AI-Assisted Fraud Has Flipped From Attacking Banks to Attacking Customers

Recently, in an attack dubbed “Jade Puffer,” researchers documented what they’re calling the first end-to-end cyberattack run by agentic software. A large language model is said to have orchestrated the intrusion from start to finish, according to Sysdig. The LLM’s behaviour was self-narrating. It reasoned with natural language, prioritised targets, and did so with detailed [...] The post AI-Assisted Fraud Has Flipped From Attacking Banks to Attacking Customers appeared first on Fintech News Malaysia .
Recently, in an attack dubbed “Jade Puffer,” researchers documented what they’re calling the first end-to-end cyberattack run by agentic software. A large language model is said to have orchestrated the intrusion from start to finish, according to Sysdig . The LLM’s behaviour was self-narrating. It reasoned with natural language, prioritised targets, and did so with detailed annotations that human operators don’t usually write. More unsettling still is that the LLM adapted the attack in real time. It retried failed steps with refined parameters, going from a broken login to a working fix in 31 seconds. The reality landing on cybersecurity teams today is inescapable: they have to fight agentic fire with agentic fire, and figure out how to blunt attacks of this sophistication (and the ones coming next) before they begin. Jade Puffer is only one sharp end of a much broader shift. Around 97% of organisations globally have reported some form of AI-assisted fraud security incident , and closer to home, AI-assisted fraud in Asia has shifted from attacking bank systems to attacking bank customers. That reality set the tone at the LexisNexis Risk Ready 2026 panel in Kuala Lumpur. The panel comprised Irfan Amer, Chief Information Security Officer at AEON Bank; Dr Mohanamerry Vedamanikam, the Chief Compliance Officer at Boost Bank; Lolitta Suffian, SVP, Customer Experience, at Bank Simpanan Nasional; and Edward Metzger, Vice President, Market Planning for Payments Efficiency and Platforms at LexisNexis Risk Solutions. Moderated by Vincent Fong, the Chief Editor for Fintech News Network, the panelists traded views and insights on a landscape that has shifted sharply over the year, and what Malaysian banks need to do about it. Deepfake Scams Are No Longer Just for Big Targets When asked what had changed over the past year for scams, Edward Metzger, the Vice President of Market Planning for Payments Efficiency and Platforms at LexisNexis Risk Solutions, zoomed out to spotlight the bigger picture. He pointed to the latest version of Claude and its software engineering capabilities as the moment that caught the industry’s attention recently. It is now within the reach of a person to instruct a model to write a piece of impersonation software. “You can resurrect dead family members using old videos. Not even death can now protect you from being impersonated, and someone can do that with a $200 credit on Anthropic.” The economic implication could be the hardest hit yet. In the famous Hong Kong $25 million deepfake scam, a finance worker was tricked into wiring tens of millions after a video call with fabricated colleagues. At that time, the move was deemed justifiable as there was a lot of money at stake, and it took them (fraudsters) a lot of time and effort to generate the setup, Edward shared. Today, fraudsters could easily afford the time and effort, as the barrier to entry has collapsed, and with it, the assumption that only high-value targets need to worry. The Manipulation Beneath “Authorised” Payments Dr Mohanamerry Vedamanikam, the Chief Compliance Officer at Boost Bank with a doctorate in money mules, brought a different lens to the story of scams. According to her, when she started her research back in 2019, Malaysian university students had become the demographic of choice for scammers, fraudsters and money launderers. To better understand why they were the target segment, Dr Mohanamerry conducted a controlled study. Participants were presented with 10 job offers, riddled with embedded scam elements. 97% of them failed, picking up the scam jobs they were meant to filter out. @fintechnewsnetwork 97% of university students picked the scam job. In her doctorate research on money mules, Dr Mohanamerry Vedamanikam of @myboostbank gave Malaysian university students ten job offers, some real, some with scam elements hidden inside. Nearly all of them chose the ones they were supposed to avoid, and 45% of that group said they already knew what fraud was. Knowing about scams did not save them. Scams MoneyMule JobScam FintechNews ♬ original sound – Fintech News Network – Fintech News Network More striking still, 45% of that 97% claimed that they already knew what fraud and money laundering were before the exercise. That gap between self-reported awareness and actual behaviour is, for Dr Mohanamerry, the whole story behind the rise of authorised payments as a fraud vector. She added, “This is where the authorised payment comes in. When a consumer thinks that they’re doing the right thing, they’ve actually been psychologically manipulated to think that they are doing the right thing.” In the second half of her research, the group was split into two. One group was given a full education, including what red flags are and where those red flags lead. When this particular group was given the same test, the results were inverted. “98% of them passed. Therefore, 2% didn’t get it. There will still be a group of people, despite the education you give, who will have this issue. But change can be achieved, based on this research with the university students.” Banks Need More Than Customer Prompts to Stop Scams Edward Metzger, Vice President, Market Planning for Payments Efficiency and Platforms at LexisNexis Risk Solutions , turned the discussion to the UK for a case study in how regulators have tried to answer scam prevention. He said that the results were “revolutionary, and potentially not in a good way.” @fintechnewsnetwork Should YOU pay for it if you get scammed? In the UK, your bank pays you back. The catch: endless “are you sure” pop-ups, while the apps where the scam found you pay nothing. scams money banking fintech uk ♬ original sound – Fintech News Network – Fintech News Network Two rule changes reshaped the ecosystem there. First, Edward shared that when there is a scam, there is a market understanding there that the victim should be compensated by the bank, except in certain concrete circumstances. In other words, the bank is at fault, and not the victim. However, that may not always be the case. Next, whenever a scam happens, it usually involves a payment from one bank to another bank. Rules were changed whereby a 50/50 split of that loss was made between the sending and the receiving bank. The aftereffects have been somewhat mixed from these two factors. On the upside, banks have become hyper-focused on stopping scams, with every transaction triggering a cascade of confirmation prompts. The downside is that users have become used to clicking their way through. Edward adds, “The key is using data and technology behind the scenes, and in particular, fraud intelligence networks across the industry. That is the key to stopping scams.” Auditable and Trackable, But It’s Still Not Enough Irfan Amer, the Chief Information Security Officer at AEON Bank, shared that for AI to be trusted inside a bank, three things have to be nailed. Firstly, it has to be auditable, that is, wherever AI is in use, its use must be identifiable and reviewable against a standard of what is acceptable. Next, AI has to be trackable, meaning that there has to be a clear record of what moved from one state to another. Finally, it has to be explainable. “We cannot hide behind the algorithm,” Irfan shared. “I think these elements are still very much in the works.” Those principles, he acknowledged, are still very much a work in progress. However, the trust model underpinning digital payments, like encryption, biometrics, and personal data, is already under attack from a direction most banks are not yet resourced to counter. “The very thing post-quantum computing is trying to do is to break cryptography. We’re seeing a lot of harvest now, decrypt later,” Irfan said. @fintechnewsnetwork Hackers are stealing data they can’t even read yet. Encrypted files, biometrics, personal data, all useless to them today. The bet: when quantum computers arrive, they crack it all at once. Irfan Ismail Amer, CISO of @aeonbank, explains why the industry calls it harvest now, decrypt later, and why your data never expires. cybersecurity hackers quantumcomputing scams tech ♬ original sound – Fintech News Network – Fintech News Network Threat actors, he explained, are already moving through the dark web to harvest biometrics, cryptographic material and personal data, banking on the arrival of post-quantum computing to unlock what they cannot break today. When Human Judgement Still Wins For all the systemic threats stacking up on the horizon, one of the most vivid examples of what actually stopping a scam looks like came from Lolitta Suffian, SVP for Customer Experience at Bank Simpanan Nasional. @fintechnewsnetwork Should a bank be able to block your account? This BSN customer was furious that hers did. She’d moved her EPF savings and was trying to send them to a Macau scam when the bank froze the account. It took a fraud agent three hours on the phone to talk her out of it. Lolitta Suffian on why this still needs a human. FraudPrevention DigitalBanking FintechNews Malaysia ♬ original sound – Fintech News Network – Fintech News Network It took BSN’s fraud agent three hours on a follow-up call to walk a customer through how a Macau scam actually works. Lolitta shared, “Now imagine if you had outsourced everything to AI. Would AI spend three hours explaining to that person?” For all AI can do, it cannot replace the weight of human oversight. But that does not mean humans can afford to take AI lightly. Mathematician Norbert Wiener framed the current scenario we’re in best in his book, The Human Use of Human Beings, “We have modified our environment so radically that we must now modify ourselves in order to exist in this new environment.” Watch the video below to hear the panel learn more about AI-assisted fraud, even in relation to agentic commerce. Featured image by Fintech News Malaysia The post AI-Assisted Fraud Has Flipped From Attacking Banks to Attacking Customers appeared first on Fintech News Malaysia .
This is a summary. Read the full article at the original source.
Read full article at fintechnews
