Finance

CFPB drops JPMorgan, Bank of America, Wells Fargo lawsuit over Zelle fraud

Published

1 month ago

March 4, 2025

FILE PHOTO: Office of Management and Budget (OMB) Acting Director Russell Vought testifies before House Budget Committee on 2020 Budget on Capitol Hill in Washington, U.S., March 12, 2019.

Yuri Gripas | Reuters

The Consumer Financial Protection Bureau on Tuesday dismissed its lawsuit against the operator of the Zelle payments network and the three U.S. banks that dominate transactions on it.

The CFPB sued Early Warning Services, which runs the peer-to-peer payments network, as well as JPMorgan Chase, Bank of America and Wells Fargo in December, alleging that the firms failed to properly investigate fraud complaints or give victims reimbursement.

The CFPB “dismisses this action against Defendants Early Warning Services, LLC, Bank of America, N.A., JPMorgan Chase Bank, N.A., and Wells Fargo Bank, N.A., with prejudice,” the regulator said in its filing.

Since Acting Director Russell Vought has taken over the CFPB, the agency has dropped at least a half dozen cases brought by his predecessor, Rohit Chopra.

The CFPB said customers of the three banks have lost more than $870 million since the launch of Zelle in 2017. The service was launched to provide bank customers an alternative to peer-to-peer platforms including PayPal. Last year Zelle crossed $1 trillion in total volumes, which it said was the most ever for a peer-to-peer platform.

This story is developing. Please check back for updates.

Finance

Fake job seekers use AI to interview for remote jobs, tech CEOs say

Published

1 hour ago

April 8, 2025

Business Finance News

An image provided by Pindrop Security shows a fake job candidate the company dubbed “Ivan X,” a scammer using deepfake AI technology to mask his face, according to Pindrop CEO Vijay Balasubramaniyan.

Courtesy: Pindrop Security

When voice authentication startup Pindrop Security posted a recent job opening, one candidate stood out from hundreds of others.

The applicant, a Russian coder named Ivan, seemed to have all the right qualifications for the senior engineering role. When he was interviewed over video last month, however, Pindrop’s recruiter noticed that Ivan’s facial expressions were slightly out of sync with his words.

That’s because the candidate, whom the firm has since dubbed “Ivan X,” was a scammer using deepfake software and other generative AI tools in a bid to get hired by the tech company, said Pindrop CEO and co-founder Vijay Balasubramaniyan.

“Gen AI has blurred the line between what it is to be human and what it means to be machine,” Balasubramaniyan said. “What we’re seeing is that individuals are using these fake identities and fake faces and fake voices to secure employment, even sometimes going so far as doing a face swap with another individual who shows up for the job.”

Companies have long fought off attacks from hackers hoping to exploit vulnerabilities in their software, employees or vendors. Now, another threat has emerged: Job candidates who aren’t who they say they are, wielding AI tools to fabricate photo IDs, generate employment histories and provide answers during interviews.

The rise of AI-generated profiles means that by 2028 globally 1 in 4 job candidates will be fake, according to research and advisory firm Gartner.

The risk to a company from bringing on a fake job seeker can vary, depending on the person’s intentions. Once hired, the impostor can install malware to demand ransom from a company, or steal its customer data, trade secrets or funds, according to Balasubramaniyan. In many cases, the deceitful employees are simply collecting a salary that they wouldn’t otherwise be able to, he said.

‘Massive’ increase

Cybersecurity and cryptocurrency firms have seen a recent surge in fake job seekers, industry experts told CNBC. As the companies are often hiring for remote roles, they present valuable targets for bad actors, these people said.

Ben Sesser, the CEO of BrightHire, said he first heard of the issue a year ago and that the number of fraudulent job candidates has “ramped up massively” this year. His company helps more than 300 corporate clients in finance, tech and health care assess prospective employees in video interviews.

“Humans are generally the weak link in cybersecurity, and the hiring process is an inherently human process with a lot of hand-offs and a lot of different people involved,” Sesser said. “It’s become a weak point that folks are trying to expose.”

But the issue isn’t confined to the tech industry. More than 300 U.S. firms inadvertently hired impostors with ties to North Korea for IT work, including a major national television network, a defense manufacturer, an automaker, and other Fortune 500 companies, the Justice Department alleged in May.

The workers used stolen American identities to apply for remote jobs and deployed remote networks and other techniques to mask their true locations, the DOJ said. They ultimately sent millions of dollars in wages to North Korea to help fund the nation’s weapons program, the Justice Department alleged.

That case, involving a ring of alleged enablers including an American citizen, exposed a small part of what U.S. authorities have said is a sprawling overseas network of thousands of IT workers with North Korean ties. The DOJ has since filed more cases involving North Korean IT workers.

A growth industry

Fake job seekers aren’t letting up, if the experience of Lili Infante, founder and chief executive of CAT Labs, is any indication. Her Florida-based startup sits at the intersection of cybersecurity and cryptocurrency, making it especially alluring to bad actors.

“Every time we list a job posting, we get 100 North Korean spies applying to it,” Infante said. “When you look at their resumes, they look amazing; they use all the keywords for what we’re looking for.”

Infante said her firm leans on an identity-verification company to weed out fake candidates, part of an emerging sector that includes firms such as iDenfy, Jumio and Socure.

An FBI wanted poster shows suspects the agency said are IT workers from North Korea, officially called the Democratic People’s Republic of Korea.

Source: FBI

The fake employee industry has broadened beyond North Koreans in recent years to include criminal groups located in Russia, China, Malaysia and South Korea, according to Roger Grimes, a veteran computer security consultant.

Ironically, some of these fraudulent workers would be considered top performers at most companies, he said.

“Sometimes they’ll do the role poorly, and then sometimes they perform it so well that I’ve actually had a few people tell me they were sorry they had to let them go,” Grimes said.

His employer, the cybersecurity firm KnowBe4, said in October that it inadvertently hired a North Korean software engineer.

The worker used AI to alter a stock photo, combined with a valid but stolen U.S. identity, and got through background checks, including four video interviews, the firm said. He was only discovered after the company found suspicious activity coming from his account.

Fighting deepfakes

Despite the DOJ case and a few other publicized incidents, hiring managers at most companies are generally unaware of the risks of fake job candidates, according to BrightHire’s Sesser.

“They’re responsible for talent strategy and other important things, but being on the front lines of security has historically not been one of them,” he said. “Folks think they’re not experiencing it, but I think it’s probably more likely that they’re just not realizing that it’s going on.”

As the quality of deepfake technology improves, the issue will be harder to avoid, Sesser said.

As for “Ivan X,” Pindrop’s Balasubramaniyan said the startup used a new video authentication program it created to confirm he was a deepfake fraud.

While Ivan claimed to be located in western Ukraine, his IP address indicated he was actually from thousands of miles to the east, in a possible Russian military facility near the North Korean border, the company said.

Pindrop, backed by Andreessen Horowitz and Citi Ventures, was founded more than a decade ago to detect fraud in voice interactions, but may soon pivot to video authentication. Clients include some of the biggest U.S. banks, insurers and health companies.

“We are no longer able to trust our eyes and ears,” Balasubramaniyan said. “Without technology, you’re worse off than a monkey with a random coin toss.”

AI generated deepfake scam is 'phishing with a twist', says Fortalice Solutions CEO Theresa Payton

Finance

Market volatility won’t impact Mediobanca deal: Monte dei Paschi CEO

Published

7 hours ago

April 8, 2025

Business Finance News

Pedestrians walk outside a Banca Monte dei Paschi di Siena SpA bank branch in Milan, Italy.

Alessia Pierdomenico | Getty Images

Siena, ITALY — Monte dei Paschi di Siena is holding firm on its plans to acquire Mediobanca for 13 billion euros ($14.3 billion) despite ongoing market turbulence, telling CNBC it will complete the deal in July.

The world’s oldest bank still in operation, surprised investors in January by making an all-share offer for Mediobanca, a prestigious institution focused on wealth management and investment banking. Mediobanca has rejected the proposal, denouncing it as a “destructive” move that is devoid of financial rationale.

Monte dei Paschi has faced several challenges over the years, most notably when it was bailed out by the Italian government in 2017 after it failed to raise much-needed cash from private investors. The Italian government has sold its majority stake in Monte dei Paschi and it currently represents less than 12% of ownership.

The bank’s CEO Luigi Lovaglio told CNBC on Monday that Monte dei Paschi “is back” and “in control of our destiny.”

When asked if the ongoing market turbulence could be a problem for its expansion plans, Lovaglio said: “The [market] situation will not impact our deal.”

“On the opposite, [the market situation] is confirming that size matters, [it] is confirming that you need to diversify on revenues,” he said, adding that if they were already a combined entity, they would “be stronger” and “have capability to react much quicker.”

The recent market volatility has led some companies to put some deals on hold. British private equity firm 3i Group Plc has reportedly postponed a sale of the maker of pet food MPM, while fintech company Klarna has put its IPO plans on hold.

Analysts have been divided over the benefits of the deal between Monte dei Paschi and Mediobanca. Deutsche Bank, for instance, said in mid-March the market was ignoring some potential opportunities for Monte dei Paschi, including a bigger distribution policy.

Other analysts warned about limited synergies in combining two different banks. Barclays, for example, said Monday that it was cutting its price target for Monte dei Paschi, taking a more skeptical view on the potential gains from a deal with Mediobanca. “Should Monte dei Paschi decide to spend more to convince majority of the Mediobanca institutional shareholders, the excess capital could reduce,” Barclays said.

Speaking to CNBC, Lovaglio was adamant the offer for Mediobanca presents a “fair price” and did not comment on whether the company would sweeten the deal to make it more appealing for Mediobanca shareholders.

“Hopefully within July, we can complete the deal,” he added.

Amid a pullback in global equity markets on Monday, Monte dei Paschi and Mediobanca shares both closed around 5% lower. Since Monte dei Paschi announced its intention to buy Mediobanca on January 24, the latter’s shares have lost about 14% of their value and the former about 8.5%.

Larger Ambitions

Monte dei Paschi’s offer for Mediobanca came at a time of wider consolidation efforts in Italian banking. UniCredit announced last year an offer to buy rival Banco BPM for about 10 billion euros.

Lovaglio said these bids represent the first wave of domestic consolidation for Italian banks.

“I believe this is the first phase [of consolidation] and, probably, we will have a second phase two years from now. That’s why, by combining Monte [dei] Paschi with Mediobanca, we will be in a position to be again a protagonist,” Lovaglio said.