Cybercriminals Are Building AI-Enhanced Fake Identities Using Real Stolen Data

06/02/2025
personal identity card

As cybercriminal tactics grow more sophisticated, simply staying cautious online is no longer enough to protect consumers from scams and digital fraud, according to a new report from cybersecurity firm ESET. The study highlights how attackers are now creating synthetic digital identities — blending real stolen personal data with machine-generated details — to bypass fraud detection systems and exploit victims more effectively.

ESET, the Slovak-based global provider of security solutions for home and business users, warns that criminals no longer need to rely solely on scam calls or fake utility bills. Payment details entered on seemingly legitimate websites, or connections made via public Wi-Fi, can be just as dangerous.

AI-Enhanced Synthetic Identities on the Rise

Cybercriminals are increasingly combining data stolen from real people — such as names, addresses, social security numbers, and banking credentials — with fabricated information to build new, hard-to-detect identities. These synthetic profiles often slip past fraud prevention systems and can be used to open accounts, make unauthorized purchases, or even commit further identity theft by targeting victims’ friends and relatives.

Fortunately, some modern consumer security packages now include dark web monitoring features that continuously scan for personal information being traded or offered for sale on illicit platforms. Users receive alerts if their data appears in these underground markets, allowing them to act quickly.

Popular Attack Vectors: From Public Wi-Fi to Infostealers

According to ESET’s experts, the range of attack methods continues to expand. Criminals are actively searching for:

  • Personal and financial data
  • Social security and passport numbers
  • Corporate and personal online account credentials
  • Health records and crypto wallets

Among the most common tactics:

  • Malicious card skimming software that secretly captures payment information during online transactions.
  • Rogue Wi-Fi hotspots masquerading as legitimate networks, designed to intercept sensitive data.
  • Infostealer malware distributed via hacked games, fake apps, or seemingly harmless downloads, capable of harvesting files, passwords, crypto assets, and even keystrokes.
  • Malvertising campaigns, where attackers buy premium ad slots to distribute malware disguised as legitimate software.
  • Phishing websites that mimic trusted brands or services, often with domain names altered by a single character, luring users to input their data or automatically infecting devices upon visit.

Stay Informed, Stay Protected

ESET emphasizes the importance of staying updated on the latest scam trends through trusted resources like free cybersecurity podcasts — notably, Hackfelmetszők – Veled is megtörténhet! (which translates to Cyber Detectives – It Could Happen to You!).

The company recommends proactive measures:

  • Install reputable security software
  • Use strong, unique passwords
  • Regularly check bank and online account activity
  • Be skeptical of unsolicited messages, especially those urging urgent action or containing clickable links and attachments

What to Do If You Fall Victim

If fraud occurs, victims should immediately report the incident, freeze bank cards, notify their bank and local authorities, and contact consumer protection agencies where applicable. Public awareness is key — sharing incidents can help others avoid falling into similar traps. In a digital world where cybercrime adapts faster than ever, vigilance, education, and layered security remain the best defenses.

 

Read more..

Brad Smith Microsoft

Microsoft offers free assistance to European governments

06/05/2025
quantum computing

Quantum Computing and the Future of Data Security

06/05/2025
DDoS

Lightedge Fortifies Global DDoS Defense with $1.2M Corero Network Security Expansion

06/01/2025