Incident 224: WeChat Pay's Facial Recognition Security Evaded by Scammers Using Victims’ Social Media Content
Suggested citation format
Chat stickers have become an essential tool for communication in the digital age. Now, they’re also a tool for scammers.
Police in central China’s Hubei province have arrested three swindlers who used chat stickers, or GIFs, to verify people’s identities and transfer money via the mobile payment service on messaging app WeChat, domestic media reported Saturday. As a deterrent to scammers, many people set up facial recognition as an added security measure for online transactions on WeChat Pay, requiring them to blink or turn their heads to verify their identities.
One of the suspects, surnamed Lin, said they would usually find selfies of their victims in their WeChat Moments — a Facebook-like feed — and turn them into GIFs of the people doing identity-verifying actions, which could then be used to transfer money from the accounts.
Police opened an investigation after a woman surnamed Kang from Hubei’s Badong County said 20,000 yuan ($3,000) had disappeared from her WeChat Pay account in July, according to the media report. Authorities found that a stranger had sent her 8-year-old son a contact request while the child was playing an online game on his mother’s phone. The stranger had then tempted the boy with a coveted in-game reward at a discounted price, in exchange for his mother’s WeChat password.
Kang said her WeChat account had been logged into elsewhere before the money disappeared.
According to the Badong County public security bureau, the three suspects were arrested in different locations in September and October, and the case is still under investigation. The suspects usually targeted children — it’s unclear how — who were using their parents’ phones to play online games, with the scammers promising to “purchase game accounts, send equipment, and lift game restrictions” for the kids in exchange for passwords.
Last year, a group of primary schoolers in the eastern Zhejiang province hacked express delivery lockers’ facial recognition security for a school project using a technique similar to that employed by the GIF-using fraudsters. The fourth graders discovered the smart lockers could be opened using only a printed photo of the intended recipient’s face.
In 2017, the Chinese government issued a plan to achieve greater face-reading accuracy by 2020, in order to boost the country’s artificial intelligence industry. However, a 2019 survey by a Chinese think tank found that nearly 80% of over 6,000 respondents were concerned about the lack of security in facial-recognition systems, as well as the risk of data leaks.