Microsoft has agreed to back $10bn in renewable electricity projects by Brookfield Asset Management to help it meet clean-energy commitments and provide its data-centres with the extra energy requirements of cloud and AI.

Global Framework Agreement 

The deal, which is a five-year agreement called the “global framework agreement” (“the agreement”) is a commitment by Microsoft, working in partnership with Brookfield, to bring 10.5 gigawatts of generating capacity online. This is reported to be more than three times larger than the 3GW of power used by the world’s largest hub of data centres in Virginia and is the equivalent of enough to power 1.8 million homes!

Microsoft’s partner in the deal, Brookfield, says the signing of the global renewable energy framework agreement will “contribute to Microsoft’s goal of having 100 per cent of its electricity consumption, 100 per cent of the time, matched by zero carbon energy purchases by 2030”. 

Renewable 

The renewable energy projects to create this significant extra generating capacity will come from wind and solar farms, which are yet to be built, between 2026 and 2030, beginning in the US and Europe. There will also be the potential to increase the scope to deliver additional renewable energy capacity to the Asia-Pacific region, India, and Latin America.

Feeding Demand From Cloud and AI 

The agreement is expected to provide Microsoft with access to a pipeline of new renewable energy capacity to support the global trend of digitalisation and, crucially, the growing demand for cloud and AI services.

More Data Centres Needed 

The growth of the cloud and now, significantly, the growth of generative AI has meant there is huge demand for (and investment) in data-centres. These are both the larger self-owned data-centres in the host countries (mostly in the US) of their ‘hyperscaler’ providers, leased data-centres, and smaller data-centres being built to ensure infrastructure is nearer to customers. The main ‘hyperscalers’ (i.e. the companies that provide cloud computing, storage, and networking services at a massive scale) are Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Alibaba Cloud is the leading cloud provider in China and Asia.

Hyperscale Data-Centres To Double Every Four Years 

The effects of the growth in generative AI in terms of demand for more data-centres, processing power and storage capacity are illustrated in recent findings by the Synergy Research Group. Their research shows that the number of data-centre facilities run by hyperscale cloud providers has doubled in the past four years and will double again by 2028, with 120-130 hyperscale data-centres coming online each year.

Microsoft, for example, is building a new 750K SF, $9.2M hyperscale data-centre campus near Quincy, WA, to house three 250K SF server farms.

The Implications 

The implications of this surge in demand for (and building of) data-centres are many. For example, as infrastructure for cloud computing and data storage expands, it puts increasing pressure on existing power grids.

Also, as the growth in data-centres intensifies along with power-hungry technologies, and AI expands and algorithms become more complex, the energy requirements for these technologies are set to increase even further.

This will mean (and has already meant) a search by the hyperscalers for cleaner, greener alternative energy sources, hence Microsoft’s announcement of its renewable electricity projects with Brookfield. Transitioning from traditional fossil fuels to renewable sources like solar, wind, and hydroelectric power is essential, not only for reducing carbon footprints but also for aligning with global sustainability goals.

Microsoft’s main competitors are also investing in renewable energy projects to mitigate their environmental impacts. For example, back in January, Google announced it is building a $1 billion data centre north of London that will be powered by renewable energy from offshore wind. Also, after signing a PPA with ENGIE in January to increase its share in the Moray wind farm to 473 megawatts, Amazon will be making itself the largest purchaser of renewable energy worldwide this year.

Balancing data-centre expansion with Environmental, Social, and Governance (ESG) commitments is also now becoming a priority for organisations and data-centre operators need to ensure that their capacity growth does not come at the expense of the environment or step out of line with ESG commitments and upcoming regulations. Compliance with these regulations not only helps in avoiding penalties but also promotes innovation in green technology and sustainable practices in the data-centre industry.

Alternatives Will Take Time and Planning

However, although Microsoft’s renewable energy project plans (and zero carbon energy purchases) sound promising, some commentators have noted that it will take many years to develop the scale and type of alternative energy sources that are able to provide long-term power to AI. In the meantime, grids will be stretched. Also, the new energy landscape needed to deliver AI’s power requirements will take strategic planning.

What Does This Mean For Your Business? 

Microsoft’s $10 billion renewable energy deal with Brookfield Asset Management could be seen as a significant stride towards sustainable growth in digital infrastructure that aligns with the company’s goal to match its electricity consumption with zero-carbon energy purchases by 2030. This large-scale initiative not only aims to power Microsoft’s burgeoning data-centres but sees it join the other main hyperscale cloud providers in securing renewable energy sources to meet the escalating energy demands of cloud and AI technologies.

For example, hyperscalers like Microsoft, Amazon Web Services and Google Cloud are all now investing in renewable energy projects as a strategic response to the dual challenges of surging energy requirements and environmental responsibility. These investments are crucial not only for reducing the carbon footprint associated with massive data-centres but also for ensuring compliance with global ESG commitments and forthcoming environmental regulations. These initiatives also reflect a growing recognition among the hyperscalers of their role in shaping a sustainable future for technology infrastructure.

For businesses, the main implications of these investments are profound. For example, as more data-centres are built to support more advanced and energy-intensive technologies like generative AI, the reliance on traditional energy sources could lead to increased operational costs and potential regulatory penalties. The shift towards renewable energy offers a more sustainable and potentially cost-effective alternative, reducing long-term dependency on fossil fuels and mitigating the risk of energy price volatility.

Also, the adoption of green energy by leading technology providers like Microsoft could influence the entire energy landscape. As these companies set new standards for energy use, they drive advancements in renewable energy technologies and contribute to the creation of more robust and sustainable power grids. This not only benefits the hyperscalers themselves but also the businesses that rely on their services, from small startups to large enterprises.

Ultimately, Microsoft’s renewable energy commitment is a signal of a broader and necessary shift in the technology sector towards sustainability. This trend may be an opportunity for businesses of all sizes to reconsider their own energy strategies and align more closely with sustainable practices. As the infrastructure for digital services expands, the integration of renewable energy is becoming increasingly important, not just for operational efficiency and compliance, but for ensuring the long-term viability of our global digital ecosystem.

Here we look at the new UK cybersecurity law that will ban device manufacturers from having weak, easily guessable default passwords, thereby providing extra protection against hacking and cyber-attacks.

The Problem 

With 99 per cent of UK adults owning at least one smart device and UK households owning an average of nine connected devices, but with a home’s smart devices potentially being exposed to more than 12,000 hacking attacks in a single week (Which?), the UK government has decided that protective, proactive action is needed. It’s long been known that easy-to-guess default passwords (like ‘admin’ or ‘12345) in new devices and IoT devices have provided access for cybercriminals. An example (from the US) is the 2016 Mirai attack which led to 300,000 smart products being compromised due to weak security features as well as major internet platforms and services being attacked and much of the US East Coast being left without internet.

The New Laws 

The UK government has introduced the new laws as part of the Product Security and Telecommunications Infrastructure (PSTI) regime. This regime is part of a £2.6 billion National Cyber Strategy, which has been designed to improve the UK’s resilience from cyber-attacks and ensure malign interference does not impact the wider UK and global economy.

The key security aspects of these new laws are that:

– Common or easily guessable passwords (e.g. ‘admin’ or ‘12345’) will be banned to prevent vulnerabilities and hacking.

– Device manufacturers will be required to publish contact details so bugs and issues can be reported and dealt with.

– Manufacturers and retailers must be open with consumers on the minimum time they can expect to receive important security updates.

– The government hopes that taking this action will increase consumers’ confidence in the security of the products they buy and use and help the government to deliver on one of its five priorities to grow the economy.

– The UK’s Data and Digital Infrastructure Minister, Julia Lopez, said of these new laws: “Today marks a new era where consumers can have greater confidence that their smart devices, such as phones and broadband routers, are shielded from cyber threats, and the integrity of personal privacy, data and finances better protected.” 

The Major Role of Businesses 

NCSC Deputy Director for Economy and Society, Sarah Lyons, has highlighted the important role that businesses have to play in protecting the public by “ensuring the smart products they manufacture, import or distribute provide ongoing protection against cyber-attacks”. She has also advised all businesses and consumers that they can read the NCSC’s point of sale leaflet for an explanation of how the new Product Security and Telecommunications Infrastructure (PSTI) regulation affects them and how smart devices can be used securely.

What Does This Mean For Your Business? 

The issue of weak default passwords in devices enabling cybercrime is not new and the news that the government is finally doing something about via legislation is likely to be well-received. The new laws will have implications for businesses, consumers, and the overall UK economy.

For example, for device makers (and importers), the requirement to eliminate default password vulnerabilities and to provide clear avenues for reporting security issues places a significant onus on manufacturers to enhance their security protocols. This may not only involve revising the initial security features but also maintaining transparency about the duration of support for security updates. Such changes could, however, require these businesses to invest in better security frameworks, thereby potentially increasing operational costs. That said, it should also improve the marketability and trustworthiness of their products.

UK businesses stand to gain considerably from these heightened security measures. By bolstering the security standards of connected devices, the new laws may ensure that businesses that rely heavily on such technology, from retail to critical infrastructure, are less susceptible to the disruptions and financial losses associated with cyber-attacks. This enhanced security environment should help maintain business continuity and safeguard sensitive data, thereby helping to foster a more resilient economic landscape.

The new laws may also mean that consumers, who are increasingly concerned about their digital privacy and the security of their data, may be able to make more informed choices about and experience greater confidence in the products they choose to integrate into their daily lives. With manufacturers required to adhere to stricter security measures and provide ongoing updates, consumers can expect a new level of protection for their connected devices, which translates into safer personal and financial data.

Economically, by setting a new cybersecurity standard, the UK appears to be positioning itself as a leader in the safe expansion of digital infrastructure. This leadership could boost innovation in cybersecurity measures, potentially leading to growth in the tech sector and creating new opportunities for employment and development. Also, by fostering a safer digital environment, the UK may attract more digital businesses and investments, further stimulating economic growth.

In a recent BBC World Service interview, Head of WhatsApp, Will Cathcart, claimed that tens of millions of people in countries where WhatsApp has been banned continue to use it.

Where Is WhatsApp Banned And Why? 

WhatsApp is banned Iran and North Korea, has been blocked at times in Syria, Senegal, and Guinea, and recently China banned iPhone users from downloading the app. Also, Qatar, Egypt, Jordan and the United Arab Emirates restrict certain features of the app.

WhatsApp faces bans and restrictions in these countries mainly due to concerns regarding its end-to-end encryption, which prevents governments from monitoring or intercepting messages sent through the platform. The encryption feature undermines authorities’ abilities to surveil communications for security purposes, potentially allowing for the spread of dissent or undesirable information. Also, WhatsApp’s widespread popularity makes it a powerful tool for activities such as organising protests or disseminating information, posing challenges to governments seeking to control the flow of information and maintain societal order. Consequently, countries with authoritarian regimes or strict censorship laws are opting to ban or restrict WhatsApp to maintain control over communication channels and uphold state authority.

Evidence of Tens of Millions Still Using It 

Mr Cathcart says the fact that WhatsApp can see the registered phone numbers of users, plus anecdotal reports of people using WhatsApp, have enabled WhatsApp to: “look at some of the countries where we’re seeing blocking and still see tens of millions of people connecting to WhatsApp”.  

Apple 

In the interview, Mr Cathcart highlighted how China ordered Apple to block Chinese iPhone users from downloading WhatsApp from the AppStore in April was a “choice Apple has made” but stressed that Android users there can still download it without going through official shops.

China has also banned another end-to-end encrypted app, Telegram, and has asked Apple to remove microblogging app Threads from its app store due to political content that mentions the Chinese president.

VPNs 

Mr Cathcart also pointed the role that virtual private networks (VPNs) and WhatsApp’s proxy service have had in keeping WhatsApp accessible.

Free Internet Battle 

Mr Cathcart also highlighted how the UK government’s battle over several years to ban end-to-end encryption in apps like WhatsApp to allow police to read criminals’ messages, and the US forcing TikTok to be sold or banned (for national security reasons) are indicators of the growing battle for a free Internet.

What Does This Mean For Your Business? 

For businesses, the ongoing saga surrounding end-to-end encrypted apps like WhatsApp has implications for operations, security, and ethics. As highlighted by Will Cathcart, the widespread use of WhatsApp in countries with authoritarian regimes shows its critical role as a secure communication platform for individuals facing oppressive surveillance and censorship. In such environments, where privacy and freedom of expression are under constant threat, encrypted apps serve as a lifeline for both personal and professional interactions.

However, the bans and restrictions imposed by these governments highlight the tension between security and freedom in the digital age. By targeting encrypted platforms, governments essentially seek to exert control over information flow and suppress dissent, often at the expense of individual liberties and privacy rights. For businesses operating in (or collaborating with partners in) such regions, these restrictions pose significant challenges, potentially jeopardising the confidentiality of sensitive communications and data.

Also, the battle over end-to-end encryption extends beyond geopolitical borders, shaping the broader landscape of internet freedom and digital rights. Efforts by governments like the UK’s to undermine encryption in the name of law enforcement raise serious questions about the balance between security measures and civil liberties. Any compromise to encryption standards not only undermines the privacy and security of users but also sets a dangerous precedent that threatens the integrity of the digital ecosystem.

North Yorkshire council has said it’s having to drop apostrophes from its street signs to avoid problems with its computer database!

Must Meet BS7666 

The reason given for North Yorkshire council for dropping the apostrophes (e.g. in its street name signs), is that including apostrophes can affect geographical databases and that when street names and addresses are stored in its databases, they must meet the standards set out in BS7666.

Not The Only Council Doing It 

North Yorkshire Council has also said that it is one of many councils around the country with plans to “eliminate” the apostrophe from street signs. Other councils that have already opted to drop apostrophes from their signs include Cambridge City Council, and Mid Devon District Council.

How Does BS7666 Apply to This? 

The main part of BS7666 that North Yorkshire Council has identified as having an influence on its decision is the need for standardised data entry. For example, BS7666 encourages the use of standardised formats for addresses and street names to facilitate efficient data sharing and matching across different systems. Including apostrophes might be seen as introducing variability that can affect how data is entered, stored, and retrieved. Standardisation aims to minimise these discrepancies. Also, a council spokesperson has been reported as saying that BS7666 restricts the use of punctuation marks and special characters such as apostrophes, hyphens, and ampersands because these have specific meanings in computer systems and could, therefore, cause problems with those systems and databases if used.

Other ways that BS7666 could apply to the council’s decision include:

– Data interoperability. BS7666 is designed to ensure that spatial data can be shared effectively between different organisations and systems. Variations in how street names are recorded (including whether or not they use apostrophes) can lead to issues when exchanging data. This is particularly relevant when databases interface with other systems like emergency services, postal services, and mapping software, where consistent, accurate data is crucial.

– Database design and implementation. The standards set out in BS7666 guide local councils in designing and implementing their geographical databases. If the standard recommends excluding characters such as apostrophes for the sake of consistency and reliability, councils (like North Yorkshire’s) may decide to follow this guideline to ensure compliance and avoid potential technical issues.

Other Issues

The issue of including apostrophes in street names in the context of UK councils and their geographical databases primarily revolves around technical and administrative challenges. For example, in addition to the need for data consistency to enable the accurate matching and cross-referencing data across different systems or databases, and the possible technical limitations of older databases, and apostrophes in street names complicating search functions within databases, there’s also the issue of Geographic information systems (GIS) and interoperability. North Yorkshire Council referred to potential problems relating to apostrophes and geographic databases. GIS and other data-sharing platforms, for example, might not handle special characters consistently. If street names are shared between multiple organisations or systems (like postal services, emergency services, etc.), discrepancies in the use of apostrophes can lead to operational inefficiencies or errors in data exchange.

Criticism 

The decision by North Yorkshire Council to do away with street name apostrophes has attracted plenty of criticism and ridicule from members of the public in the North Yorkshire area. For example, it’s been reported that some people have highlighted how many people are irritated by poor grammar or punctuation, and others have suggested that losing apostrophes is a lowering of standards and could be a negative step considering how much time is spent teaching children the basics and importance of grammar.

Other Views 

Others, however, have been reported as pointing out that apostrophes were a relatively new invention in the English language, and they may make little difference in pronunciation for visitors from overseas.

What About The Legal Angle? 

Returning to the subject of BS7666’s aim of standardisation, that may also mean having to balance the historical and cultural significance of names. If, for example, the official and legal naming of a place includes an apostrophe, there may be legal argument that the standard might still need to accommodate such usage to ensure that official records match those used in geographical databases.

What Does This Mean For Your Business? 

The decision by North Yorkshire Council to drop apostrophes from street signs, aligning with the standards set out in BS7666, marks a shift that affects not just the council but also the local community and businesses – hence much of the criticism. This change aims to sidestep the technical and administrative hurdles associated with non-standard address entries in geographic databases, promoting consistency and reliability in digital records. For the council, the decision has proved to be a double-edged sword so far. While it may streamline data management and support seamless data sharing with vital services like emergency response and postal services, it has led to criticism for perceived erosion of grammatical standards and local character in street naming.

For businesses in the area, especially those reliant on local foot traffic and deliveries, these changes mean adapting to new address norms. While it might simplify database management and reduce errors in deliveries or service provisioning due to address inconsistencies, some businesses might need to update their information across multiple platforms and communication materials – or may simply feel they shouldn’t have to do so.

For residents of the area, many of whom have been vocal in their opposition to the council’s decision, the loss of traditional apostrophes may be seen as a decline in standards and cultural preservation, sparking debates about the balance between modern efficiency and historical legacy. That said, the standardisation may actually make it easier for services to locate addresses, potentially improving response times in emergencies.

As multiple councils across the country adopt similar changes, we may see a national shift towards more streamlined address systems in public records and databases. This might encourage software developers and GIS providers to further refine their systems to accommodate standardised data entry, potentially leading to broader improvements in data handling and service delivery across various sectors. However, widespread standardisation may also prompt a cultural re-evaluation of how we preserve our linguistic heritage within the digital age, and future discussions and policies might need to carefully consider not just the practical needs of the council’s systems and standards, but other points of view in the area.

Apple Inc’s Board has just approved a $110 Billion Stock buyback which will be the biggest buyback in US history. Apple is already responsible for the top six of the 10 largest share-repurchase announcements ever made in the US, and this announcement beats its own previous record for the largest buyback value from 2018 when it authorised $100 billion in share repurchases.

Apple has seen a slowdown in sales in recent years but with its quarterly post-market results and sales exceeding expectations, its quarterly dividend increased (for the twelfth year in a row), and growth predicted, the buyback announcement added to the momentum as shares rose as much as 7.9 per cent in post-market trading.

It’s predicted that the move could add more than $190 billion in market value, thereby making investors see Apple’s as a value rather than a growth stock. Buybacks tend to happen when a company has significant cash reserves (as in the case of Apple) and are primarily aimed at returning value to a company’s shareholders.

Popular San Francisco-based cloud storage provider Dropbox has confirmed that it suffered a data breach from a “threat actor” on April 24. The company says, in what it believes to be an isolated incident, the hacker “accessed Dropbox Sign customer information”. Dropbox says the data accessed included email addresses, usernames, phone numbers and hashed passwords, general account settings and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication.

Dropbox says that it’s found no evidence of unauthorised access to the contents of customers’ accounts, i.e. their documents or agreements, or payment information.

The company says it has “reset users’ passwords, logged users out of any devices they had connected to Dropbox Sign, and is coordinating the rotation of all API keys and OAuth tokens.” Dropbox also says it has reported the event to data protection regulators and law enforcement.

Scientists at Edinburgh’s Heriot-Watt University have published details of the discovery of a new material that can absorb carbon faster than trees, giving hope to efforts to tackle the climate crisis.

Can Absorb The Most Potent Greenhouse Gasses 

Detailed in a paper published in the journal ‘Nature Synthesis,’ the scientists report how the new porous material they created has hollow, cage-like molecules with high storage capacities for greenhouse gases like carbon dioxide and sulphur hexafluoride. Although the new material can absorb carbon dioxide (the most well-known greenhouse gas), the scientist pointed out that sulphur hexafluoride is a more potent greenhouse gas than carbon dioxide and can last thousands of years in the atmosphere.

Used Computer Modelling To Design It 

The project to create the material was a collaboration between Heriot-Watt University, the University of Liverpool, Imperial College London, the University of Southampton, and East China University of Science and Technology in China, and the team used computer modelling to “accurately predict how molecules would assemble themselves into the new type of porous material.”

It was the computer modelling specialists at Imperial College London and the University of Southampton that created the simulations which enabled the team to understand and predict how their cage molecules would assemble into this new type of porous material.

Dr Marc Little (an Assistant Professor at Heriot-Watt University’s Institute of Chemical Sciences and an expert in porous materials) said: “Combining computational studies like ours with new AI technologies could create an unprecedented supply of new materials to solve the most pressing societal challenges, and this study is an important step in this direction.” 

In reference to the contribution of computer modelling to the discovery and could play (along with AI) to future similar discoveries, Dr Little added: “Combining computational studies like ours with new AI technologies could create an unprecedented supply of new materials to solve the most pressing societal challenges, and this study is an important step in this direction.” 

What Does This Mean For Your Organisation? 

As Dr Marc Little said: “This is an exciting discovery because we need new porous materials to help solve society’s biggest challenges, such as capturing and storing greenhouse gases.” As such, this groundbreaking discovery could represent a pivotal moment in our collective fight against the climate crisis.

At the heart of this discovery is a collaborative effort by experts in the UK and China and the ingenious use of computer modelling, a tool that played a pivotal role in unravelling the complexities of molecular assembly.

Through precise predictions facilitated by advanced computer modelling, researchers were able to engineer hollow, cage-like molecules capable of efficiently trapping greenhouse gases such as carbon dioxide and the highly potent sulphur hexafluoride. This strategic fusion of scientific expertise and computational prowess underscores the immense potential of technology in catalysing transformative breakthroughs.

As highlighted by Dr Little, by marrying computational studies with emerging AI technologies, we could have a chance to unlock many more innovative solutions to society’s most pressing challenges. This study, therefore, could be seen as an important step toward a future where computational ingenuity and scientific inquiry converge to address global challenges.

Also, the integration of computer modelling and AI for future projects holds a great deal of promise, e.g. in advancing material science, renewable energy and more.

This discovery and its methodology, therefore, shows how important embracing the transformative power of technology is and will be in helping us tackle our biggest challenges going forward.

This video-update explains the three new features for Messenger which Meta have recently introduced …

Virtual Desktops in Windows are a good way to extend your workspace without needing multiple monitors and can be useful for separating different types of tasks or projects to keep your workflow organised. Here’s how they work:

– Press Win + Tab to open Task View.

– Click on “New desktop,” which appears at the top of the screen, to create a new virtual desktop.

– You can switch between desktops using Win + Ctrl + Left Arrow or Win + Ctrl + Right Arrow.

– Drag and drop windows from your main desktop to any virtual desktop to organise your tasks better.

– Right-click on windows in Task View to move them or open new apps directly on any desktop.

Here we look at how scammers are now reportedly using face-swapping technology to change their appearance in real-time to conduct video-based romance scams.

Yahoo Boys 

Recently, tech news site ‘Wired’ featured a story about romance scammers dubbed ‘Yahoo Boys,’ a slang term for a Nigeria-based collective of scammers who are now using deepfakes and real-time face-swapping technology so they can take on any appearance in their video feed to the targets of their romance scams. They are also known to be involved in phishing, and other cybercrimes.

Romance Scams 

A romance scam is a type of fraud where someone creates a fake identity to form a relationship with their target, often online, to deceive them into sending money or revealing personal or financial information.

How Big Is the Problem?  

According to the US FBI’s 2023 ‘Internet Crime Report’, the category of ‘confidence fraud/romance’ led to the theft of $652,544,805 from victims (which was actually down by a little over $83 million on the previous year).  This is clearly a significant problem and the real-time component of it will doubtless be factor in making this more prevalent.

How? What Tech Have They Been Using? 

As highlighted by the research of David Maimon, Head of Fraud Insights at SentiLink and a professor at Georgia State University, who has been monitoring the ‘Yahoo Boys’ on Telegram for more than four years, they use phones, laptops and several different types of popular face-swapping software and apps to create their deepfakes.

Also, it’s been noted (by Wired) that the so-called Yahoo Boys post videos of themselves online doing so, often showing their faces in the videos, and the videos and photos of their activities and recruitment are posted across many popular social media channels, including TikTok and Facebook.

Professor Maimon has also noted that the Yahoo Boys started using deepfakes for their scams as far back as 2022, meaning that they have gained quite a lot of experience around using these tools and tactics.

Deepfake Call Types 

It’s also been observed (and highlighted by Wired) that the Yahoo Boys scammers use two different types of live deepfake calls to trick their targets. For example:

Using two phones and a face-swapping app. One phone is used to call the target (via Zoom), using the rear camera to record the screen of the second phone (which is pointing at the scammer’s face) and uses a face-swapping app. In this way, the person’s face the target sees on the real-time video call is completely different from the scammer’s real face.

The second method swaps a laptop for the phone, using a webcam and face-swapping software on the laptop to change the face of the scammer. It’s also been reported that videos made by the scammers of them using this method show that they are able to see their real face displayed alongside their deepfake face although it’s only the deepfake face that’s shown to the target in the video call.

Realistic … and Getting Better

In a LinkedIn post from Professor Maimon, showing an example of one of the scammer’s videos, he notes how “Yahoo boys are getting better using AI tools to bring stolen images of social dating users to live” and that the video example he posted “has piqued my interest due to its remarkably natural head movements, overshadowing the only noticeable flaw—the voice, which could be rectified with relative ease.” 

How To Spot Deepfake (Video Calls) 

On her X feed, Rachel Tobac, who describes herself as a ‘Hacker & CEO at SocialProof Security,’ offers some tips on how to help spot a deepfake video call, based on the latest deepfake calls available.  These are:

– Get the person to stick out their tongue and move it around (tongue will look odd).

– Have the person move their head to the right & left or up & down to a large degree (it will look angular and boxy).

– Ask the person to get close to the camera and turn their head through a wide-angle (see angular boxy side of head).

– Ask the person to add another person next to them in the call and have the original person walk away and come back to see if a deepfake ‘flops-over’ to a second face.

– Look for discoloration around the scalp or circumference of the face (it may look like unblended makeup).

– Look for light flickering in their hair when they move.

Meeting In Person

As noted by contributor ‘Ally A’, to the LinkedIn post about the Yahoo Boys from Matt Burgess of Wired, a key piece of advice to people who may be involved in these kinds of romantic video calls is: “You can’t trust your eyes and ears anymore. If you can’t meet the person you are talking to online IN PERSON within 2-3 weeks of meeting, you have to assume that they are a scammer.” 

AI Advances Helping Scammers

The proliferation of AI technologies and their integration into various applications has inadvertently facilitated the activities of online scammers, including those involved in romance scams. AI-driven tools can now generate realistic and engaging text or images, enabling scammers to create convincing fake profiles and carry out sustained, personalised interactions without much effort – just as the Yahoo Boys have been doing. These sophisticated (but now widely available) tools can help scammers tailor their messages and responses based on the victim’s preferences and responses, making the deceit more believable. As a result, the barrier to entry for conducting such scams is lowered, allowing even those with minimal technical skills to now execute complex and convincing scams, thereby increasing the potential for exploitation and harm to unsuspecting individuals.

How To Protect Yourself 

In addition to Rachel Tobac’s tip for spotting deepfakes (such as those used by the Yahoo Boys), some of the key ways people can protect themselves from falling victim to romance scammers, include:

– Verify profiles. Conduct reverse image searches of profile pictures to check if they appear elsewhere on the internet, which can indicate a stolen image.

– Slow down. Be cautious with individuals who escalate the relationship too quickly or profess love unusually early!

– Keep personal information private. Avoid sharing sensitive personal information such as your address, financial details, or social security number.

– Be very skeptical of requests for money. Be highly suspicious if the person you are communicating with requests money, especially if it is for an emergency or a seemingly urgent matter.

– Use secure communication channels. Stick to the platform’s messaging services and avoid switching to less secure or private communication methods too soon.

– Seek second opinions. Discuss your online relationship with friends or family to gain outside perspectives, especially if something feels off.

– Report suspicious behavior. Report any suspicious profiles or messages to the dating platform and consider filing a complaint with relevant authorities if you suspect a scam.

What Does This Mean For Your Business?

For businesses, understanding the dynamics of the evolving scam landscape, as demonstrated by the techniques employed by the “Yahoo Boys”, is crucial. These scammers, using readily available AI technologies such as deepfakes and real-time face-swapping, underscore a growing trend in cybercrime that leverages cutting-edge technology to exploit vulnerabilities in human psychology, particularly through emotional engagement.

The decentralised nature of these scam networks (where individuals or small groups operate in loose associations while sharing tactics and tools), presents a significant challenge to traditional cybersecurity measures. They operate with a brazen openness, often flaunting their capabilities on social media, which shows a troubling confidence in their ability to evade detection.

The ease of access to AI tools means that the sophistication of scams can evolve as quickly as the technology develops. For businesses, this represents a clear and present danger not just in the form of romance scams targeted at individuals, but as a harbinger of more advanced AI-driven threats that could target companies directly. Phishing scams, impersonation, and business email compromise are just a few examples where similar technologies could be used to deceive employees or manipulate systems for fraudulent purposes.

To safeguard against these threats, businesses need to enhance their defensive strategies by incorporating advanced detection systems that can identify anomalies in communication patterns, authenticate digital identities more robustly, and monitor for signs of emerging threats such as deepfakes. Training employees to recognise and report potential scams is also vital. Creating a culture of security awareness and providing tools to verify information independently can act as a crucial barrier against deception.