Accomplice AI: Theft of identity data 

Accomplice AI: Theft of identity data - Image by Eric Blanton from Pixabay

Share post

Identity data has always been one of cybercriminals' favorite loot. With their help, account compromises can be initiated and identity fraud committed. Now ChatGPT & Co are also helping with perfect phishing emails. A statement from Dirk Decker, Regional Sales Director DACH & EMEA South at Ping Identity.

The attackers usually use social engineering and phishing. The success rate of such attacks, mostly based on sheer mass, is limited. Individualized emails and messages tailored to a victim offer significantly higher success rates, but also require significantly more work and are therefore – so far – rather the exception.

ChatGPT & Co help with phishing

Until now, because with the appearance of the first AI-based chatbots, such as ChatGPT, emails and messages on social engineering and phishing aimed at the masses can now also be individualized - and this quickly, easily and effectively. The success rate of a single attack - let alone an entire campaign - can be greatly increased thanks to AI. Because even reply emails, up to longer, highly complex conversations, can be created 'realistically' automatically with AI-based chatbots. To do this, the AI ​​only needs the personal and personally identifiable data of its victims that is freely accessible to everyone on the Internet. She is even able to perfect emails and messages based on the positive and negative reactions of her victims.

Christina Lekati, an expert in defending against social engineering attacks, recently explained what such AI-based attacks on identity data can look like in practice in the article 'ChatGPT and the future of social engineering', which is well worth reading. The TÜV also assesses the emerging development as serious. In its recently published study 'Cyber ​​Security in German Companies', the association explicitly warns against the misuse of AI systems by cyber criminals - also and especially in the context of personalizing and optimizing spear phishing and social engineering campaigns.

Simulate AI-based phishing campaigns internally

In order to minimize the potential success rate of AI-supported campaigns, many experts now advise raising awareness of the problem in the workforce and simulating AI-based phishing campaigns in order to detect potential weak points and contain them in advance. Such preventive measures are all well and good – but they are not enough on their own. More is required – and now also possible. We are talking about the use of verified identity data and decentralized identity management and identity threat detection and response (ITDR) solutions.

In order to minimize the risk of fraud, many companies now require their customers to provide verifiable identity data, digital copies that can be 'certified' assigned to the person by a verifying third party - for example an authority. In order for customers to agree to share such high-quality identity data with a company, the company must first establish and guarantee an increased level of protection for the data.

Decentralized management of digital identities

Ping Identity, Dirk Decker, Regional Sales Director DACH & EMEA South (Image: Ping Identity).

The decentralized management of digital identities enables them to do just that. With a decentralized identity management solution, the storage, management and sharing of the verified identity data takes place via an encrypted digital wallet on the customer's smartphone. In this way, he always retains full control over his data. He alone decides what he wants to share, when and with whom.

Finally, ITDR allows identification, mitigation and appropriate response to identity-based threat scenarios such as compromised user accounts, compromised passwords, compromised data and other fraudulent activities. Machine learning is used to distinguish between typical and atypical, human and bot user behavior so that countermeasures can be taken at an early stage in the event of a compromise.

In the course of the growing misuse of AI, it is necessary and right to protect oneself more effectively than before against identity theft and account compromises - and thanks to verified identity data, decentralized identity management and ITDR it is now also possible. Next-generation identity management solutions - that much is certain - will no longer be able to avoid these features.

More at


About Ping Identity

Ping Identity is a guarantee of secure and seamless digital experiences for all users - without compromise. This is what we mean by digital freedom. We enable organizations to combine best-in-class identity solutions with the third-party services they already use to eliminate the use of passwords, prevent fraud, strengthen zero trust, or everything in between.


Matching articles on the topic

Robotics, AI or company cars – where managers see cyber threats

German and Swiss C-level managers see a need for action, especially for home offices, to better protect sensitive data in the future. ➡ Read more

NIS2 Directive: 6 tips for implementation in companies

The EU NIS2 Directive will soon require many companies to meet higher cybersecurity standards - the law is expected to be ready in October 2024 ➡ Read more

Without an emergency plan, data loss is inevitable

In the Uptime Institute survey, 60 percent of companies say they have had a ➡ Read more

Win 11 Copilot+ Recall: Microsoft is building IT security under pressure

Shortly after Microsoft boss Satya Nadella introduced Copilot+ Recall for Windows 11, experts in IT security had devastating verdicts ➡ Read more

Cybersecurity: Lack of alignment between CEOs and CISOs

87 percent of CISOs surveyed in the Dynatrace CISO Report 2024 stated that CEOs are blind to user security. 70 percent of the ➡ Read more

CISOs under pressure: Should downplay cyber risks

The study results on dealing with cyber risks in companies are quite impressive. The Trend Micro study shows: three quarters of Germans ➡ Read more

Cyber ​​insurance: What helps against rising costs?

Cyber ​​insurance protects companies financially from cyber attacks. As the threat situation increases, insurance companies are increasing the costs of annual premiums. Company, ➡ Read more

Ransomware: 97 percent of those affected seek advice from the authorities

An enormous number of companies turn to official institutions in the event of a cyber attack. The current Sophos State of Ransomware report confirms that ➡ Read more