Accomplice AI: Theft of identity data 

Accomplice AI: Theft of identity data - Image by Eric Blanton from Pixabay

Share post

Identity data has always been one of cybercriminals' favorite loot. With their help, account compromises can be initiated and identity fraud committed. Now ChatGPT & Co are also helping with perfect phishing emails. A statement from Dirk Decker, Regional Sales Director DACH & EMEA South at Ping Identity.

The attackers usually use social engineering and phishing. The success rate of such attacks, mostly based on sheer mass, is limited. Individualized emails and messages tailored to a victim offer significantly higher success rates, but also require significantly more work and are therefore – so far – rather the exception.

ChatGPT & Co help with phishing

Until now, because with the appearance of the first AI-based chatbots, such as ChatGPT, emails and messages on social engineering and phishing aimed at the masses can now also be individualized - and this quickly, easily and effectively. The success rate of a single attack - let alone an entire campaign - can be greatly increased thanks to AI. Because even reply emails, up to longer, highly complex conversations, can be created 'realistically' automatically with AI-based chatbots. To do this, the AI ​​only needs the personal and personally identifiable data of its victims that is freely accessible to everyone on the Internet. She is even able to perfect emails and messages based on the positive and negative reactions of her victims.

Christina Lekati, an expert in defending against social engineering attacks, recently explained what such AI-based attacks on identity data can look like in practice in the article 'ChatGPT and the future of social engineering', which is well worth reading. The TÜV also assesses the emerging development as serious. In its recently published study 'Cyber ​​Security in German Companies', the association explicitly warns against the misuse of AI systems by cyber criminals - also and especially in the context of personalizing and optimizing spear phishing and social engineering campaigns.

Simulate AI-based phishing campaigns internally

In order to minimize the potential success rate of AI-supported campaigns, many experts now advise raising awareness of the problem in the workforce and simulating AI-based phishing campaigns in order to detect potential weak points and contain them in advance. Such preventive measures are all well and good – but they are not enough on their own. More is required – and now also possible. We are talking about the use of verified identity data and decentralized identity management and identity threat detection and response (ITDR) solutions.

In order to minimize the risk of fraud, many companies now require their customers to provide verifiable identity data, digital copies that can be 'certified' assigned to the person by a verifying third party - for example an authority. In order for customers to agree to share such high-quality identity data with a company, the company must first establish and guarantee an increased level of protection for the data.

Decentralized management of digital identities

Ping Identity, Dirk Decker, Regional Sales Director DACH & EMEA South (Image: Ping Identity).

The decentralized management of digital identities enables them to do just that. With a decentralized identity management solution, the storage, management and sharing of the verified identity data takes place via an encrypted digital wallet on the customer's smartphone. In this way, he always retains full control over his data. He alone decides what he wants to share, when and with whom.

Finally, ITDR allows identification, mitigation and appropriate response to identity-based threat scenarios such as compromised user accounts, compromised passwords, compromised data and other fraudulent activities. Machine learning is used to distinguish between typical and atypical, human and bot user behavior so that countermeasures can be taken at an early stage in the event of a compromise.

In the course of the growing misuse of AI, it is necessary and right to protect oneself more effectively than before against identity theft and account compromises - and thanks to verified identity data, decentralized identity management and ITDR it is now also possible. Next-generation identity management solutions - that much is certain - will no longer be able to avoid these features.

More at


About Ping Identity

Ping Identity is a guarantee of secure and seamless digital experiences for all users - without compromise. This is what we mean by digital freedom. We enable organizations to combine best-in-class identity solutions with the third-party services they already use to eliminate the use of passwords, prevent fraud, strengthen zero trust, or everything in between.


Matching articles on the topic

SMEs: threatened by cyber risks

Cyber ​​attacks are a challenge for SMEs. Around half of SMEs worldwide have been the target of one. T-Security Challenge ➡ Read more

Financial sector pays record sums in ransomware attacks

The number of annual ransomware attacks on companies in the financial sector is constantly growing: while it was 2021 percent in 34, it has increased ➡ Read more

Ward driving with artificial intelligence

AI tools are now used millions of times to research topics, write letters and create images. But also in the area ➡ Read more

Analysis: This is how an attack by the Akira ransomware group works

South Westphalia's IT was attacked by the hacker group "Akira", which has meant that numerous local governments have only been able to work to a limited extent for weeks. ➡ Read more

The financial industry cannot ignore the cloud

Although the security requirements for cloud computing are particularly high in the financial industry, more and more financial institutions are relying on cloud solutions. Greater flexibility, slimmer ➡ Read more

More cyber attacks on critical infrastructure

Critical infrastructures are increasingly becoming the focus of cybercriminals. More than half of the attacks come from groups close to the state. ➡ Read more

Cybercriminals use Dropbox for attacks

Business email compromise (BEC) attacks are becoming more and more common. Hackers get into your mailbox via Dropbox. The experts at Check Point Research warn ➡ Read more

ChatGPT: Risks of professional use

Many Germans use ChatGPT in their everyday professional lives. This can jeopardize the security of sensitive data. According to a representative survey ➡ Read more