"GPT, draw me as you see me"... Fears of 'AI voice phishing' [Daily IT Item]

As artificial intelligence (AI)-based caricature and animation services gain popularity, security experts warn that entering excessive personal information can lead to impersonation and hacking risks. To prevent the widespread exposure of sensitive personal data, users are advised to avoid providing information that can identify them.
According to Kaspersky and other security firms on the 15th, content is rapidly spreading on social networking services (SNS) such as Instagram, TikTok, and LinkedIn where users upload their photos and input details like their job, daily life, and family information to generate AI caricatures or illustrations. Prompts such as "ChatGPT, draw an image of me as you imagine based on what you know" are also being shared on SNS, encouraging users to have AI create pictures of them using accumulated data.
Kaspersky reports that when making these requests, many users enter a wide range of data, including company name, job title, place of residence, hobbies, and family information. Such details can go beyond simple image generation and be compiled into a digital profile that reveals a person's behavior patterns and social relationships.
Kaspersky warned, "When images are combined with text and contextual information, cybercriminals can design sophisticated scam scenarios that reflect a victim's workplace, role, and close contacts," adding, "These schemes can appear more credible than typical phishing attempts, increasing the likelihood of financial fraud or theft of personal information."
The Asia-Pacific (APAC) region appears particularly vulnerable, as the use of AI is relatively high while understanding of the technology remains comparatively low. Some 78% of professionals in the region use AI at least once a week, exceeding the global average of 72%, yet their basic security awareness is seen as lagging behind.
Experts also point out that the risks are not limited to the generated images themselves. Text entered by users, usage logs, Internet Protocol address (IP address), and device information can all be stored on the platform. Some of this data may be retained long term for service improvement or AI model training, meaning a broader range of information could be used than users expect.
Adrian Hia, Managing Director for Asia Pacific at Kaspersky, said, "The AI caricature trend may look like harmless fun, but in reality it is similar to voluntarily handing over personal information to cybercriminals," and added, "The information users provide can be used to craft highly sophisticated social engineering attacks."
In response, Kaspersky recommends refraining from entering identifiable information such as real names, job titles, company names, and locations when using AI content-generation services, and avoiding the upload of images that could reveal or suggest one's identity or whereabouts. The company also emphasized the need for caution, urging users to review privacy policies and the scope of data usage before using such services.
kaya@fnnews.com Choi Hye-rim Reporter