Once mostly limited to social media entertainment or occasional political manipulation, they are now fully integrated tools in cyberattack tactics.

This shift represents more than a technological evolution; it marks a transformation where human perception itself has become an attack surface.

Recognizing a familiar voice or face is no longer a guarantee of authenticity.

In this context, businesses face a threat that relies less on raw technical skill and more on subtle manipulation of human behaviour.

Fraud campaigns now exploit cloned voices and manipulated videos to simulate authentic communications, deceiving even the most vigilant employees.

In February 2024, an employee at a Hong Kong multinational transferred €24 million after being duped by a deepfake.

The scam succeeded because everything appeared authentic: accent, rhythm, tone… The widespread availability of these tools, thanks to their low cost and accessibility, accelerates the industrialization of such attacks.

A technological threat turned human

Attack simulations conducted with international organizations show that deepfakes are no longer a futuristic hypothesis but an established reality. A 2024 Anozr Way report projected deepfakes could increase from 500,000 in 2023 to 8 million in 2025.

Deepfakes exploit a rarely anticipated cybersecurity vulnerability: our instinctive trust in human interactions.

Cloned voices impersonate executives; videos generated from public content are embedded in credible scenarios to deceive experienced staff. Beyond technical sophistication, the industrialization of these practices is what should raise alarm.

Voice cloning now requires only a few seconds of publicly available audio, often available via public media such as YouTube or TikTok, allows artificial voices to be generated within minutes at low cost.

These voices are then used in automated campaigns, including mass phone calls conducted by conversational agents simulating convincing human interaction.

This paradigm shift moves the attack vector from IT systems to human behaviour, exploiting trust, urgency, and voice recognition.

Identity: the new attack surface

Across recent breaches, including those impacting M&S and JLR, we are witnessing a clear shift in attacker behaviour.

Adversaries no longer “hack in”, they simply “log in”. They obtain valid credentials through phishing, vishing, and social engineering campaigns, then use them to operate under the radar of traditional defenses. Deepfakes now extend this pattern by enabling the theft and imitation of identity itself.

A cloned voice or AI-generated face can bypass skepticism, convincing employees they are interacting with a trusted colleague or executive.

Identity has become the primary currency of access. As organizations strengthen their technical controls, attackers increasingly exploit human trust as the easiest route inside.

This convergence of social engineering and AI-driven impersonation means the next wave of attacks won’t just target vulnerabilities in IT systems, they’ll target people.

Awareness, doubt, and verification: the new pillars of cybersecurity

Most companies have focused cybersecurity efforts on protecting systems and data. However, with deepfakes, humans become the entry point.

These attacks exploit a major gap in current cybersecurity: the lack of verification reflexes in voice and video communications.

While most organizations run phishing awareness campaigns via email, awareness of deepfakes remains minimal.

Unlike phishing, now well understood, falsified calls or video conferences remain largely underestimated. The realism of deepfakes, especially under stress or urgency, obscures subtle cues that could raise alarms.

Detection depends on noticing small inconsistencies such as timing delays or slightly robotic speech, signs that are easy to miss during a busy day.

Organizations need to establish verification practices that go beyond technical controls. This includes contextual questions that only legitimate colleagues would know, answers that change regularly (e.g., “When did we last meet?”), or confirmation through secondary channels. “Trust but verify” has long been a motto in cybersecurity, but identity-based attacks such as deepfakes make it more relevant than ever.

“Robocalls,” already widely used to target individuals with daily AI-driven calls, can also be exploited by adversaries for illegitimate purposes. Here too, slight timing delays and intonation are key indicators to identify.

Therefore, team awareness can no longer be limited to email. It must include these new scenarios, train employees to recognize manipulations, and foster a culture of systematic verification. Trust must no longer be implicit, even when it seems natural.

The threat of deepfakes can no longer be seen as a technological curiosity or niche risk. It fundamentally challenges how companies manage trust, decision traceability, and communication security.

Organizations must integrate these concerns into governance: crisis simulations, verification protocols, redundant information channels, and continuous training.

More than a technological response, this requires an organizational, cognitive, and cultural approach. Against a digital illusion that relies on familiarity, only active vigilance can prevent the next attack from coming… through the CEO’s voice.

However, with 5.24 billion of the world’s population using social media, online privacy has never been more at risk.

In light of this, AI prompt experts AIPRM have revealed key risks associated with oversharing on social media, from putting your privacy at risk, to damaging your personal and professional reputation.

They also offer practical tips on how to keep yourself safe online and protect your digital footprint, with expert commentary from Christoph C. Cemper, founder of AIPRM.

Five dangers of oversharing on social media

1. Identity theft 

A new fraud report has revealed that 421,000 cases of fraud were filed to the National Fraud Database (NFD) in 2024, the highest number on record, and identity fraud remains dominant as criminals favour impersonation tactics.

Concerningly, social media pages and accounts host a gold mine of personal information for criminals such as names, date of birth, home location, places of work, and even the details of our family and friends.

If criminals access this information, you can become susceptible to identity theft, as the fraudsters can use your personal details to impersonate you and gain access into your accounts, or even create new accounts in your name, such as bank accounts. In some cases, they may even manipulate your family and friends into sharing their data through identity theft.

Christoph C. Cemper advises:

“The host of readily available personal information on social media has made it even easier for criminals to carry out identity theft, and with the rise of AI’s capabilities, this is even quicker to do. By combining real data with fabricated details, AI can be used to generate realistic IDs, official documents, or utility bills. This makes identity theft much harder to detect. That’s why it’s crucial to think carefully about what you share online – not just to protect your own privacy, but also the security of your family and friends, who could be targeted by a fake version of you.”

2. Social Engineering and Financial Scams

Social engineering often involves attackers creating fraudulent social media profiles and using these to impersonate a trusted or legitimate individual or organisation.

Through this, they can psychologically manipulate victims into sharing information or clicking on links that are unsafe and contain malware or scams.

If scammers gain a user’s trust, they can then gain access to personal information, or even cause significant financial losses and personal data breaches.

Christoph C. Cemper states:

“It is vital to be wary of who you follow and interact with on social media. With deepfakes and AI becoming more prevalent and advanced, it is hard to tell if you are talking to a legitimate person or an attacker. Always be cautious when engaging with people on social media, and if they claim to be someone you know, be sure to ask them personal questions that only they would know the answer to.”

3. Deepfakes and Voice Cloning

Scammers need just three seconds of audio to clone a person’s voice, and with so many videos available on social media, it is becoming even easier for criminals to generate voice clones. Similarly, the wide array of selfies on social media has fuelled AI- powered scams.

From just a single image of your face, fraudsters can use AI to create a full photo, complete with a natural looking background and other aspects that appear authentic.

“Deepfakes are becoming widespread, and with our voices and images often available on social media, millions are at risk of becoming victims. To protect yourself, make sure that those you follow on social media and allow to view your content are people you know and trust. Having a publicly open profile increases your risk of being targeted. If you think you have been a victim of a deepfake, contact your local fraud centre as soon as possible to report it.”

4. Reputation damage

Oversharing on social media also carries the risk of personal or professional reputation damage. Engaging with the wrong things on social media can create a negative image of the user.

Not only are there risks in sharing inappropriate posts, or negative comments, there are also risks associated with interacting with or sharing  fake news which circulates rapidly on social media, spreading much quicker than real news.

“Malicious actors can spread misinformation and disinformation, which is notoriously hard to spot online.  Many people have fallen into the trap of engaging with this content, whether it be an AI generated image, or a fake article. Always fact check any news or sources you see on social media via trusted and reputable  sites, as unverified online information could be fake, and may even include fraudulent links.”

5. Dangers of oversharing about your child

Often known as ‘sharenting’, it is becoming increasingly common for parents to share information on their children via social media. However, there are dangers involved in this, as it instantly creates a digital footprint for your child, which can be used by criminals for harmful purposes.

For example, geotagging an image of your child can reveal the local area in which they may live or places they go to regularly.

Sharing their name, age, and photos can expose them to identity theft, allowing criminals to utilise their name to open fake accounts. There are also inherent social media dangers of potential cyberbullying and harassment.

Christoph C. Cemper advises parents to be vigilant:

“Cyber crime is rising rapidly, and exposing your child’s details online could see them fall victim to fraud or other crimes. If you want to share images or details on your child’s activities, it is always best to do this in private group chats with people you trust. I would always advise avoiding sharing this information on social media, due to the risks involved. If you do share information about your child via social media, ensure this is to a small, trustworthy following, and is not publicly available. Be sure to limit the information that you share about them and their whereabouts.”

A recent study found that nearly 60% of all online fraud cases in 2024 involved AI-powered scams, a number that hasn’t stopped growing as scams become more sophisticated. 

AI’s ability to mimic voices, faces, and even videos is making scams more personal and harder to detect.

Experts from Psono.com have warned about how scammers are now using AI to launch highly convincing attacks, including voice cloning and phishing emails. These advancements are creating added risks to personal data and financial security.

Let’s explore the various types of AI-powered scams plus ways to protect yourself from falling victim.

1. AI-Powered Scams: The Rise of Deepfakes

AI is now being used to create deepfakes, which can impersonate voices, faces, and even video footage of family members, friends, or colleagues. Through harvesting data from social media profiles, scammers can generate realistic recordings or videos that ask for money or sensitive information. 

This new level of impersonation makes it alarmingly difficult to distinguish genuine requests from fraudulent ones.

What to Do: If you receive an unexpected request from someone you know, always ask them questions that only the real person could answer. A vague or incorrect response is a red flag. Be cautious and verify before acting.

2. Gift Card Scams: Targeting Your Shopping Habits

During peak shopping seasons, scammers use AI to analyse online shopping patterns and target victims with gift card scams. They may impersonate a loved one or a store, asking for gift cards to resolve an emergency or issue. Once the gift card codes are shared, they are quickly redeemed, resulting in financial loss for the victim.

What to Do: Never share gift card information with anyone, especially if the request is unexpected or urgent. Always contact the person or company directly through verified channels to confirm the request before taking any action.

3. Vishing: The Telephone Scam

Vishing, or voice phishing, involves fraudsters impersonating trusted institutions, such as banks or government agencies, over the phone. They create a sense of urgency, claiming suspicious activity on your account, and pressure you into providing sensitive information.

What to Do: Legitimate organizations will never ask for sensitive information over the phone. If you receive such a call, hang up immediately and contact the institution directly using a verified number.

4. Smishing: The Phishing Text

Smishing scams are delivered through text messages, often posing as account updates or delivery alerts. The goal is to trick the recipient into providing personal credentials or downloading malicious software.

What to Do: Always check the sender’s number. If it doesn’t match the official organisation, it’s likely a scam. Don’t click on any links in unsolicited messages and verify the content with the company before acting.

5. Clone Phishing: Malicious Copies of Real Emails

Clone phishing occurs when scammers replicate legitimate emails, such as receipts or notifications, and replace the links or attachments with malicious ones. The familiarity of the original email makes the fraudulent one harder to spot.

What to Do: Always check the sender’s email address carefully. Hover over any links to see where they lead and, if in doubt, contact the sender directly via official communication channels.

6. Social Media Phishing: Fraud on Social Networks

Phishing on social media involves hackers using fake or compromised profiles to send messages that appear to come from trusted contacts. These messages may offer giveaways or ask for urgent action, often aiming to steal login credentials or other personal details.

What to Do: Never click on links sent through unsolicited messages. Double-check any request through official channels, and be cautious of login pages that look suspicious.

7. Man-in-the-Middle Attacks: Public Wi-Fi Hazards

Hackers can intercept data sent over unsecured public Wi-Fi networks, such as in cafes or airports, to steal passwords or banking information. These attacks are often unnoticed by the user but can have devastating effects.

What to Do: Avoid accessing sensitive accounts over public Wi-Fi. Use a Virtual Private Network (VPN) for added security, and ensure websites are encrypted by looking for “https://” in the URL before entering any personal information.

8. Ransomware: A Growing Threat

Ransomware attacks encrypt files or lock devices and demand payment to restore access. These attacks often begin with phishing emails or malicious downloads and can be financially ruinous.

What to Do: Regularly back up important files to an offline location and avoid downloading suspicious attachments. If attacked, report the incident to the authorities and seek professional assistance to mitigate the damage.

9. DNS Spoofing: Fake Websites Designed to Deceive

DNS spoofing involves redirecting users to fake websites that closely resemble legitimate ones. These fake sites are designed to steal login credentials or credit card information from unsuspecting visitors.

What to Do: Always double-check website addresses before entering any sensitive information. Look for “https://” in the URL, and consider using tools that protect against DNS attacks.

10. Fake Job Offers: The Scam Job Posting

Scammers often post fake job offers that promise high pay or flexible work arrangements, asking for payment or personal information upfront. These scams typically target those looking for remote work or those seeking employment during economic downturns.

What to Do: Before providing personal details or making payments, ensure the job offer is legitimate. Research the company thoroughly and contact them directly through verified channels to confirm the offer’s authenticity.

Sascha Pfeiffer, CEO of Psono, commented on the growing threat of AI in cybercrime, saying, “AI is changing how scammers operate, making their attacks more personal and harder to spot. They use tools to mimic voices, create fake videos, or send messages that seem to come from trusted contacts. It’s now easier than ever to fall for a scam, whether it’s a text from a friend asking for help or a gift card offer from a favourite store. Staying alert is important, as these scams can lead to serious financial losses. Under no condition should you share very personal data, such as passport details or credit card CVV, via email, phone, or any other method that can be easily accessed by hackers.”

Pfeiffer further advised, “If you hear the voice of a close person asking for help, take extra precautions to verify their identity by asking specific questions or details only they would know, ensuring you’re speaking to the real person.”

Stay Vigilant to Protect Yourself

AI is evolving and so are the tactics used by cybercriminals. Scams are becoming more realistic, personalised, and harder to detect. However, staying vigilant and adopting simple security practices will help individuals protect their personal information and avoid falling victim to these sophisticated attacks. 

Always verify requests, question any unusual behaviour, and remember that your data is valuable—take steps to keep it safe.

With a record number of elections scheduled in 2024 across 50 countries, concerns are mounting about the potential for AI-generated deepfakes to sway public opinion, particularly among vulnerable communities.

The rise of powerful generative AI tools, like the popular chatbot ChatGPT, has created a breeding ground for sophisticated deepfakes capable of spreading disinformation. 

The ease of access to these tools, allowing anyone to create fake videos, photos, and audio of political figures, amplifies the threat. 

Just this week, India’s Election Commission issued a warning to political parties, urging them to refrain from using deepfakes and similar tactics in their online campaigns.

In response to these concerns, major tech companies, including Microsoft and OpenAI, have pledged to collaborate and develop a common framework to address AI-powered manipulation in elections. 

Some companies are implementing individual safeguards within their software. Google, for example, has restricted its AI chatbot, Bard, from answering questions related to elections, while Meta, Facebook’s parent company, is taking similar steps with its chatbot.

OpenAI has also taken measures, launching a new deepfake detection tool specifically designed for researchers working in disinformation. 

This tool aids in identifying fake content generated by OpenAI’s own image creation software, DALL-E.

Again, OpenAI has joined the committee of the Coalition for Content Provenance and Authenticity (C2PA), an industry body already having members like Adobe, Microsoft, Google, and Intel.

The newly announced “Societal Resilience Fund” is another step in this collective effort towards responsible AI development. This $2 million initiative, detailed in a Microsoft and OpenAI blog post published today, aims to “further AI education and literacy among voters and vulnerable communities.” 

Grants will be awarded to select organizations, including Older Adults Technology Services (OATS), the Coalition for Content Provenance and Authenticity (C2PA), the International Institute for Democracy and Electoral Assistance (International IDEA), and the Partnership on AI (PAI).

Microsoft emphasizes that these grants aim to facilitate a broader understanding of AI and its capabilities across society. OATS, for instance, plans to utilize its grant to develop training programs for Americans over 50, focusing on the “foundational aspects of AI.”

“The launch of the Societal Resilience Fund is just the beginning of Microsoft and OpenAI’s commitment to address the challenges and needs in AI literacy and education,” said Teresa Hutson, Microsoft’s Corporate VP for Technology and Corporate Responsibility, in the blog post.

“We are dedicated to this work and will continue collaborating with organizations and initiatives that share our goals and values.”

Microsoft and OpenAI’s initiative aims to mitigate the potential dangers of AI in the political sector. Enhancing public education and collaboration within the tech sector will safeguard democratic processes from manipulation by AI-powered disinformation campaigns.

• Widening polarization expected in many elections, especially in the US and the EU where there is the potential for large insurance losses
• Terrorism, civil unrest, and environmental activism risks intensifying in volatile geopolitical environment
• Multinational businesses show an increasing interest in political violence insurance coverage to mitigate their risks
• Elections in Africa pose challenges and opportunities for political stability

With an unprecedented ‘super-cycle’ of elections in 2024, almost half the world’s populations will go to the polls before the year is out.

According to a new report from Allianz Commercial, security is a concern in many territories, not only from the threat of localized unrest but because of the wider-reaching consequences of electoral outcomes on foreign policy, trade relations, and supply chains.

The headline election will be in the US in November, when a narrow result could inflame existing tensions.

The European Parliament elections in June could also deepen divisions, if radical-right parties gain votes and seats.

As unrest can now spread more quickly and widely, thanks in part to social media, financial costs from such events for companies and insurers are mounting.

Economic and insured losses from just seven civil unrest incidents in recent years cost approximately US$13bn.

With the threat of terrorism also on the rise, and the prospect of greater disruption from environmental activists occurring, businesses will face even more challenges in the next few years and will need to anticipate as well as mitigate evolving risks with robust business continuity planning.

“So many elections in one year raise concerns about the fueling of polarization, with tensions potentially playing out in heightened civil unrest. Polarization and unrest within societies are fueled by fear. They undermine trust in institutions and challenge people’s sense of a common purpose built on shared values,” says Srdjan Todorovic, head of Political Violence and Hostile Environment Solutions at Allianz Commercial. “We also expect to see increased unrest around environmental issues in future, not only from activists, but from those who are pushing back against government climate mitigation policies.”

All eyes on elections in the US and the EU

The US presidential election in November is likely to be a close call, with the outcome depending on results in a handful of states.

A recent poll shows that more than one third of Americans believe President Biden’s election win in 2020 was not legitimate.

Widespread disaffection among voters could be exploited by misinformation created by artificial intelligence and spread via social media.

Deepfakes, disinformation and repurposed imagery, as well as customized messaging, could galvanize unrest or influence small but potentially decisive parts of electorates.

Many commentators have predicted that European Union elections in June could see a number of states politically shift to the right, with the potential for populist or far-right parties to gain votes and seats, building on a trend seen in 2023.

Any success for these parties across Europe could result in growing opposition to EU environmental, immigration and human rights policies.

“The impacts of a political shift to the right and subsequent policy changes endure long after a political party’s term in office,” Todorovic adds. “They fundamentally change societies and public attitudes and make the next electoral shift to the center or left seem drastic, creating the potential for schisms and potentially violent responses from those who feel underrepresented by a regime change.”

Elections in Africa pose challenges and opportunities for political stability

The African continent has also hit geopolitical risk headlines in recent years and 2023 was no different, with Niger and Gabon experiencing coups.

In Sudan, a civil war has led to the displacement of eight million people, including six million within the country – the largest internal displacement crisis in the world.

The year 2024 sees many African countries scheduled to have elections. The large scale of elections poses both challenges and opportunities for the continent’s political stability.

Most of the elections will be in Southern Africa including Botswana, Mauritius, Mozambique, Namibia, and South Africa.

West Africa will hold the second most in Burkina Faso, Ghana, Guinea Bissau, and Mali. In North Africa, Mauritania, Algeria, Libya, and Tunisia are set to host elections.

Ethiopia, Somalia, and South Sudan, Chad, and Rwanda in Central and Eastern Africa are scheduled to cast votes.

The South African elections in May are a potential flashpoint. Polls indicate votes for the ruling African National Congress (ANC) could dip below 50%, forcing it into a coalition – a first at the national level – after being in power for 30 years.

“South Africa suffers from high unemployment, particularly among the young, and significant wealth inequality,” says Etienne Cheret, regional practice group leader, Crisis Management France and Africa at Allianz Commercial. “Crime, corruption, and blackouts have caused widespread frustration. There is already a high level of disillusionment among the population, so we are watching the situation very closely.”

Environmental activism and terrorism threat expected to rise

Between 2022 and 2023, environmental activism incidents increased by around 120%. An impactful example was the arson attack on an electricity pylon in Germany by a left-wing extremist group.

This suspended production at a local Tesla plant in March 2024, leading to economic losses estimated in the hundreds of millions of euros, according to reports. In addition to high-profile protests, a trend towards using more targeted tactics, such as focusing on individuals or politicians, is evident. There is a chance that more environmental protests could escalate from acts of nuisance into larger criminal acts.

The number of deaths from terrorism increased by 22% in 2023 and is now at its highest level since 2017, although the number of incidents fell.

The major terror attack in Moscow in March has put the risk of politically or religiously motivated terrorism back on the global agenda with full force.

A primary driver is the radicalization of small parts of the population in certain regions, which is also fueled by the Israel-Hamas war leading to an increased risk in the US and Europe, as well as the exploitation of security vacuums in certain regions of Africa.

The epicenter of terrorism has moved from the Middle East and North Africa to Sub-Saharan Africa – the most affected region globally – and is largely concentrated on the Sahel region. Burkina Faso is the country most impacted by terrorism, with deaths increasing by 68% to almost 2,000 people – a quarter of all terrorist deaths globally.

“In Africa, peacekeeping forces have been withdrawing from the Democratic Republic of Congo and Somalia as well as from countries in the unstable Sahel region. This risks creating security vacuums, which could then be exploited by armed groups and militants,” adds Cheret.

Multinational companies show increasing demand for political violence insurance

Political violence activity can impact businesses in many ways. Those in the immediate vicinity of unrest can suffer material damage to property or assets and business interruption losses, while indirect damage can be inflicted on companies in the form of loss of attraction or denial of access to their premises.

“Businesses need to protect their people and property with forward planning, such as ensuring safe and robust business continuity planning is in place in event of an incident, increasing security, and reducing and relocating inventory if likely to be impacted by an event,” explains Todorovic. “Using scenario planning and tracking risks in areas key to their operations can raise businesses’ awareness of where political violence and civil unrest risks may be intensifying. Companies should also review whether their insurance policy covers the impact of risks such as strikes, riots, and civil commotion.”

The report notes that the recent history of losses from protests and civil unrest in countries such as Chile, South Africa, France, and the US means that interest for political violence insurance coverage continues to increase.

The greatest demand is from businesses with multi-country exposures rather than companies with smaller and simpler production and supply chains, although these can also be adversely impacted by such events.

[Featured Image Credit]