Accomplice AI: Theft of identity data 

Accomplice AI: Theft of identity data - Image by Eric Blanton from Pixabay

Share post

Identity data has always been one of cybercriminals' favorite loot. With their help, account compromises can be initiated and identity fraud committed. Now ChatGPT & Co are also helping with perfect phishing emails. A statement from Dirk Decker, Regional Sales Director DACH & EMEA South at Ping Identity.

The attackers usually use social engineering and phishing. The success rate of such attacks, mostly based on sheer mass, is limited. Individualized emails and messages tailored to a victim offer significantly higher success rates, but also require significantly more work and are therefore – so far – rather the exception.

ChatGPT & Co help with phishing

Until now, because with the appearance of the first AI-based chatbots, such as ChatGPT, emails and messages on social engineering and phishing aimed at the masses can now also be individualized - and this quickly, easily and effectively. The success rate of a single attack - let alone an entire campaign - can be greatly increased thanks to AI. Because even reply emails, up to longer, highly complex conversations, can be created 'realistically' automatically with AI-based chatbots. To do this, the AI ​​only needs the personal and personally identifiable data of its victims that is freely accessible to everyone on the Internet. She is even able to perfect emails and messages based on the positive and negative reactions of her victims.

Christina Lekati, an expert in defending against social engineering attacks, recently explained what such AI-based attacks on identity data can look like in practice in the article 'ChatGPT and the future of social engineering', which is well worth reading. The TÜV also assesses the emerging development as serious. In its recently published study 'Cyber ​​Security in German Companies', the association explicitly warns against the misuse of AI systems by cyber criminals - also and especially in the context of personalizing and optimizing spear phishing and social engineering campaigns.

Simulate AI-based phishing campaigns internally

In order to minimize the potential success rate of AI-supported campaigns, many experts now advise raising awareness of the problem in the workforce and simulating AI-based phishing campaigns in order to detect potential weak points and contain them in advance. Such preventive measures are all well and good – but they are not enough on their own. More is required – and now also possible. We are talking about the use of verified identity data and decentralized identity management and identity threat detection and response (ITDR) solutions.

In order to minimize the risk of fraud, many companies now require their customers to provide verifiable identity data, digital copies that can be 'certified' assigned to the person by a verifying third party - for example an authority. In order for customers to agree to share such high-quality identity data with a company, the company must first establish and guarantee an increased level of protection for the data.

Decentralized management of digital identities

Ping Identity, Dirk Decker, Regional Sales Director DACH & EMEA South (Image: Ping Identity).

The decentralized management of digital identities enables them to do just that. With a decentralized identity management solution, the storage, management and sharing of the verified identity data takes place via an encrypted digital wallet on the customer's smartphone. In this way, he always retains full control over his data. He alone decides what he wants to share, when and with whom.

Finally, ITDR allows identification, mitigation and appropriate response to identity-based threat scenarios such as compromised user accounts, compromised passwords, compromised data and other fraudulent activities. Machine learning is used to distinguish between typical and atypical, human and bot user behavior so that countermeasures can be taken at an early stage in the event of a compromise.

In the course of the growing misuse of AI, it is necessary and right to protect oneself more effectively than before against identity theft and account compromises - and thanks to verified identity data, decentralized identity management and ITDR it is now also possible. Next-generation identity management solutions - that much is certain - will no longer be able to avoid these features.

More at PingIdentity.com

 


About Ping Identity

Ping Identity is a guarantee of secure and seamless digital experiences for all users - without compromise. This is what we mean by digital freedom. We enable organizations to combine best-in-class identity solutions with the third-party services they already use to eliminate the use of passwords, prevent fraud, strengthen zero trust, or everything in between.


 

Matching articles on the topic

Digital identities: five challenges for 2024

Last year, generative AI and the global IT security situation made headlines. Both have an impact on digital identities and ➡ Read more

January 28, 2024: European Data Protection Day

January 28, 2024 is European Data Protection Day. In this context, it is important to raise awareness of privacy and data protection ➡ Read more

The most dangerous malware in November: Formbook 1st place

The most common malware in November 2023 is the infostealer Formbook and the most frequently attacked industry is ISP/MSP. Command Injection ➡ Read more

AI-based cybersecurity is still in its early stages

Cybersecurity managers see the great potential that lies in AI-based security solutions, but they are still being widely implemented in companies ➡ Read more

IT specialists: 149.000 positions unfilled in Germany

According to the Bitkom survey, positions for IT specialists remain unfilled on average for over seven months. 77% of those surveyed expect that the ➡ Read more

Artificial intelligence: The most important trends in 2024

Further developments in the area of ​​artificial intelligence pose both cybersecurity risks and opportunities for companies. Especially in ➡ Read more

Predictions for the security of cyber-physical systems 2024

The major geopolitical crises of the past year, such as Russia's ongoing war against Ukraine and the Middle East conflict, have occurred ➡ Read more

CISOs in 2024

What do CISOs think will happen in 2024? One is Sergej Epp, Chief Information Security Officer (CISO) for Central Europe ➡ Read more