Do Not Post These Photos On Your Facebook Or Instagram Account

Do not post these photos on social media.

NurPhoto via Getty Images

The old rules no longer apply. Your smartphone is now under attack from AI-fueled threats that are impossible to detect in the real world. In recent months “a significant leap in the evolution of these threats” means you need to change how you act. And that includes restricting what you post on your Facebook and Instagram accounts.

The latest warning comes courtesy of Kaspersky. “Phishing and scams are evolving at a rapid pace, “ it says, “fueled by AI and other new technology.” As fast as you catch on, “cybercriminals change their tactics and develop more sophisticated schemes.”

AI has replaced “fake emails and websites” with “deepfakes, voice cloning and multi-stage tactics to steal biometric data and personal information.”

ForbesMicrosoft Issues Free Update Offer To Millions Of Windows UsersBy Zak Doffman

These new attacks include harvesting “social media and corporate data to stage highly convincing phishing attempts,” hijacking legitimate platforms including “Google Translate and Telegraph to bypass security filters,” and the “theft of immutable data: biometrics, signatures, and voiceprints” plus “circumventing 2FA.”

And that means you need to “limit your digital footprint.” In other words you must be careful what you post on Facebook, Instagram or anywhere else. Any media that can be farmed for personally identifiable information is dangerous. And when that information relates to your workplace or your colleagues, the threat is even worse.

As risky as it might be to disclose your address or your kids’ names or the places you visit and shop, the real prize is to use your details to trick your colleagues or to harvest confidential workplace information that’s inadvertently visible in a photo. “Do not post photos of documents or sensitive work-related information, such as department names or your boss’s name, on social media,” Kaspersky emphasizes.

Simple rule — before you post, ask yourself what information a bad actor might glean from the image or the tags or the comments you include. Remember, in a threat landscape powered by AI, productivity is enhanced and collating this data is easy.

Kaspersky says large language models can “quickly analyze open-source data from media outlets, corporate websites, and social media. Threat actors are actively using specialized AI-powered OSINT tools to collect and process this information.”

ForbesIf Your Amazon Password Is On This Website, Change It NowBy Zak Doffman

This enables attacks to be “highly tailored to a specific victim or a group of victims – for example, members of a particular social media community.” This newfound level of personalization “dramatically increases the effectiveness of social engineering, making it difficult for even tech-savvy users to spot these targeted scams.”

When it comes to the actual attack lures, Kaspersky highlights texts and emails drafted by AI to avoid clumsy grammar and spelling, or to perfectly replicate an email from Microsoft or Google or Apple, or to mimic any brand’s website style and imagery.

Kaspersky’s other advice is “critically evaluate any unexpected calls, emails, or messages,” and do not click any links. “Verify sources of data requests and never share OTPs with anyone.” And to “be suspicious of any videos featuring celebrities.”