AI/ML, Phishing

AI work pic trend poses social engineering risks

The Register writes that a popular AI work caricature trend on social media, where users ask ChatGPT to create images based on personal and professional information, presents potential security risks. Security analyst Josh Davies warns that this practice can expose individuals and their employers to social engineering attacks, LLM account takeovers, and the theft of sensitive data.

The trend involves users sharing AI-generated caricatures based on prompts like "create a caricature of me and my job based on everything you know about me." Davies explained that if an attacker gains access to a user's LLM account, they could view the prompt history, potentially revealing sensitive employer information. With millions of these images shared on platforms like Instagram, attackers can gather clues about individuals' professions and LLM usage. This information, combined with social media profiles, can be used to deduce email addresses through open-source intelligence, facilitating spear-phishing and social engineering attacks. The ultimate goal could be to steal corporate data from prompt histories for fraud, extortion, or resale.

The widespread use of personal LLM accounts for work-related tasks, often without corporate oversight, highlights a critical gap in visibility and governance. Organizations must implement policies to identify and manage AI tool usage, limiting access to sensitive systems and data.

Source: The Register

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds