The AI fraud case that terrifies banks
Police allege a 20-year-old used synthetic identities to open accounts and issue credit cards in the names of unsuspecting victims.
The struggle by banks and financial institutions to protect themselves and their customers in the age of AI is becoming increasingly challenging. A glimpse of the risks can be found in a complex and far-reaching fraud investigation currently being conducted by Israel’s National Cyber Investigations Unit of Lahav 433. The case centers on suspicions that fictitious bank accounts and credit cards were opened through sophisticated impersonation techniques, the creation of what police describe as "synthetic identities": digital replicas of real people, generated from photographs obtained from hacked databases. According to investigators, the scheme was used to steal money from hundreds of unsuspecting victims.
Police are investigating suspicions that Niki Sokolov, a 20-year-old resident of Tzur Yitzhak, was behind what authorities described in court as "a global affair involving the theft of the identities of hundreds of people, hundreds of innocent citizens of the State of Israel, the opening of bank accounts in their names, and the issuance of credit cards." Investigators suspect that Sokolov, likely together with accomplices, used artificial intelligence tools to animate stolen identities, create digital "doubles," and deploy AI agents to open bank accounts and order credit cards in the names of unsuspecting victims. The alleged goal was to steal money while concealing his true identity.
When Sokolov realized that police, who had launched an undercover investigation in January, were closing in on him, he allegedly fled to Thailand at the end of March. He was located there, detained, and returned to Israel for questioning last week.
The Rishon LeZion Magistrate's Court extended his detention by one week last Thursday. In his ruling, Judge Guy Maimon wrote a sentence that may resonate far beyond this case: "This case is undoubtedly an example of the future expected in cybercrime and of the ease and sophistication with which fraud offenses can be committed while suspects hide behind technology."
According to the investigation so far, the method allegedly used by Sokolov, whom police described as possessing exceptional technological and AI capabilities, exploited a vulnerability in remote account-opening procedures.
As Sergeant Major Raviv Neumann of Lahav 433's cyber unit explained in court, banks have increasingly allowed customers to open accounts and order credit cards through mobile applications without visiting a branch. The process relies on four forms of verification: a live video recording, a selfie, a photograph of an identity card, and a declaration that the applicant is the sole account holder.
According to Neumann, "our genius took those capabilities and used them for criminal purposes."
Police suspect that Sokolov obtained databases containing identity card images, allegedly purchased on the darknet or via Telegram channels. He then used AI tools to animate those identities. As Neumann explained to the court: "The suspect takes those images and details and brings them to life using AI."
In other words, investigators believe he created realistic digital personas capable of appearing and sounding like genuine people recording videos and selfies, precisely the forms of verification required by banks for remote account opening.
According to the allegations, Sokolov used these synthetic identities to fraudulently open bank accounts, order credit cards linked to them, withdraw funds, and make purchases. The victims allegedly had no idea that accounts had been opened or credit cards issued in their names until the fraud was eventually discovered. By then, investigators say, the process had already been repeated with numerous other victims.
Police also suspect that Sokolov used AI agents and additional technological tools to obscure his involvement.
"The main challenge in this case was not proving that a crime had been committed, but identifying the perpetrator," police acknowledged in court. "The suspect carried out highly sophisticated concealment operations to disguise his identity."
Investigators estimate that hundreds of citizens may have been affected and that the total amount stolen reached hundreds of thousands of shekels.
"There are approximately 120 complainants," Sergeant Major Neumann told the court, adding that police had obtained roughly 90 warrants in connection with the investigation.
According to investigators, when Sokolov realized that police were pursuing him, after officers searched his parents' home and left an invitation for questioning, he crossed into Egypt through the Taba border crossing and subsequently flew to Thailand.
Police said they invested "significant resources" in locating him.
"We took extensive measures to find him, and we succeeded," Neumann testified.
After requesting assistance from Thai authorities, police located Sokolov and arranged for his return to Israel. Upon arrival, he was detained and questioned.
According to police, Sokolov provided an account of events during questioning, but investigators maintain that "his version does not correspond to reality." Authorities also informed the court that he refused to provide the password needed to unlock his mobile phone, which was seized as evidence.
The list of alleged offenses presented to the court is unusually extensive. It includes suspected violations of anti-money laundering laws, obtaining property by fraud, forgery and use of forged documents, impersonation for financial gain, offenses under the Payment Services Law, conspiracy to commit a crime, invasion of privacy, transmission of false computer information, development of software used to generate false information, unauthorized access to computer systems, unlawful processing of personal information from databases, and additional offenses.
Police argued that Sokolov poses both a flight risk and a danger to the public.
"We argue that there is danger in addition to the risk of obstruction, given that the identities of many people were stolen," Neumann told the court. "The acts were carried out with great sophistication, on a very large scale, and with the assistance of accomplices. There is a concrete concern that he may attempt to evade justice."
Investigators presented the court with evidence including messages, photographs allegedly showing Sokolov conducting banking transactions and withdrawing money, documents, and other investigative materials.
During the hearing, Neumann described Sokolov as the "mastermind" behind the alleged fraud operation and said that "there are accomplices."
He also raised an additional concern: "I don't know whether he may have sold identities to other criminal networks."
Sokolov's attorney, Iris Aharonov, argued against a lengthy extension of detention, noting that the investigation was already well underway.
She requested that all suspicions against her client be fully presented and argued that "now he should be given an opportunity, if it was him, say so, and if it wasn't, say so."
Aharonov characterized the investigation as being "at a preliminary stage" and noted that Sokolov had cooperated with investigators and had not exercised his right to remain silent.
Judge Maimon nevertheless extended the detention by one week, stating that there was "reasonable and well-founded suspicion" supporting the allegations.
"Although these are property-related offenses, they should not be treated lightly given the sophistication involved, the scope of the activity, and the large number of victims," he wrote.
The judge further noted that Sokolov had allegedly used "his high intellectual abilities, unfortunately and according to the suspicion, to commit the offenses attributed to him."
According to Maimon, Sokolov's conduct during questioning suggested that he was attempting to impede the investigation.
"The suspect reveals certain details while concealing others, refuses to provide the access code, and does everything possible to prevent the investigating unit from advancing the investigation," the judge wrote.
