FCC names its first-ever AI scammer in threat alert

The first artificial intelligence robocall scammer has been officially named by the Federal Communications Commission. But is it too little, too late?

After all, Royal Tiger has already gotten away with loads of scams that have impacted millions of Americans.

Let’s talk about what these headlines mean for AI scammers in general, what you still need to be on the lookout for and how to protect yourself from these sophisticated scams going forward.

So, who is the Royal Tiger cyber gang?

Royal Tiger is the first robocall gang named by the Federal Communications Commission (FCC). This group is known to use sophisticated techniques in their cyber scams, such as AI voice cloning, to impersonate staff from government agencies, banks and utilities, known as “robocall” scams.

The crew consists of individuals and voice service providers operating from various countries, including India, the U.K., the United Arab Emirates, and the U.S. The group is led by Prince Jashvantlal Anand, who uses the alias “Frank Murphy,” and his associate Kaushal Bhavsar. Anand has served as “CEO” of “U.S.-based companies” like Illum Telecommunication and PZ Telecommunication

What are robocalls and AI scams?

Robocalls and AI scams involve using automated calling systems and artificial intelligence to deceive and defraud individuals. Although there are a few ways to do this, scammers like Royal Tiger are now relying on AI voice cloning to create realistic-sounding voices that impersonate legitimate entities such as government agencies, banks and utility companies.

Generally, these scams involve using certain trick scenarios to take advantage of their victims, like calling about credit card interest rate reductions or fake purchase authorization orders, which enable them to obtain consumers’ financial and other sensitive data from the individuals that they target.

With phone spoofing techniques, it’s possible to make your caller ID actually show a call from these agencies, too, to make it look more legitimate.

Is the Federal Communications Commission doing anything about it?

The first step to making scammers public — thus, spreading more awareness about these types of scams — is to publicly name and shame them. That’s what the FCC is attempting to do with Royal Tiger, with the hope that detailing their operations will encourage international action against the scammers. Meanwhile, in the U.S., the FCC aims to disrupt their activities and hold them accountable by sending cease-and-desist letters to companies involved in the operation, such as Illum Telecommunication, PZ Telecommunication and One Eye.

In some cases, the FCC has actually required downstream providers to block traffic from these companies. Additionally, the FCC has classified Royal Tiger and its entities as a Consumer Communications Information Services Threat (C-CIST), due to the significant danger they pose to consumer trust in communications services.

What experts have to say

Dr. Ilia Kolochenko, CEO at ImmuniWeb and Adjunct Professor of Cybersecurity at Capital Technology University, commented:

“In 2024, we will probably see a surge of computer-enabled fraud and crimes — which should, however, be distinguished from pure cybercrime — propelled by the ballooning misuse of freely available Generative AI (GenAI) tools and online services. When combined with well-thought-out social engineering campaigns, GenAI can cause unprecedented financial damage in mass-scale phishing or fraud campaigns. For instance, elderly people and other socially vulnerable groups may be perfidiously tricked into paying ‘fines’ for speeding or petty offences that they have never committed.

“Well-prepared fake calls nefariously exploit people’s respect of law enforcement and government, for instance, calling on behalf of the local police or the FBI, citing numerous laws and regulations with some legalese to intellectually disarm and psychologically paralyse their victims. With VoIP, phone numbers can be easily spoofed, so many gangs utilize real phone numbers of law enforcement agencies to increase authenticity of their calls.

“Then the victim may be offered a ‘big favour’ (allegedly available only to first-time offenders) to pay the fine online or even by sharing their credit card details via phone — instead of traveling to the police station or local court. Sadly, most victims will readily pay. Worse, quite some will keep the event confidential, truly thinking that they did something bad and were lucky to avoid harsher penalties.”

How to take protection into your own hands

While it’s great news that the FCC has taken these measures thus far, groups like Royal Tiger are generally able to move quickly and stay one step ahead, redefining their tactics and becoming more sophisticated. Here are some tips to take matters into your own hands and protect yourself:

Be skeptical of unsolicited calls: Be cautious when receiving unsolicited calls, especially those that request personal information or offer services that seem too good to be true.

Use call-blocking services: Many phone providers offer services to block or screen unwanted calls. Utilize these features to reduce the number of robocalls you receive.

Verify caller identity: If you receive a call from someone claiming to be from a government agency, bank or utility company, hang up and call the official number of the organization to verify the authenticity of the call.

Avoid sharing personal information at all costs: Do not share sensitive information such as Social Security numbers, bank account details or credit card numbers over the phone unless you are certain of the caller’s identity.

Report suspicious calls: Report any suspicious calls to the FCC or the Federal Trade Commission (FTC). Your reports can help these agencies track and take action against scam operations.

Use data removal services: Consider using data removal services to minimize the amount of personal information available online, making it harder for scammers to obtain. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for personal data removal services here.

Kurt’s key takeaways

While the FCC naming Royal Tiger the first official AI robocall scammer gang is a positive step, sophisticated AI-powered scams exploiting voice cloning and caller ID spoofing will likely surge. We must all remain extremely vigilant — verify any unsolicited calls demanding personal information or payment through official channels, never share sensitive data over the phone and report suspected scams. A coordinated effort from the government, companies, and individuals is crucial to combating these evolving AI-enabled fraud tactics effectively.

What role should AI companies play in preventing their technologies from being misused for nefarious purposes like voice cloning scams? Let us know by writing us atCyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter