For all the recent focus on artificial intelligence and its potential for deepfake impostures, the boiler room is still very much active in the criminal underworld. WIRED describes the ways in which people in many parts of the world (Ireland, France, Nigeria, and Mexico) have been recruited to work as freelancers for a company that seeks to profit from lonely people looking for love.
This is how a typical operation runs. Freelancers are recruited to work as either customer service representatives or content moderators. Once on the job, however, they find themselves being used to cycle through a set of “virtuals,” or phony personae intended to engage marks romantically–they’ve been hired, they learn, to work as "catphish."
The companies that hire them operate subscription-based dating sites. The freelancers are assigned a virtual with a brief, well-crafted and convincing backstory. They then riff on that backstory as they interact with the marks. One of the virtuals WIRED describes had this fictitious biography:
“Andrea667 (45), lonely divorcee looking for a man"
“Home: Chesham Bois - 3 bed House with her kids"
“Job: Owner of a makeup & beauty products shop in Watford 10-6pm, Mon-Sat"
“Food/Drinks: pub lunch, lamb jalfrezi, strong Brazilian coffee"
“Child 1: Ben - 15 (2006)”
It’s often not a lengthy relationship. Freelancers may cycle through personae at a rate of two minutes per virtual. The goal is to keep the mark engaged and paying.
Where labor is cheap and capital is expensive, the criminal market will go for a labor-intensive approach. Exploiting economically desperate people is still be an easy way to commit fraud at scale. What works for catphishing can work equally well for social engineering directed against organizations. But whether the threat comes from chatbots or boiler rooms, new school security awareness training can help any organization arm its people against social engineering.
WIRED has the story.