Tag Archives: know your customer

Underwriting the Ghost: Synthetic Borrowers Disappear Without Paying

When a lender receives a loan application, it endeavors to ensure that the applicant will pay the lender back.

But even with the proper controls, a certain percentage of loans go unpaid.

Especially if the applicant looks really good on paper, but isn’t…and doesn’t even exist because it’s a synthetic identity.

PYMNTS describes the threat from deepfake borrowers:

“Across the lending industry, a new category of fraud is emerging that combines deepfake video, cloned voices, synthetic identity creation, fabricated employment histories and AI-generated financial behavior into a single engineered persona. These synthetic borrowers are not merely fake identities in the traditional sense. They are algorithmically optimized consumers designed to survive onboarding checks, satisfy underwriting models and disappear once loans are funded.”

Disappearing borrowers is not a good thing.

Know your customer.

“Underwriting the Ghost.” Synthetic man gets the loan, then he disappears. Google Gemini/Lyria. Public Domain.

Using LLMs for KYC. What Could Go Wrong?

The title of this post uses acronyms for brevity, but the full version is “Using Large Language Models for Know Your Customer. What Could Go Wrong?”

Biometric Update links to a TrendAI post that demonstrates how the use of a large language model to analyze document data is a vulnerability to prompt attacks.

“In a real-world stack built with FastAPI, Claude Code, and a SQLite MCP backend, his team embedded malicious instructions inside a passport so that the AI agent followed them and leaked other customer records directly into the verification page.”

Google Gemini. I tried to create the image with a fake too-short onion address but Google Gemini prohibited that.

What does this mean?

“The takeaway here is that if your AI can read documents and call tools, your documents can potentially become executable attack surfaces even when guarded with strict schemas.”

Something a human wouldn’t do.

And So the Scam Begins

I’ve previously noted that one possible sign of a scammer is when they don’t initiate a LinkedIn connection to you, but instead want you to initiate a LinkedIn connection to them. When a scammer is scamming, they can’t blow through a few thousand connection requests every day, so it’s better if the victims initiate the connection request themselves.

I immediately thought of this when I received an email from a Gmail account to one of my odd accounts entitled “Thinking of connecting.”

Um…why not just do it?

Here’s the text with the scammer’s alleged name changed:

“I saw your profile on LinkedIn and wanted to say hello. I’m Melania.

“I’ve always been interested in learning about different professional paths. This is just a friendly intro for the start of the week—no expectations on my end.”

Obviously I didn’t respond. Because I have no idea who the Gmail account holder REALLY is.

A day later, I received a second message that included the following:

“Things are actually pretty smooth and manageable on my end as the Operations Manager at Estée Lauder, so I’ve had some extra time to catch up with my network. I’d love to hear how your side of the world is treating you whenever you have a moment.”

Again, I didn’t respond. I didn’t even ask for “Melania’s” Estee Lauder email address (again, the emails are from a Gmail account).

Then we got to day three. Remember how Melania said she had viewed my LinkedIn profile? This was the next question she asked:

“Is it snowing where you are?”

Obviously she hadn’t read anything, and I was getting bored, so I blocked her from all email addresses.

Which is Harder: Know Your Employer, or Know Your Employee?

Of all the KYx acronyms (Know Your Customer, Know Your Business, etc.), two that interest LinkedIn users are Know Your Employer and Know Your Employee. How do you fight fraudulent employers and employees? And how do your prospects learn about your fraud fighting?

Read my latest article on LinkedIn in The Wildebeest Speaks: “Which is Harder: Know Your Employer, or Know Your Employee?

Google Gemini.

I Know This “Scam of the Day”: LinkedIn Employment Scams

I read “Scam of the Day” on Scamicide…well, daily. And the January 17 edition discussed a scam I know all too well.

“A recent development is scammers using the name of legitimate companies that are hiring and approaching their victims through LinkedIn’s direct messaging feature.  They then create counterfeit websites that look like the websites of the legitimate companies they are posing as and ask the job seekers for personal information…”

And you can guess what happens with that personal information. It doesn’t land you a real job, that’s for sure.

In addition to the tips that Scamicide provides, I have an additional one. BEFORE you provide your resume, before you send them a connection request, or definitely before you engage on Telegram or WhatsApp, ask this question:

“Can you provide me with your corporate email address?”

This usually shuts scammers up very quickly.

But don’t forget that while job applicants are avoiding fraudulent employers, legitimate employers are avoiding fraudulent applicants…perhaps from North Korea.

The Latest Know Your Employer Case

I was messaged on LinkedIn by Jenniffer Martinez, purportedly from HS Hyosung USA. She wanted my email address to send information about a job opportunity.

Why? 

“After reviewing your resume and relevant experience, we believe your management experience, professional background, and career stability are a strong match for Yaskawa Group’s current talent needs.”

(Only now did I notice the reference to Yaskawa Group, whatever it is.)

Eventually I told “Jenniffer” that I had contacted her employer directly.

By 11:30 she had deleted her entire conversation, which is why I took screen shots immediately.

And I never even got around to asking her for HER corporate email address.

No word from HS Hyosung USA, but it knows all about Jenniffer now (see final screen shot).

Know Your Employer.

Jenniffer, 1 of 3.
Jenniffer, 2 of 3.
Jenniffer, 3 of 3.
Jenniffer’s purported company.

Surfin’ Identity

Imagine if Capitol Records employed age verification in 1963.

Some musicians reach superstardom in their early 20s, feeling tremendous pressure at a young age. 

But sometimes they’re younger: when “Surfin’ U.S.A.” hit number 3 on Billboard and Cash Box, surf guitarists Carl Wilson and (soon to depart) David Marks were 16 and 14, respectively.

Of course, Capitol Records would face a bigger problem—Know Your Composer. Brian Wilson did not write the song alone.

If Only Job Applicant Deepfake Detection Were This Easy

In reality, job applicant deepfake detection is (so far) unable to determine who the fraudster really is, but it can determine who the fraudster is NOT.

Something to remember when hiring people for sensitive positions. You don’t want to unknowingly hire a North Korean spy.