When you click on”Accept all cookies“click, you agree to the storage of cookies on your device to improve website navigation, analyze site usage, and support our marketing efforts. For more information, see our privacy policy.
preferencesRejectaccepting

Identity fraud 2.0, how AI creates new risks

Valentina Benedetto
11.9.2025
Artificial intelligence makes it easier than ever for criminals to falsify deceptively real identities. Learn how so-called synthetic identities are used for fraud in applications or finances and how companies can protect themselves from the new risks through AI-generated photos, CVs and votes.
To the Video

The American company KnowBe4, which helps other companies protect themselves from fraud and hacker attacks, received what appeared to be a completely normal application. The curriculum vitae was convincing; lots of experience, good education, friendly profile.

The professional application photo showed a middle-aged man. He was perfectly illuminated, had a neutral facial expression, a smart look and precisely styled hair. He looked like someone you could hire. The online profile also appeared credible. It featured a well-connected person with an impressive professional history.

During the interview, a man sat in front of the camera who appeared competent. There was no reason to doubt, and he got the job.

The only problem was that his entire identity was made up.

He was sent home a company laptop, which is common among developers who work from home. But then internal alarms went off at the Security Operations Center. As soon as the new employee had the computer in his hands, he began to install malware. That person wasn't who they pretended to be. She had stolen a real person's profile. The photo, curriculum vitae and online traces were either made up or came from other people.

And who was behind it? This attack attempt could be attributed to organized North-Korean hacker groups. Fortunately, there was no damage. But the incident shows something fundamental: Today, identities can be falsified in a deceptively real way.

These are called synthetic identities

These are artificially created identities that either consist entirely of fictitious data or are composed of a combination of real and fabricated personal information. They serve different purposes:

Technology and AI training:

  • So that programs can learn without using real people
  • To safely test new systems
  • To improve privacy and fairness

Cybercrime:

  • Fraudsters use real data such as social security numbers and mix it with false information
  • How they open bank accounts, apply for loans, or engage in other forms of fraud
  • It often takes a long time before the fraud is noticed

Unlike identity theft, no real person is affected here, but a completely new identity is created.

Why is that dangerous?

Artificial identities are used to deceive companies when it comes to applications, emails or phone calls, for example. Since there is no real person behind it, they remain undetected longer. No one complains about an incorrect invoice or an unsolicited credit card.

Artificial intelligence not only makes these identities more credible, but also easier to create. Potential risks for companies include:

  • Financial losses due to fraud
  • Reputation damage in cases of fraud
  • Difficult detection during onboarding
  • Delayed fraud discovery

Companies and private individuals are exposed to new methods of attack. Traditional protection mechanisms such as passwords, PINs, document-based verification (e.g. ID checks), personal security questions or on-site identification procedures (such as the post-identification process) are often insufficient to effectively prevent modern fraud attempts and misuse of synthetic identities.

What is being falsified?

A fake identity is invented out of thin air. Behind this, however, is a precise Tetris with individual components that can come from different sources.

Fake photos (fake headshots): Headshots are either regenerated with modern AI image generators or, as in the case of KnowBe4 mentioned above, selected from royalty-free image tools such as “Canva”. They are misused for fake profiles on social networks, application documents or even for fake identity documents.

Chat-gpt Prompt: “Create an image that shows a professional headshot application photo of a middle-aged man in a professional pose. ”

Fake social media profiles and job histories (GPT and LinkedIn fakes): Powerful language models such as GPT-4 can create authentically looking CVs, detailed professional careers and complete LinkedIn profiles within a very short period of time. These profiles often contain consistent information on previous positions, project experience and even fake recommendations, making them appear very credible at first glance.

ChatGPT prompt: “Create a sample resume for him. He has an MBA and works in large companies in Switzerland.” “Could you make a PDF out of it? ”

Fake voices (voiceprints): Shockingly enough, very short audio samples of just a few seconds, for example from online meetings, phone calls, podcasts, or public YouTube videos, are often enough to clone a real person's voice.

Fake portfolios and resumes: The elements mentioned above are often supplemented by AI-generated or cleverly copied work samples, certificates and project portfolios to round off the image of a real, competent person.

How can you identify and avoid fraud involving synthetic identities?

Strong customer identity verification and onboarding is critical:

This should rely on advanced identity checks, such as biometric facial recognition with authentication (liveness detection) and document authentication. In this way, fake or synthetic identities can be identified as soon as the account is created.

Access rights should be strictly managed:

They should be assigned on a “need-to-know” basis and unusual attempts to access or requests to sensitive data should be monitored. Multi-factor authentication should be enabled by default and a strong phishing defense should be enabled.

Sensitize employees:

Teams should receive regular training on social engineering, identity fraud, and current scams. In this way, abnormalities can be reported more quickly. Security incidents should be used as a learning opportunity and communicated transparently internally.

Would you like to find out how well your company is protected against synthetic identity fraud?

Then arrange a non-binding consultation with our experts now! We analyse your processes, identify potential weak points and give you specific recommendations on how you can effectively protect your company.

Get in touch now and create security!

sources:

Sjouwerman, Stu. “How a North Korean Fake IT Worker Tried to Infiltrate Us.” Accessed July 12, 2025. https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us.

Computerweekly.de. “AI increases risk of synthetic identity fraud | Computer Weekly.” Accessed May 29, 2025. https://www.computerweekly.com/de/meinung/KI-steigert-die-Gefahr-des-synthetischen-Identitaetsbetrugs.

“Synthetic Identities: The New Threat - IT Management Online Portal”, February 22, 2022. https://www.it-daily.net/it-sicherheit/identity-access-management/synthetische-identitaeten-die-neue-gefahr.

“What is synthetic identity fraud? How can you stop him? [2025]”, July 7, 2023. https://www.iproov.com/de/blog/synthetic-identity-fraud-explained-with-biometric-solution/.

GermanEnglish

Mehr Posts von uns

Security

The new generation of cyber threats: deepfakes, spear phishing, and AI-based attacks

An Icon of a calendar
23.7.2025
An icon of a clock
3'
Lesezeit
News

Alessandro: The interface between ideas and impact

An Icon of a calendar
7.8.2025
An icon of a clock
2'
Lesezeit
News

Sinan, the haven of peace in the project storm: An interview with our new ICT architect

An Icon of a calendar
2.7.2025
An icon of a clock
2'
Lesezeit
info@linkyard.ch
+41 31 508 76 20
Offerings
Business InnovationIT ManagementProductsExperts
Webpage
HomeblogAbout usCase studiesCareer
Utility
imprintPrivacy statementTERMS AND CONDITIONS
Contact
linkyard AG
Junkerngasse 39
3011 Bern
switzerland