Security analysts are warning social media users about a growing trend: sharing AI-generated caricatures that include their full names and professional details. While seemingly harmless, this trend provides cybercriminals with a roadmap for targeted attacks.
How the Scam Works
According to reports from The Register, hackers use the public information found in these images to fuel multi-step attacks:
- Data Gathering: Attackers use the name and profession shown in the image to identify a user's corporate email address using AI tools.
- Phishing Attacks: Once the email is identified, the criminal launches a phishing campaign to steal the user's login credentials.
- Data Theft: If the attacker gains access to the victim’s AI account (such as ChatGPT or Midjourney), they can view the prompt history. This often contains sensitive corporate data, private project details, or internal code snippets.
How to Protect Yourself
To stay safe, security experts recommend the following:
- Limit Personal Details: Avoid sharing AI images that display your full name or specific workplace.
- Clear Your History: Regularly delete sensitive prompt histories from AI platforms.
- Enable MFA: Use multi-factor authentication on all social media and AI tool accounts to prevent unauthorized access.
