Accomplice AI: Theft of identity data 

Accomplice AI: Theft of identity data - Image by Eric Blanton from Pixabay

Share post

Identity data has always been one of cybercriminals' favorite loot. With their help, account compromises can be initiated and identity fraud committed. Now ChatGPT & Co are also helping with perfect phishing emails. A statement from Dirk Decker, Regional Sales Director DACH & EMEA South at Ping Identity.

The attackers usually use social engineering and phishing. The success rate of such attacks, mostly based on sheer mass, is limited. Individualized emails and messages tailored to a victim offer significantly higher success rates, but also require significantly more work and are therefore – so far – rather the exception.

ChatGPT & Co help with phishing

Until now, because with the appearance of the first AI-based chatbots, such as ChatGPT, emails and messages on social engineering and phishing aimed at the masses can now also be individualized - and this quickly, easily and effectively. The success rate of a single attack - let alone an entire campaign - can be greatly increased thanks to AI. Because even reply emails, up to longer, highly complex conversations, can be created 'realistically' automatically with AI-based chatbots. To do this, the AI ​​only needs the personal and personally identifiable data of its victims that is freely accessible to everyone on the Internet. She is even able to perfect emails and messages based on the positive and negative reactions of her victims.

Christina Lekati, an expert in defending against social engineering attacks, recently explained what such AI-based attacks on identity data can look like in practice in the article 'ChatGPT and the future of social engineering', which is well worth reading. The TÜV also assesses the emerging development as serious. In its recently published study 'Cyber ​​Security in German Companies', the association explicitly warns against the misuse of AI systems by cyber criminals - also and especially in the context of personalizing and optimizing spear phishing and social engineering campaigns.

Simulate AI-based phishing campaigns internally

In order to minimize the potential success rate of AI-supported campaigns, many experts now advise raising awareness of the problem in the workforce and simulating AI-based phishing campaigns in order to detect potential weak points and contain them in advance. Such preventive measures are all well and good – but they are not enough on their own. More is required – and now also possible. We are talking about the use of verified identity data and decentralized identity management and identity threat detection and response (ITDR) solutions.

In order to minimize the risk of fraud, many companies now require their customers to provide verifiable identity data, digital copies that can be 'certified' assigned to the person by a verifying third party - for example an authority. In order for customers to agree to share such high-quality identity data with a company, the company must first establish and guarantee an increased level of protection for the data.

Decentralized management of digital identities

Ping Identity, Dirk Decker, Regional Sales Director DACH & EMEA South (Image: Ping Identity).

The decentralized management of digital identities enables them to do just that. With a decentralized identity management solution, the storage, management and sharing of the verified identity data takes place via an encrypted digital wallet on the customer's smartphone. In this way, he always retains full control over his data. He alone decides what he wants to share, when and with whom.

Finally, ITDR allows identification, mitigation and appropriate response to identity-based threat scenarios such as compromised user accounts, compromised passwords, compromised data and other fraudulent activities. Machine learning is used to distinguish between typical and atypical, human and bot user behavior so that countermeasures can be taken at an early stage in the event of a compromise.

In the course of the growing misuse of AI, it is necessary and right to protect oneself more effectively than before against identity theft and account compromises - and thanks to verified identity data, decentralized identity management and ITDR it is now also possible. Next-generation identity management solutions - that much is certain - will no longer be able to avoid these features.

More at PingIdentity.com

 


About Ping Identity

Ping Identity is a guarantee of secure and seamless digital experiences for all users - without compromise. This is what we mean by digital freedom. We enable organizations to combine best-in-class identity solutions with the third-party services they already use to eliminate the use of passwords, prevent fraud, strengthen zero trust, or everything in between.


 

Matching articles on the topic

NIS2 and the security obligation: email encryption

Although email encryption is not explicitly mentioned as a separate topic in the NIS2 Directive, it falls under the general requirements for ➡ Read more

Ransomware: Above-average number of attacks in the education sector

The number of compromised backups and data encryption rates due to ransomware in the education sector have increased compared to the previous year. The recovery costs after ➡ Read more

Narrative attacks: false facts, real consequences

The danger is diffuse and difficult to grasp: While companies increasingly have to find their way in the complex landscape of cyber attacks, ➡ Read more

NIST standards for quantum security

The publication of the post-quantum standards by the National Institute of Standards and Technology (NIST) marks a decisive step forward in securing ➡ Read more

TotalAI Platform: Vulnerability Assessment of AI Workloads

The new TotalAI solution enables holistic detection and vulnerability assessment of AI workloads to detect data leaks, injection issues and model theft. ➡ Read more

NIS2 Directive: Communicating implementation with managers

A free white paper helps CISOs speak the language of executives to advance the implementation of the NIS2 directive in the company ➡ Read more

NIS2 will soon come into force – 5 tips to prepare

The EU Directive NIS2 is due to come into force in Germany in October. It requires many companies to take greater cyber security precautions. ➡ Read more

Global danger: vulnerabilities in photovoltaic platform

As the experts at Bitdefender Labs have discovered, power outages are possible due to attacks on photovoltaic inverters and management platforms. A vulnerability was only discovered in ➡ Read more