AI is being used by office fraudsters to fiddle their expenses, a cybersecurity expert has warned.
Many places of work will ask their employees to upload a photo of a receipt they need reimbursing for before their expense is approved.
Scammers don’t need sophisticated skills in technology or Photoshop anymore, because now it is as easy as asking a chatbot to create a receipt for a business transaction that never happened.
Even with minor errors that AI models can sometimes make, these are likely to be missed by the managers approving claims as they often have so many to sift through.
Jake Moore, the Global Cybersecurity Advisor for ESET, said the scam is scarily realistic and can fly past under the nose of financial teams.
He told the Daily Mail: ‘AI has enabled crime to be sped up and become accessible to many more people.
‘Tools like Photoshop can be difficult and take a long time to learn. Now with AI, just by speaking in a natural language to it and giving it a prompt you can get what you want.
‘If you ask it to make you one from scratch it can look fake, but if you start the prompt with a real receipt, it is impressively quick. It’s shocking how it looks extremely realistic.’
AI is being used by office fraudsters to fiddle their expenses, a cybersecurity expert has warned. The cyber expert put a chatbot to the test and made a £38.20 Starbucks receipt that could trick almost anyone
The cyber expert put a chatbot to the test and made a £38.20 Starbucks receipt that could trick almost anyone. And it can be done all in a matter of seconds.
Mr Moore added: ‘AI images can sometimes look generated, but in a situation where you’re someone in a financial team going through these quickly and at masse, it could get through.
‘It’s a potential area that financial teams aren’t thinking about and can go under the radar quite easily.
‘People have said “why would you risk getting caught for an extra £35”, but we are in a cost-of-living crisis, and this could be of interest to someone who wants to try and claim a bit of extra money.
‘We have a shop theft issue in this country where we see people brazenly walking out with bags of shopping because there is something like a threshold of £200 where police won’t get involved,’ and little thefts are a small win for some people, he said.
Mr Moore said the ease and sophistication of this kind of fraud can be difficult to mitigate against, ‘especially when they look so authentic’.
He advised businesses to start handing out company credit cards instead as he urged to increase awareness around manipulating AI for financial gain.
‘If they’re using their own card to claim reimbursements, it’s likely to be a small amount as you will usually need a company card to make a big purchase, which can also be a good way to be able to monitor payments and mitigate against it.
People often spot scam emails and texts because they are badly written but some chatbots can easily create messages that convincingly impersonate businesses and official bodies
‘Financial teams should look out for blurry text, misaligned formatting and the VAT number.
‘If it’s a fake, when cross-checked [using a VAT number service] the shop at the top at the receipt won’t be correct.
‘We all need to raise our awareness.’
It comes as experts have warned that online fraudsters could use AI to launch a wave of convincing scams.
Cybersecurity company Norton warned that criminals are turning to AI tools such as ChatGPT to generate extremely convincing phishing emails and create ‘lures’ to rob victims.
Chatbots also completely remove the language barrier for cybercriminal gangs around the world, warns Julia O’Toole, CEO of MyCena Security Solutions.
She said: ‘Phishing has come on significantly since email scams first hit inboxes, but a lack of proficiency in language and culture has still been a major barrier for scammers, who have struggled to make their emails realistic.’
People often spot scam emails and texts because they are badly written but some chatbots can easily create messages that convincingly impersonate businesses and official bodies.
Consumer group Which? previously asked ChatGPT to create an email telling the recipient someone had logged into their PayPal account.
In seconds, it produced a professionally written email with the heading ‘Important Security Notice – Unusual Activity Detected on Your PayPal Account’.
It included steps on how to secure the account and links to reset a password and contact customer support.
But fraudsters would be able to use these links to redirect recipients to their malicious sites.