AI Amplifying Corporate Fraud at Unprecedented Levels, Security Officials Warn
Criminals are leveraging artificial intelligence to defraud Canadian individuals and corporations at rates described as "staggering" by top private sector security experts. The rapid advancement of AI technology has created new vulnerabilities that threat actors are exploiting with increasing sophistication and scale.
Synthetic Humans and Internal Threats
André Boucher, chief technology officer at National Bank, emphasized the dramatic escalation in fraudulent activities. "We've never seen such an increase in fraud as we've seen recently," Boucher stated. "It is not a linear curve, it is accelerating and accelerating. The threat actors, the people who don't have any values in life and are willing to abuse the elderly, people in need, they are doing it faster, more convincingly and at scale."
Nicholas Payant, chief information security officer at Bell Canada, highlighted a particularly concerning development: "The rate of change has never been as high" with scamming techniques. He specifically cited the danger of artificial intelligence posing as legitimate job candidates who secure employment positions only to defraud companies from within their own organizations.
North Korean Operations Using Advanced AI Tools
Recent months have revealed sophisticated international operations where North Korean agents employ AI technology to create entirely fabricated IT professionals. These synthetic workers apply for remote positions within Western organizations with the explicit goal of stealing sensitive information and financial resources to support North Korea's authoritarian regime.
Microsoft's Threat Intelligence team recently documented the activities of a group identified as "Jasper Sleet" that specializes in generating fake IT workers. According to their findings, this group utilizes the AI application Faceswap to insert North Korean IT workers' faces into stolen identity documents while generating polished professional headshots for fraudulent resumes.
The Microsoft report detailed: "In some cases, the same AI-generated photo was reused across multiple personas with slight variations. Additionally, Jasper Sleet has been observed using voice-changing software during interviews to mask their accent, enabling them to pass as Western candidates in remote hiring processes."
From Obvious Scams to Undetectable Deception
Boucher contrasted current AI-powered fraud with earlier, more easily detectable schemes: "AI has allowed scammers to create 'synthetic human beings' that sound and even look exactly like another person on screen. It's a far cry from the era of spam emails replete with spelling mistakes and grammatical incongruities that made scams more easily detectable."
North Korean groups have developed particularly sophisticated approaches, using AI to generate realistic professional profiles tailored to specific local markets. These profiles highlight in-demand skills and certifications while applying for dozens of available positions simultaneously through automated systems.
Security Summit Highlights Dual Nature of AI
Boucher participated in a panel discussion at the Macdonald-Laurier Institute Energy Security Summit alongside James Bouchard, chief information security officer at Enbridge Gas, and Nicholas Payant of Bell Canada. All three security leaders acknowledged AI's significant benefits for organizational productivity while simultaneously warning about its escalating risks.
Boucher described this period as a "fantastic moment in history" with an "unending appetite" for new AI-powered initiatives. However, he and his colleagues emphasized that threat actors are leveraging the same technological advancements, creating security challenges that evolve at breakneck speed.
Bridget Walshe, associate head of the Canadian Centre for Cyber Security, summarized the complex landscape: "Artificial intelligence 'comes with a lot of risks.' We're learning how to use it, we're learning how threat actors are using it." This statement underscores the ongoing cat-and-mouse game between security professionals and increasingly sophisticated cybercriminals exploiting AI capabilities.
