AI-driven scams are on the rise, turbocharging criminal activities. DBS is actively combating this threat to safeguard customer funds, employing a multi-faceted approach centered on early detection and swift automated responses.
The bank’s strategy involves three key actions: Search, Identify, and Alert. DBS uses multiple internet scanners from different vendors that operate at varying frequencies to ensure early detection of potential phishing sites. These scanners are pre-programmed with DBS logos and profiles of top management to quickly identify sites impersonating the bank.
Once identified as targeting DBS customers, the bank immediately updates its security and alert website, providing customers with first-hand information within an hour of detection.
Crucially, DBS also deploys an automated response system that engages hosting providers to take down these phishing sites. This automated process allows DBS to block access and remove malicious sites, often within an hour, without human intervention, ensuring rapid customer protection.
DBS emphasizes that this speed would be impossible with manual processes and leverages AI for automation. The ultimate objective is to defend customer funds against these increasingly sophisticated AI-driven scams, including deepfakes impersonating bank executives.
About the speaker:
Jeffrey Koh
Head of Cyber Defense Operation
DBS Bank
5W1H summary
| Category | Answer Pointers |
| Who | 1. DBS customers affected by scams |
| 2. Scammers use AI deepfakes | |
| 3. DBS defends customer funds | |
| What | 1. Rising AI-driven scams |
| 2. Sophisticated deepfake impersonations | |
| 3. Automated scam site takedown | |
| When | 1. AI scams increasing lately |
| 2. Website updates hourly | |
| 3. Sites taken down within hour | |
| Where | 1. Scams target online websites |
| 2. DBS security and news website | |
| 3. Hosting providers host sites | |
| Why | 1. Defend customer funds |
| 2. Scammers turbocharge activities | |
| 3. Prevent customers falling victim | |
| How | 1. Early detection, identify, alert |
| 2. Multiscanners, automated response | |
| 3. Automated takedown, host engagement |
Frequently Asked Questions
1. How worried should we be about AI-driven scams? AI-driven scams have been on the rise over the past months. DBS is actively taking steps to defend customer funds by combating these increasing AI-driven scams.
2. How does DBS detect AI-driven scam websites? DBS employs a multi-scanner system, using different scanners from various vendors that operate at different frequencies to ensure early detection. These scanners are pre-provided with DBS logos and top management profiles to pre-identify potential sites impersonating DBS and targeting its customers.
3. What action does DBS take once a scam website is detected? Upon detection, DBS immediately updates its security and news website (within an hour) with detailed information about the scam site. Furthermore, an automated response system blocks access to these phishing sites and engages hosting providers to have them taken down, typically within an hour.
4. Does DBS assist in taking down scam sites that do not target DBS customers (e.g., UOB or OCBC)? DBS does not have the authority to directly assist in the takedown of websites that do not specifically target DBS customers. However, there is industry-wide threat intelligence sharing, and such incidents can be reported through platforms like the Singapore Scam Shield, which then informs the relevant banks.
5. How sophisticated are the AI-driven deepfakes used by scammers, particularly those impersonating DBS’s CEO? AI has transformed significantly over the past year, gaining the capability to impersonate top management. The aim of these deepfakes is to scam DBS customers by making them fall victim, indicating their convincing nature.
6. Are DBS’s website takedown processes automated or do they require human intervention? DBS’s website takedown process is fully automated. The automated response system engages hosting providers directly with supporting artifacts to submit requests for takedown, without human intervention. This automation is crucial for achieving the goal of taking down sites within an hour.
Transcript of the Conversation
Once again, great pleasure to meet you. Especially at this important time where I read this the other day, AI is not writing words as much as it’s writing code and it brings home the fact that if the scammers are also using AI then obviously they’re turbocharging their own scamming activities. Firstly, can I get you to paint the bigger picture here? How worried should we be about AI-driven scams?
In AI-driven scam, if you read from the news, it has been on the rise over the past months. DBS is really to defense our customer funds by taking the fight against all these upcoming or rising AI-driven scam. What do we do in this area? There are three key things that we do: search, identify, and alert. Search is really the first thing about search is really to have early detection about all these websites that’s targeting the DBS customer. The second is to identify, is to make sure that when we scan we want to make sure that are this website really targeting the DBS customer. Third alert is if they are really targeting DBS customer we want our customer to have the first-hand news about it so that they don’t fall for this phishing.
Let’s talk about the first one, the searching bit. What does that mean in practice? Earlier on in one of our earlier chats, you said that you have different scanners that operate at different frequencies and when you said that, it almost sounded you’re using radio scanners, CB scanners, but that’s obviously not it. You’re using internet scanners?
How we achieve this is we have three ways of doing that. First one is a multiscanner, which I later elaborate more about this. Second is our security and news website and thirdly is our automated respond. In our multiscanner, the first one is really because every scanner work at different frequency to ensure that we have early detection not due to time lapse. We use different scanner by different vendors so that whichever found first we can then be able to alert our customer.
Second is our security and alert website. When we alert when we found all these website, we make sure that our customer are being made aware of and not asking them to look all over the place. We have one single place for them to look at which is security and news website which they can find out more information about that. What we do about this is all these website are updated immediately within an hour upon our detection with detail about what this website looks like.
Okay. Can I just take you back to the search then? How do you go about it? You kind of got a search engine and you key in we’re looking for deep fakes on P, we’re looking for deep fakes on Susan and then it shows you the search results. Is it that simple?
For all these scanner how it works what we are looking for is whether are they impersonating DBS. What we do is all these scanner we upfront provided them with all the DBS logo, all the DBS top management profile so that if they are searching for it, it help us to pre-identify all the potential site that is targeting our DBS customer.
These are all the I think it’s called spoofing sites where they impersonate DBS? Yes. And then have you been able to find out who’s behind them? I think of course we try to attribute by doing more analytical behind the scene to identify who is the track actor behind the scene. However, with the technology these days they can hide their trace. Ultimately even we can find them, we need to go back to maybe the Interpol to take down all this track actor.
Recently there was obviously some very large raids that we heard about in Myanmar and the Philippines where some of these scamming centers were targeted were apparently wiped out. Are you seeing an improvement in the number of scamming sites as a result of such actions? Scam can happen in many forms. Today’s what we are really focusing on is about AI scam. In those scam that’s happening out there, I have no further comment on that.
I know much more to add. Obviously there are many links in that chain. Clearly the scammers shouldn’t be scamming. But if consumers were a little bit more savvy, then arguably they can try to scam all they want. If consumers were just a little bit more aware, wouldn’t some of these problems go away? In this, what I earlier mentioned under the how perspective after we detect, we keep our consumer updated in the security and news website. While the website is still up, what we do is we have our automated response. Automated response is our ability to take down all these fishing site even before our customer click on the link and our track record is we are able to take down all this within an hour. And how does that work in practice? This alert goes out presumably to somebody here at IMDA.
Basically, how we do it from earlier I mentioned first point is scanner. Scanner help us to identify, help us to correlate and make sure that are they really targeting the DBS customer. If they are then we update to inform our customer. Third is our automated respond whereby we will put up some blockage to access to the website while we engage our many service to have the website taken down.
And presumably that then happens under POFFMA. The authorization to take down websites obviously has to be government sanctioned in some way, isn’t it?
In the takedown perspective because all these are fishing site and they are hosted by certain hosting provider. What we will do with our automated respond, again I emphasize we don’t use human to do the takedown. Automated respond will engage our hosting provider with all the support artifact to automatically submit to them and prompt them to have the website being taken down.
All automatically.
Yes. Without human. I mentioned all these are being taken down within an hour is not possible if it’s to be done by human.
What happens if somebody in Singapore is using a VPN and is therefore able to bypass some of the traditional hosting providers? Are they more at risk?
Technically there’s no different whether you’re using VPN or not. Ultimately a website is a website. Our thing is really to have it taken down.
You mentioned that we identify whether or not it impacts DBS customers. But what if you find sites that actually impact UOB or OCBC customers? Will you also then try to have that site taken down or are they left to their own devices?
For website that is not targeting DBS customer, because we example where you mentioned OCBC or UOB, DBS is not in the authority to assist them in the takedown. I believe that they should have their own mechanism of handling this.
But DBS is collaborating cooperating with UOB and OCBC and having a single embedded person courtesy of the Association of Banks in Singapore at Interpol headquarters. I mean you would expect there to be some sort of information sharing.
From a track intel perspective, yes industry does have some trend sharing that we will share all these to a common report to their as a customer. We are customer we can still report the website through the Singapore Scam Shield whereby we will report this and indirect Scam Shield will inform the relevant OCBC.
Clearly all of this is an effort which you’d probably rather save yourself. How much money are you having to spend on this on an annual basis?
Nothing come free. We do have certain budget to spend and ultimately the key thing is to defense our DBS customer fund by fighting against all these AI scam.
What would you say then is the return on your investment from the millions of dollars that you’re spending each year on this?
The ultimate outcome that we wanted to achieve in defending our DBS customer fund against this AI-driven scam is really to do three key things: discover, detect, and engage. In discover, the objective is to have early detection even before a customer calls us. Then second detect meaning that we are able to detect all those true fishing site that is targeting DBS customer. As I mentioned engage is once we know about it we want to make sure our customer also get the first-hand information about this and ultimately to do all these things our key objective is to defend our DBS customer fund against all these upcoming or increasing AI driven scam.
It looks like a lot of the scammers are getting more and more sophisticated. And just yesterday I read and I in fact I got the alert today that there are people now fascinating MAS officers. Now, for the fact that I read that on the MAS website and you pinged me through the DBS Digi app, Digi Banking app suggests that this has become quite a big issue. That this is now a very big and urgent threat. What else can you tell us about the impersonation of MAS officers?
Scam can be in any form at any shape. In this scam, it can be targeting DBS. We are still seeing that they are looking at targeting DBS customer using DBS logo, using DBS top management to do all these AI-driven scam, that’s where we see. With regards to your earlier question, I have no comment.
But obviously these people who are impersonating MAS officers first of all they must be asking some questions. They must be again asking for customers to click on a link or to hand over passwords and login over the phone. Is that what they’re doing?
As I mentioned scam can be in any form and any shape. Ultimately, I still want to reemphasize scam that is targeting DBS customer is still our top priority. How do we do that? It is three key things: to discover them, to identify them, and to alert our customer.
Now, you’re obviously sitting here on the panel at IMDA with a variety of vendors which also represent a risk for you earlier this year when Topan the printer of DBS statements for example was ransomware hacked 110,000 customers details were absconded with. Can you again firstly shed some light on what your relationship is with the vendors so that you have a concerted effort to combat the scourge?
Good that you read about this news. Cyber security is a space that is very much evolving and can be targeting anyone out there. However, in scam targeting our DBS customer is still one of our key priority and what we wanted to do is ability to detect them early, inform our customer early and as well as to have it taken down as fast as possible.
How is it possible that Topan, which by definition is dealing with some very sensitive information from its very large customer banks, was even in a position to have a ransomware attack? I mean, didn’t they have the necessary firewalls in place to stop such a thing knowing that they were so exposed?
As I mentioned in the cyber security space beside ransomware, the other upcoming one is about AI-driven scam and AI-driven scam is still one of our key priority. We in which they are targeting our DBS customer and what we do is our ability to detect them early, inform customer early and also to automate the take down of it.
Are you still working with Topan? Have you sacked them as a supplier?
I will say that in any of the cyber security space there are different type of respond. In AI-driven scam our capability is how to protect our customer by taking down the fishing site as fast as possible and our goal about this is we set ourselves a tough target whereby we want to take down all this within an hour and we have been promisingly able to deliver this.
And all in an automated fashion. How many people would this have employed if you’d had to have done this manually?
Automation doesn’t come overnight. What we do we invest time and effort to make sure that we can automate this and test the automation and deliver it. That help us to even having to engage human effort whereby because if you use human there will be some lead time in the taking down.
And you probably would have had to have what 10, 20, 30 people on the job in order to make this work. Could we therefore assume that the automation of this process has cost 30 jobs?
As I mentioned with AI, AI can be used for scam as well. AI can be used for automation. In this space of automation, AI is one of the key measure that we use to help us do all this automation and have the website taken down within an hour.
By some accounts there have already been three instances of deep fakes featuring your new CEO Tanushan. Firstly, how good a quality were they? Were they really so good that the naked eye would not have been able to tell the difference between the deep fake and the real thing?
In AI, as I mentioned, AI has transformed so much over the past one year. AI has a capability to impersonate our top management and their key thing was to scam our DBS customer to make sure that they fall victim to it. What we do is back to the three key points that I mentioned: to have early discovery, early detection, and lastly to alert our customer.