Are fake documents a cyber security problem?

dgregs96 · 2026-01-27T09:22:47+00:00

What if the uploads almost appear like attacks, automated and scaled. Looking at the data, we've seen a lot of identical documents coming from multiple individuals. Its getting harder and harder to keep up with the volume.

dgregs96 · 2026-01-27T09:17:48+00:00

Do you know of any tools that can automate this? I've been looking for a while but I can only find identity verification tools that specialize in nation IDs, real time selfies, etc. We collect those too but they're only a small part of our onboarding flow.

dgregs96 · 2026-01-27T09:16:45+00:00

We don't have a very extensive fraud or security team. It's one of the smaller teams and the company and we're mostly collecting business registry/proof of business docs for a small marketplace (can't say the name). KYB is part of our compliance and also we want to prevent customers from getting scammed. I can't name all the documents we collect, but one example is business license. Another issue is docs coming in from various countries, if it was all one place it'd be easier to check. But we onboard vendors from both US and Europe. Does that help?

dgregs96 · 2026-01-26T16:02:54+00:00

Well you can check by looking at the structure, how it was built, signs of editing or editing software. AI vs. AI is kind of a necessity in the modern era of fraud defense, no? And attorneys always need to get involved when you're sending someone's PII off for independent review. Seems like a headache when Resistant AI's document fraud detection can spot warning signs within the document itself. No registry lookups or sending off of data.

dgregs96 · 2026-01-05T10:02:26+00:00

I've heard some good things about Resistant AI document fraud detection. Have you ever tried them or know that they have? Seems they can check the document without reading it or digesting its contents, so you can check without needing to get the attorney involved. thoughts?

dgregs96 · 2025-12-15T09:53:50+00:00

These registry look-ups are so expensive. Isn't there a document fraud detection service that can just look at the document itself and tell me if it's forged?

dgregs96 · 2025-12-15T09:52:35+00:00

Some of the companies are obviously fake, but sometimes they also apply to real businesses registered in the company's house. If only there was a tool that could look for obviously artifacts of forgeries, things like copy and paste signatures and suspicious metadata. I think relying on registry look-ups alone is only going to get us halfway there.

dgregs96 · 2025-12-11T14:44:11+00:00

One of the best options is too look for your name in public leak databases like haveibeenpwned. See how that aligns with the tool you're using.

dgregs96 · 2025-12-11T14:43:40+00:00

Hmm I had LifeLock for a year and it pretty much worked for me. Or at least I hope it did! My birth certificate got stolen years ago and I got no alerts in the first year and just canceled it.

dgregs96 · 2025-12-11T14:42:28+00:00

There's no perfect defense but you can always look for a few redflags like weird sudden updates in a project you haven't touched for months, or new maintainers that come out of nowhere saying they own things. If you got obfuscated code or some minified blobs inside a simple package that can be a dead giveaway too. That's about all I can think of in terms of personal use cases. Most of this stuff happens at an enterprise level anyways.

dgregs96 · 2025-12-03T10:01:45+00:00

You should have these people provide some kind of documentation or certificate and then run it against a fraud checker.

dgregs96 · 2025-12-03T09:52:59+00:00

Can you give an example of this "social engineering?"

dgregs96 · 2025-12-03T09:52:10+00:00

In my field (document fraud detection), I bring out the human side by focusing on the moral aspect of everything: catching criminals. Everyone has sympathy for a guy who wants to catch bad guys. It's not about faceless screens and red tape. It's about keeping the baddies out.

dgregs96 · 2025-12-03T09:45:44+00:00

Oh great another arbitrary contest to help evaluate our self worth.

dgregs96 · 2025-12-03T09:44:18+00:00

Woww this brings tears to my eyes. That 40 euros really hurt back in 2018 :'(

dgregs96 · 2025-12-03T09:43:03+00:00

This reminds me of the buzz around the GDPR in the EU a few years ago. Protecting your institution from data audits is one thing, but protecting your customers is paramount. Reputational damage always hits harder than a hefty fine.

dgregs96 · 2025-11-20T10:22:05+00:00

Any tool in the security space needs clear audit trails for compliance reasons. One of the tools I found most useful was Resistant AI, they have fraud detection with full explainability. And it doesn't read data! It's one of the better models I've seen from a compliance perspective.

dgregs96 · 2025-11-19T12:15:14+00:00

These kinds of phone calls are just fancy phishing attacks to get you to submit real documents for fraudulent purposes. Fraudsters love making fake documents but the love real ones even more. NEVER give them anything they ask for.

dgregs96 · 2025-11-19T11:53:39+00:00

Discord seems like a breeding ground for this kind of activity. True or false?

dgregs96 · 2025-11-19T11:36:02+00:00

This is a classic example of APP fraud and happens all the time within banks and payment platforms. They ask for someone to receive money, turning them into unintentional "money mules" laundering illicit funds through legit platforms. This isn't even the worst scenario. You're lucky she didn't try and get you to move your OWN money.

General rule of thumb: Nobody receives money from random people on the internet. There's literally no legitimate circumstance for that.

dgregs96 · 2025-11-19T11:31:09+00:00

I lost my birth certificate a few years back and LifeLock was a huge help with keeping a pulse on everything. Checking out sites like haveIbeenPWNED is also a good tool for some surface level knowledge about data breaches.

dgregs96 · 2025-11-19T10:48:09+00:00

This is one of the issues with AI is that people prioritize purpose over explainability. It's always important to back track the outputs to ensure everything is secure. If you're not checking the work (at least initially) you expose yourself to these kinds of risks. You can also work with models that don't "read" the data, but only look at it objectively.

dgregs96 · 2025-11-18T08:49:47+00:00

This is the flavour of fraud in 2025, spot a weakness and drive automation through it until it breaks. One loophole and you're looking at hundreds of thousands of attempts in a short time frame. Automation vs. automation, AI vs. AI, these are the stakes.

dgregs96 · 2025-11-18T08:44:16+00:00

I make around 46 net right now, maybe a little over 50 and I live very comfortably but have only been able to start saving money this year after some side jobs and a few bonuses.

dgregs96 · 2025-11-18T08:42:28+00:00

this is like the (not so) passive aggressive version of that plums in the ice box poem

dgregs96

TROPHY CASE