizarre reply address prompting me to complete my order.
Even though the site looked completely legitimate, the amateur copywriting and reply email made me suspicious. I googled “Chico’s out of business,” and no news came up. And going directly to the Chicos.com website with its regular pricing and normal sales made me understand fully that I’d been fooled. “But the website looked so real,” my defensive brain whispered.
I reported the fake ad to Facebook, where my complaint was whisked off into the metaverse. Then the same ad kept popping up, and I kept reporting it. Apparently the metaverse is a vast place where things get ignored.
We need your help to stay independent
The fake site was likely created quickly and targeted to women like me via the savvy use of AI tools, and I'm sure it's only going to get worse from here on out.
“It's not so much that these are new scams. It's that they've put a super jet-powered engine behind some of the old tricks, and now there's just so much more of this out there, and it's so much more polished,” said Identity Theft Resource Center’s president and CEO, Eva Velasquez.
In addition to slick websites indistinguishable from the real ones, AI helps to create hyper-personalized email messages and texts that seem like they’re coming from a trusted brand.
"It's not so much that these are new scams. It's that they've put a super jet-powered engine behind some of the old tricks"
“They may even be able to reference recent browser purchasing history, because of there's so much information about us out there from breaches, from what we're putting out there on social media, what we're sharing, what we're liking,” she said, adding that what would have taken lots of time, energy and money to create even two years ago can now be done quickly and cheaply with current AI tools.
Protective software is fast, scammers are faster
A spokesperson from Meta, Facebook’s parent company, said they detected 1.1 billion fake accounts via AI before the accounts were reported. Users who see suspicious content should report it, she said. The company didn't directly answer questions such as why the ads are going directly to Facebook users, and what the platform is doing to protect them.
“Our research shows that 70% of people whose pages are taken over just walk away and create a new one,” Velasquez said. “They can't get any information back from the platform, and they can't wrestle control away from the scammers.”
Scott Shackleford, a professor at Indiana University Kelley School of Business and executive director of the Center for Applied Cyber Security Research, said, “It's gotten easier than ever before to create those types of phishing websites … and you can also use those same tools to scan for vulnerabilities."
And while defenders can use AI to scan their own sites and software, attackers can use the exact same technology to spot bugs and launch malware. When people click or enter their information, “without even realizing it, their system has been compromised,” he said.
How to protect yourself
Velasquez advised shoppers to slow down, especially if they’re on a site for a smaller or newer business. We’re most vulnerable when we’re hurrying to check things off the to-do list and get a good deal, especially one too good to be true. “But if you step back and take a few minutes to think, that can make all of the difference,” Velasquez said.
If you’re interested in an item you see in an ad that comes your way via text or email or online, go directly to the site instead of clicking a link that can lead you to a fake one. While you may get the credit card charges reversed, scammers still could have already collected valuable information about you and sold it.
Fake charity scammers can also target big-hearted givers. Even if you recognize the charity, go directly to the actual site before you donate. Charity Navigator or an IRS tool are good places for verifying.
And finally, it’s never a bad idea to go to an actual store. “There's a lot to be said for shopping local,” Shackleford said. “Not only is it good for the economy and good for our communities, but it's much, much less likely that you're going to be hoodwinked.”
Read more
about personal finance
Shares