{"id":6905,"date":"2024-08-07T13:47:07","date_gmt":"2024-08-07T10:47:07","guid":{"rendered":"https:\/\/blog.eset.ee\/?p=6905"},"modified":"2026-06-14T10:25:06","modified_gmt":"2026-06-14T07:25:06","slug":"how-to-protect-your-phone-and-data-against-face-stealing-scams","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2024\/08\/07\/how-to-protect-your-phone-and-data-against-face-stealing-scams\/","title":{"rendered":"How To Protect Your Phone and Data Against Face Stealing Scams"},"content":{"rendered":"<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Recently, facial recognition technologies have become an&nbsp;<a href=\"https:\/\/www.statista.com\/statistics\/1153970\/worldwide-facial-recognition-revenue\/\" target=\"_blank\" rel=\"noreferrer noopener\">increasingly popular<\/a>&nbsp;tool for secure authentication, one praised for its convenience. When technology giants such as Apple popularized their Face ID technology for face authentication, which, in general,&nbsp;<a href=\"https:\/\/www.techradar.com\/phones\/your-next-samsung-galaxy-phone-could-have-face-id-beating-facial-recognition-tech-if-metalenzs-claims-hold-up\" target=\"_blank\" rel=\"noreferrer noopener\">couldn&#8217;t be fooled by static photographs and encrypts users\u2019 facial data<\/a>, security concerns naturally dwindled to the point where even&nbsp;<a href=\"https:\/\/www.bai.org\/banking-strategies\/consider-facial-biometrics-as-a-cornerstone-of-banking-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">banks and the wider financial sector<\/a>&nbsp;now use facial recognition systems as a form of authorization.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>However, this \u201cgood news\u201d about technological progress may also create a false picture of biometric recognition as the ultimate tool for secure authentication. No more passwords, no more scams, no one can steal a 3D image of your natural face, right?<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Neither time nor cybersecurity practice stands still, so if you think that facial authentication alone will prevent you from being scammed or your device from being breached, read further to understand the limits to the security it can provide. In the latest&nbsp;<a href=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/eset-threat-report-h1-2024\/\" target=\"_blank\" rel=\"noreferrer noopener\">ESET Threat Report H1 2024<\/a>, ESET researchers describe how adversaries use fake mobile apps to replace their own faces with those of their victims using AI face-swapping services. This method can be used by cybercriminals to gain unauthorized access to victims\u2019 accounts.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>The strongest protection lies in using combinations of security approaches \u2014 for example, leveraging facial authentication with multilayered cybersecurity technologies, including multifactor authentication (MFA) built with prevention in mind to avoid attacks before they can do any harm. ESET covers both&nbsp;<a href=\"https:\/\/www.eset.com\/int\/home\/mobile-security-android\/\" target=\"_blank\" rel=\"noreferrer noopener\">consumers<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/www.eset.com\/int\/business\/solutions\/mobile-threat-defense\/\" target=\"_blank\" rel=\"noreferrer noopener\">business users<\/a>&nbsp;with mobile device protection that combines AI, human expertise, and a prevention-first approach.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:heading {\"level\":3} \u2013><\/p>\n<h3 class=\"wp-block-heading\">Preferred security authentication<\/h3>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Biometrics have gained popularity among both consumers and businesses, largely around ease of use. In 2023, biometrics such as fingerprint or face scan were the&nbsp;<a href=\"https:\/\/www.statista.com\/statistics\/1448883\/preferred-security-authentication-methods-in-selected-countries\/\" target=\"_blank\" rel=\"noreferrer noopener\">most preferred security authentication<\/a>&nbsp;methods to access users\u2019 online accounts, apps, and smart devices. Biometric authentication was used by 27 percent of respondents among consumers in various countries.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Another&nbsp;<a href=\"https:\/\/www.statista.com\/statistics\/1446265\/top-solutions-to-replace-workplace-passwords-us\/Subhead\" target=\"_blank\" rel=\"noreferrer noopener\">2023 survey<\/a>&nbsp;found that nearly 60 percent of respondents among IT and cybersecurity leaders in the United States mentioned biometrics when asked what they were replacing or expecting to replace workplace passwords with.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Facial recognition, also a part of the biometrics market, reflects public demand for this new technology. In 2022, the market&nbsp;<a href=\"https:\/\/www.statista.com\/statistics\/1153970\/worldwide-facial-recognition-revenue\/\" target=\"_blank\" rel=\"noreferrer noopener\">was estimated<\/a>&nbsp;at roughly $5 billion and is expected to grow, reaching $19.3 billion by 2032.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Since Apple\u2019s camera- and laser-based&nbsp;<a href=\"https:\/\/support.apple.com\/en-us\/102381\" target=\"_blank\" rel=\"noreferrer noopener\">3D face mapping<\/a>&nbsp;was introduced in 2017, big market players such as Samsung have also been considering new technologies such as&nbsp;<a href=\"https:\/\/www.techradar.com\/phones\/your-next-samsung-galaxy-phone-could-have-face-id-beating-facial-recognition-tech-if-metalenzs-claims-hold-up\" target=\"_blank\" rel=\"noreferrer noopener\">Metalenz&#8217;s tools<\/a>&nbsp;that can read polarized photons and create an image of a specific face or even record a brief video skin signature.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:heading {\"level\":3} \u2013><\/p>\n<h3 class=\"wp-block-heading\">New attack vector<\/h3>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Nowadays, certain financial apps require that users record a brief video of their face from various angles using the front camera of their mobile device as a form of secure authentication. However, what was intended as an extra layer of security to prevent identity theft and fraudulent activities recently became another attack vector for cybercriminals.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Group-IB\u2019s Threat Intelligence unit&nbsp;<a href=\"https:\/\/www.group-ib.com\/blog\/goldfactory-ios-trojan\/\" target=\"_blank\" rel=\"noreferrer noopener\">discovered<\/a>&nbsp;a previously unknown iOS Trojan GoldPickaxe.iOS, an imitation of legitimate Thai government applications such as Digital Pension for Thailand. These malicious apps collect identity documents, SMS, and facial recognition data. Likely to ensure the greatest catch of personal data, some member of the GoldPickaxe malware family is available for both iOS and Android platforms. Group-IB attributed the campaign to a Chinese-speaking cybercrime group called GoldFactory.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>This malware family is also detected by ESET security solutions.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>The GoldPickaxe Android version is distributed via websites posing as the official Google Play store. To distribute the iOS version, the threat actors use a multistage social engineering scheme to persuade victims to install a mobile device management (MDM) profile, which allows attackers to gain complete control over the victim\u2019s iOS device.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>For example, attackers pretended to be officials from the Thai Ministry of Finance approaching citizens claiming that the targeted users\u2019 elderly relatives were eligible for additional pension benefits. The victims were then persuaded to click on links to the criminals\u2019 websites to download an MDM profile.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>In this way, attackers can access victims&#8217; facial recognition data without cracking Apple\u2019s privacy protection measures such as the&nbsp;<a href=\"https:\/\/support.apple.com\/guide\/security\/secure-enclave-sec59b0b31ff\/web\" target=\"_blank\" rel=\"noreferrer noopener\">Secure Enclave<\/a>, a hardware-based secure environment designed to keep sensitive user data.&nbsp;<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:heading {\"level\":3} \u2013><\/p>\n<h3 class=\"wp-block-heading\">Creating deep fake videos<\/h3>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Once installed, GoldPickaxe prompts the victim to record a video as a confirmation method in the fake application. The recorded video is then used as raw material for the creation of deepfake videos facilitated by face-swapping artificial intelligence services.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>But that\u2019s not all, since the fake video would not be enough by itself to fool a bank\u2019s security and authentication systems. The malware also requests the victim\u2019s ID documents, intercepts SMS, and redirects traffic through the proxy server.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>GoldPickaxe does not directly perform unauthorized transactions from the victim\u2019s phone. Instead, it collects all the necessary information from the victim to autonomously access the victim\u2019s banking application.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Group-IB researchers hypothesize that the cybercriminals use their own devices to log in to bank accounts, a tactic that was also confirmed by the Thai police.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:heading {\"level\":3} \u2013><\/p>\n<h3 class=\"wp-block-heading\">The importance of prevention<\/h3>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Considering the use of call centers, advanced malware, and AI for deepfake video production, it\u2019s clear that these cybercriminals put some effort into their attacks. This, however, doesn\u2019t mean that such threats cannot be stopped, especially with good prevention.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p><strong>Let\u2019s start with basic awareness principles:<\/strong><\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:list \u2013><\/p>\n<ul class=\"wp-block-list\"><!\u2013 wp:list-item \u2013><\/p>\n<li>Always try to verify claims about eligibility for prizes, discounts, or, as in the case of GoldPickaxe, pension bonuses. If it seems too good to be true, it probably is.<\/li>\n<p><!\u2013 \/wp:list-item \u2013><\/p>\n<p><!\u2013 wp:list-item \u2013><\/p>\n<li>Pay attention to websites distributing mobile apps and use only official app stores.<\/li>\n<p><!\u2013 \/wp:list-item \u2013><\/p>\n<p><!\u2013 wp:list-item \u2013><\/p>\n<li>Don\u2019t be fooled by phishing websites. Learn to recognize phishing\u00a0<a href=\"https:\/\/www.eset.com\/int\/phishing\/\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>.<\/li>\n<p><!\u2013 \/wp:list-item \u2013><\/p>\n<p><!\u2013 wp:list-item \u2013><\/p>\n<li>Suspicious activity on your smartphone? Run a security scan with a reputable security app.<\/li>\n<p><!\u2013 \/wp:list-item \u2013><\/p>\n<p><!\u2013 wp:list-item \u2013><\/p>\n<li>After discovering a malicious app, delete it and restart your phone. Resetting your Android device to factory settings may be necessary.<\/li>\n<p><!\u2013 \/wp:list-item \u2013><\/ul>\n<p><!\u2013 \/wp:list \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>However, no one is 100% immune to phishing, and&nbsp;<a href=\"https:\/\/theconversation.com\/email-scams-are-getting-more-personal-they-even-fool-cybersecurity-experts-186009\" target=\"_blank\" rel=\"noreferrer noopener\">even IT specialists<\/a>&nbsp;may fall for scams. To keep your mobile device safe, you also need reliable cybersecurity protection.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p><a href=\"https:\/\/www.eset.com\/int\/home\/mobile-security-android\/\" target=\"_blank\" rel=\"noreferrer noopener\">ESET Mobile Security<\/a>&nbsp;(EMS) takes a proactive approach and can detect and block threats during the download process, even before installation occurs. EMS scans all files in download folders and can also be used to scan already existing ones.&nbsp;<a href=\"https:\/\/www.eset.com\/int\/home\/mobile-security-android\/\" target=\"_blank\" rel=\"noreferrer noopener\">ESET Mobile Security Premium<\/a>&nbsp;offers even more protection with&nbsp;<a href=\"https:\/\/help.eset.com\/ems\/9\/en-US\/antitheft.html?antiphishing.html\" target=\"_blank\" rel=\"noreferrer noopener\">Anti-Phishing<\/a>,&nbsp;<a href=\"https:\/\/help.eset.com\/ems\/9\/en-US\/antitheft.html?antitheft.html\" target=\"_blank\" rel=\"noreferrer noopener\">Anti-Theft<\/a>,&nbsp;<a href=\"https:\/\/help.eset.com\/ems\/9\/en-US\/antitheft.html?payment_protection.html\" target=\"_blank\" rel=\"noreferrer noopener\">Payment Protection<\/a>, and&nbsp;<a href=\"https:\/\/help.eset.com\/ems\/9\/en-US\/antitheft.html?app_lock.html\" target=\"_blank\" rel=\"noreferrer noopener\">App Lock<\/a>. &nbsp;<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>And remember, having one advanced authentication method, no matter how secure (even&nbsp;<a href=\"https:\/\/www.eset.com\/in\/ios-cyber-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">within iOS<\/a>, which is a closed system with built-in security features) is no guarantee of safety. Cybercriminals are creative, and it\u2019s important to have multilayered security in cases where some layers of defenses may be evaded.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:heading {\"level\":3} \u2013><\/p>\n<h3 class=\"wp-block-heading\">Protecting businesses<\/h3>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>So far, GoldPickaxe has only been targeting consumers. However, similar threats abusing facial recognition technology together with face-swapping AI could potentially be used to target financial departments of companies or business managers.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>There have already been attacks involving&nbsp;<a href=\"https:\/\/edition.cnn.com\/2024\/02\/04\/asia\/deepfake-cfo-scam-hong-kong-intl-hnk\/index.html\" target=\"_blank\" rel=\"noreferrer noopener\">deepfake videos of C-level executives<\/a>&nbsp;that have led to huge financial losses. A&nbsp;<a href=\"https:\/\/blackcloak.io\/news-media\/blackcloak-ponemon-study-preliminary-2023\/\" target=\"_blank\" rel=\"noreferrer noopener\">2023 study<\/a>&nbsp;conducted by BlackCloak and Ponemon Institute shows that senior-level corporate executives are increasingly being targeted by sophisticated cyberattacks, including online impersonation.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Even with thorough cyber-awareness training, there is still a good chance that employees will fall victim to sophisticated attacks exposing their corporate mobile devices, paving the way for further attacks against their company. To learn more about the topic of businesses&#8217; attack surface vectoring from employee mobile devices,&nbsp;<a href=\"https:\/\/www.eset.com\/blog\/business\/armor-your-achilles-heel-reduce-your-business-attack-surface-vectoring-from-employee-mobile-devices\/\" target=\"_blank\" rel=\"noreferrer noopener\">check this blog<\/a>.&nbsp; &nbsp;<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Being aware of this, ESET has introduced a new&nbsp;<a href=\"https:\/\/www.eset.com\/int\/business\/solutions\/mobile-threat-defense\/\" target=\"_blank\" rel=\"noreferrer noopener\">Mobile Threat Defense<\/a>&nbsp;module to its comprehensive business solution ESET PROTECT, with great pricing available for the Advanced tier and higher. Users of ESET PROTECT Advanced and higher can enjoy one free mobile device seat per one paid seat for other devices.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:heading {\"level\":3} \u2013><\/p>\n<h3 class=\"wp-block-heading\">A single tool is not enough<\/h3>\n<p><!\u2013 \/wp:heading \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Creating fake videos using AI for scams sounds scary (and there already are&nbsp;<a href=\"https:\/\/www.theguardian.com\/film\/2023\/may\/25\/influencer-review-smart-thriller-about-instagrammers-in-mortal-peril\" target=\"_blank\" rel=\"noreferrer noopener\">thriller movies<\/a>&nbsp;utilizing this idea), but ESET research clearly shows that even these elaborate attacks can be avoided or stopped via appropriate cybersecurity solutions.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n<p><!\u2013 wp:paragraph \u2013><\/p>\n<p>Let this case be a reminder that no technology is the ultimate answer for everything, and reliable cybersecurity consists of a multilayered defense combined with a prevention-first approach.<\/p>\n<p><!\u2013 \/wp:paragraph \u2013><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently, facial recognition technologies have become an&nbsp;increasingly popular&nbsp;tool for secure authentication, one praised for its convenience. When technology giants such as Apple popularized their Face ID technology for face authentication, which, in general,&nbsp;couldn&#8217;t be fooled by static photographs and encrypts users\u2019 facial data, security concerns naturally dwindled to the point where even&nbsp;banks and the wider [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":6906,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2879,147,2905,2880,155],"tags":[],"class_list":["post-6905","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business-security","category-cybercrime","category-devices","category-digital-security","category-how-to"],"acf":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/6905","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=6905"}],"version-history":[{"count":0,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/6905\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/6906"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=6905"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=6905"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=6905"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}