We’ve all heard of catfish scams – when someone pretends to be a lover on the other side of the screen, but instead, they aren’t who they say they are once their real face is revealed. Now, there’s a similar scam on the rise, and it’s much more sophisticated because scammers can fake the face, too. The scam is known as the “Yahoo Boys” scam, and it’s taking “catfishing” to a whole new level.


Woman on laptop making a heart sign (Kurt “CyberGuy” Knutsson)

How does deepfake technology work?

Deepfake technology uses AI to allow people to impersonate others over audio or video. The technology is essentially able to replicate someone’s face, facial expressions, gestures, voice, etc., so that the scammer can pretend to be someone they aren’t with almost perfect accuracy. Although deepfake technology has some intentions for good – like in the film industry or advertising (though there are some debates regarding the ethics of this) – it’s generally used for more malicious purposes than anything else.

Because it’s very difficult to tell whether or not a deepfake is the real person or a deepfake (and also because deepfakes are relatively new), deepfakes can have the potential to do a lot of damage. From the larger implications of it being used to spread inaccurate news stories that can sway public opinion and political processes to it being used to inflict damage on individuals with scams, it’s important to know what to watch out for.

How ‘Yahoo Boys’ use real-time face-swapping to carry out elaborate romance scams

Woman with a scan on her face (Kurt “CyberGuy” Knutsson)


What is the ‘Yahoo Boys’ scam?

The “Yahoo Boys” scam involves a group of sophisticated cybercriminals, primarily based in Nigeria, who are using this technology to conduct what’s otherwise known as romance scams. Like some catfishing attempts, they first build trust with victims through personal and romantic interactions over messaging and, eventually, video calls, where they then manipulate their appearances in real time to match the description and profile they may have shared with them up until that point.

By doing this, they can trick the victim into trusting them even more. This is because most of us still use video as a way to verify a person’s identity, when messaging isn’t convincing enough. Finally, when the timing is right, the victims are often persuaded into transferring money based on various fabricated scenarios, leading to significant financial losses. In fact, the FBI reported over $650 million lost to romance scams like these.

How ‘Yahoo Boys’ use real-time face-swapping to carry out elaborate romance scams

Man on his cellphone (Kurt “CyberGuy” Knutsson)


How does it actually work?

In the case of the “Yahoo Boys” scam, the scammers do their dirty work by:

Step 1: The scammer will use two smartphones or a combination of a smartphone and a laptop. One device is used to conduct the video call with the victim, while the other runs face-swapping software.

Step 2: On a secondary device, the scammer activates face-swapping software. This device’s camera films the scammer’s face, and the software adds a digital mask over it. This mask is a realistic replica of another person’s facial features, which the scammer has chosen to impersonate. The software is sophisticated enough to track and mimic the scammer’s facial movements and expressions in real time, altering everything from skin tone and facial structure to hair and gender to match the chosen identity.

Step 3: For the video call, the scammer uses a primary device with its rear camera aimed at the secondary device’s screen. This screen shows the deepfake – the digitally altered face. The rear camera captures this and sends it to the victim, who sees the deepfake as if it’s the scammer’s actual face. To make the illusion more convincing, the devices are stabilized on stands, and ring lights provide even, flattering lighting. This setup ensures that the deepfake appears clear and stable, tricking the victim into believing they’re seeing a real person.

Step 4: Throughout the call, the scammer speaks using their own voice, although in some setups, voice-altering technology might also be used to match the voice to the deep-faked face. This comprehensive disguise allows the scammer to interact naturally with the victim, reinforcing the illusion.

Though each deepfake scam is different, having a basic level of understanding in terms of how scams like these work can help you recognize them.

How ‘Yahoo Boys’ use real-time face-swapping to carry out elaborate romance scams

Scammer typing on a keyboard (Kurt “CyberGuy” Knutsson)

How to stay safe from deepfake scams

To protect yourself from deepfake scams like the “Yahoo Boys” scam, here’s what you can do:

Verify identities: Always confirm the identity of individuals you meet online through video calls by asking them to perform unpredictable actions in real time, like writing a specific word on paper and showing it on camera.

Be skeptical of unusual requests: Be cautious if someone you’ve only met online requests money, personal information or any other sensitive details.

Enhance privacy settings: Adjust privacy settings on social media and other platforms to limit the amount of personal information available publicly, which can be used to create deepfake content.

Use secure communication channels: Prefer secure, encrypted platforms for communications and avoid sharing sensitive content over less secure channels.

Educate yourself about deepfakes: Stay informed about the latest developments in deepfake technology to better recognize potentially manipulated content.

Report suspicious activity: If you encounter a potential scam or deepfake attempt, report it to the relevant authorities or platforms to help prevent further incidents.

By following these guidelines, you can reduce your risk of falling victim to sophisticated digital scams and protect your personal and financial information from falling into the hands of these scammers.

How ‘Yahoo Boys’ use real-time face-swapping to carry out elaborate romance scams

Woman talking on her cellphone (Kurt “CyberGuy” Knutsson)


Protecting your identity in the age of deepfakes

As deepfake technology becomes more accessible and convincing, the risk of identity theft increases. Scammers can use stolen personal information to create more believable deepfakes, making it harder for you to detect fraud. Furthermore, the sophistication of deepfakes may allow criminals to bypass biometric security measures, potentially granting them unauthorized access to your personal accounts and sensitive financial information. This is where identity theft protection services become invaluable.

Identity Theft companies can monitor personal information like your Social Security Number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

By subscribing to a reputable identity theft protection service, you can add an extra layer of security, ensuring that your digital presence is monitored and protected against the ever-evolving tactics of cybercriminals like the “Yahoo Boys.”


Kurt’s key takeaways

The main targets of the “Yahoo Boys” scam are individuals who establish online romantic relationships with the scammers. Because these victims are often emotionally invested and therefore more susceptible to manipulation, there’s not necessarily a specific age or demographic that can become a victim. And because we know the root of all these scams is the deepfake technology, truly anyone can become a target. So, we hope this helps, but also, be sure to spread the word to friends and family.

Have you heard of any other types of deepfake scams? Or do you know anyone who has been a victim of scams like this? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com. All rights reserved.


Source link