"I can't let anyone see or know my ATM card pin, else they might use it to withdraw all my money!"; This is what we tell ourselves.
In our digital world today, people carefully shield their ATM keypad when typing their PIN at an ATM stand. Some people even turn back to see if someone is suspiciously looking at them. I've once queued next to a lady who was withdrawing some cash from the ATM and when she turned back and saw that I was looking straight at her, she almost started cursing at me and at a point I thought she might even slap me because of the way she frowned. That is how far people can go to protect their confidential information. You will see someone hug the ATM machine just to hide four digits but then, an hour later, that same person is sitting in their living room uploading a detailed video of their day; how it went, what they encountered, who they interacted with, who came first to the office, what kind of food they ate at work, who offended them at work, and so much more. Most times, these posts clearly show the route they took to work, the layout of their homes or offices and high-resolution clips of their faces along with clear audio of their voice. The point is, we fiercely protect a four-digit number that can be changed in seconds, yet we freely broadcast the immutable details of our daily existence. It is a logic that highlights the most dangerous blind spot in the modern world of cybersecurity.
Many of us grew up being told to protect our Personally Identifiable Information(PII); things like our date of birth, home address, or government ID numbers. We believed that as long as this traditional data was hidden, we were safe from identity theft. The question we should all be asking ourselves is that "Is there something else more important that we haven't really learnt to protect?" The truth is, with the evolution of Artificial Intelligence, the digital world has moved from "complicated" to "complex." Due to thousands of corporate data breaches over the past decade, a lot of that static information is already floating around the dark web. Hackers simply go to the dark web, buy exposed credentials, use them to log into real accounts and impersonate the real owners of the accounts, allowing them to perform privilege escalation if the right configurations are not put in place in the organization's, IT infrastructure. In a simple way we say that "Hackers no longer hack, they simply log in." So, what you call your personal information which you go to far lengths to protect is only safe because most times, these hackers are afraid of how the Law will penalize them if they get caught.
Moreover, these hackers have shifted their focus to a new approach: YOUR PRIVATE LIFE. Every time you post about the stress of your current job, tag your location at a neighborhood spot, or share a rant about your morning routine, you are giving away the keys to your private life. In other words, you are leaving behind a massive digital footprint that can prove dangerously useful in the wrong hands.
The modern attacker does not need your password; they need your face and your voice. All they need to do is scrape just thirty seconds of audio from a public social media video and use AI to create a flawless synthetic clone of your voice. They then use this clone to launch devastating social engineering attacks. Surprisingly, one of the most terrifying trends right now is virtual kidnapping. Hackers and scammers can track your social media posts, and know when you are on a flight, in a meeting or are engaged with a busy schedule and use your cloned voice to call your family, screaming for help and begging them to wire emergency funds. Most times, because of familial love, your family members panic and in that short period, so much is lost; money, reputation, properties and much more. Keep in mind, there is no traditional hacking involved here, just public social media data combined with AI.
A lot of people have the mentality that no one would target them simply because they are not CEOs of companies, or millionaires. What everyone should be aware of in this AI era is that their reputations and relationships are the new currency. Attackers can download your social media pictures, run them through AI and generate realistic images of all kinds that can be used against you based on their interest. Anything is possible as AI deepfakes have made distinguishing between the real and fake "you" become almost impossible. Put simply, hackers and scammers do not need to steal your money directly, they only need to hold your reputation hostage. If you post on professional networks about looking for a new job or dealing with a specific software issue at work, an attacker can craft a highly convincing email posing as a recruiter or IT support. They will then trick you into clicking a malicious link thereby using your public routine and everyday frustrations as the bait.
In order to protect yourself from this new wave of cyber threats, you don't necessarily have to delete your social media account and disappear from the internet entirely. It simply requires a shift toward harm reduction and mindful posting. If what you are about to post can be used against you in the next 5 years, don't post it; it's better to be safe than carry self-inflicted guilt. Always treat your photos and videos like a movie set; audit the background and make sure to remove work ID badges, passwords on monitors or anything that is identifiable. Make sure to always delay your posts till the end of an event to avoid real time monitoring of your location. Most importantly, establish a random safe word with your family members and close friends. If anyone ever receives a frantic phone call from you asking for money or claiming to be in trouble, they must ask for the safe word to verify it is actually you and not an AI voice clone.
The definition of personal data has evolved. It is no longer just the numbers on your NIN, Driver's License or debit cards; it is the entirety of your daily life. So, from now onwards, start treating your private life with the exact same caution you use when shielding your PIN at the ATM. "Make sure to pause before you post."