Kaspersky warns that sharing personal context with these tools can facilitate identity impersonation and social engineering attacks
A new trend has gone viral on social media: users share a personal photo and ask Artificial Intelligence tools to create a caricature or illustration based on their life, their job, and “everything the AI knows” about them. The result showing animated versions of the person at the office, with their family, or representing their profession has become frequent content on Instagram, TikTok, and LinkedIn.
While the trend may seem creative and entertaining, cybersecurity specialists warn that this practice can expose personal information and enable the creation of personalized, large-scale fraudulent messages, a very real threat today.
According to Kaspersky experts, this type of request does not work like a simple visual filter. To achieve more accurate images, people allow AI tools to access all the information associated with their profiles without restrictions, since the instruction itself is embedded in the command “create a caricature about me and my job based on everything you know about me.” In addition to the reference photo, extra data such as company name, corporate logos, job title, city, daily routines, hobbies, and other family details are often included and used to create the trend.
Each of these data points is a key piece in building a detailed digital profile. By combining image, text, and context, habits, relationships, frequently visited places, and professional responsibilities are revealed information that cybercriminals can exploit to craft more sophisticated scams. As a result, a fraud attempt that mentions where someone works, their job title, or even a family member becomes far more convincing and increases the likelihood that the victim will trust it and share sensitive information or money.
“This viral trend of caricature creation of our lives may seem like harmless fun, but it is effectively a voluntary briefing for cybercriminals. Every time users in APAC prompt an AI with details about themselves just to see a clever illustration, they are handing over the blueprints for a perfect social engineering attack.”
-Adrian Hia, Managing Director for Asia Pacific at Kaspersky
This risk is particularly acute in the APAC region. Despite a high AI adoption rate, with 78% of professionals using AI weekly (surpassing the global average of 72%), many users still struggle with basic technical literacy, leaving them vulnerable to social engineering and phishing.
In addition, when interacting with these platforms, users are not only sharing the final image. Depending on the service and its privacy policies, the original photo, the text or instructions written by the user, usage history, and certain technical data such as IP address, device, or interaction patterns may also be stored. Part of this information may be retained to operate the service, improve performance, or train AI models, meaning the content does not necessarily disappear after the caricature is generated and may remain longer than users expect.
“This viral trend of caricature creation of our lives may seem like harmless fun, but it is effectively a voluntary briefing for cybercriminals. Every time users in APAC prompt an AI with details about themselves just to see a clever illustration, they are handing over the blueprints for a perfect social engineering attack,” says Adrian Hia, Managing Director for Asia Pacific at Kaspersky.
“In a region where AI adoption is leading the world but technical literacy is still catching up, these digital portraits are becoming dangerous maps. We are essentially giving scammers the ‘context’ they need to turn a generic phishing email into a highly convincing, personalized scam that can bypass even a cautious user’s defenses,” add Hia.
While these tools can be a fun way to experiment with digital creativity, experts recommend adopting more cautious habits when participating in this type of trend. To reduce risks, Kaspersky experts recommend:
- Avoid entering identifiable data in prompts, such as full name, job title, company, city, address, schedules, or routines even if it seems “just to personalize” the image
- Do not upload photos that show logos, credentials, documents, license plates, screens, building façades, or any element that could help locate you or associate you with an organizatDo not share information or images of minors, nor reveal family details that could be used to impersonate close contacts or design emotional scams.
- Review the platform’s privacy policy and permissions before using it, especially regarding content retention and the use of data for training or service improvements.
- Complement caution with active digital protection: solutions such as Kaspersky Premium help reduce risks from malicious links, dangerous downloads, and phishing techniques associated with these trends, while reinforcing the security of the devices used to create and share this content.
