AI is helping scammers steal fingerprints from selfies, make scam calls and hijack your summer reservations — learn how to protect your data

And, unlike a password that can be changed, biometric data — like your fingerprint, face, retina or voice — cannot.

But could this happen to you?

“This sounds like the stuff out of spy novels or Mission Impossible,” Vyas Sekar, a professor at Carnegie Mellon University, told CBS News. “In theory, it’s possible, especially if people are posting high-resolution images.”

Still, a hacker would also need access to a device that required a scan of your fingerprint, like your phone or laptop. It’s more likely a hacker would choose a “high-value target,” Sekar said, such as a person with access to a high-security facility.

High-profile personalities could potentially be more of a target. This happened back in 2014, when hacker Jan Krissler of the European hacker network Chaos Computer Club used photos of former German defense minister Ursula von der Leyen — now President of the European Commission — to recreate her fingerprint.

While the likelihood of a hacker stealing your fingerprint is fairly slim, authorities in Oklahoma have gone so far as to warn the public about the misuse of AI and high-resolution social media images to potentially steal biometric data.

The Wagoner County Sheriff’s Office is warning residents that stolen data could be used to breach fingerprint security systems on phones, laptops and other personal computing devices, according to KFOR News. This stolen data could also be used with phishing scams, identity theft schemes, fake account recovery attempts and impersonation fraud.

Common scams to watch out for

Hackers don’t need a copy of your fingerprint to target you for scams and fraud. Other types of attacks, such as voice cloning and AI impersonations, are easier to pull off.

Almost anyone can make a deepfake these days, thanks to the democratization of generative AI (GenAI).

“It’s already possible to go online and learn how to make a convincing deepfake, based on a mere three seconds of recorded audio of someone’s voice — using off-the-shelf, publicly available software,” according to KPMG. “On top of this, there is an emergence of ‘deepfake-as-a-service’ as a lucrative market on the dark web.”

Scams also tend to spike in summertime, according to Norton’s threat intelligence team. “People are understandably distracted, spending more on travel and tickets, tapping confirmation links without a second look,” Leyla Bilge, global head of scam research for Norton, said in a release.

But this summer, AI will do even more heavy lifting for cybercriminals.

“Voice cloning has made phone-based imposter scams harder to detect, and deepfake technology has made romance fraud and investment schemes more convincing,” according to Norton.

A “trending” scam to be aware of this summer is reservation hijacking, where scammers use lookalike booking platforms to “hijack” your reservation details and then attempt to trick you into sharing payment details or other sensitive information. It’s easy to fall for, since the scammers have your reservation number, making it look legit.

Other trending scams this summer include fake tickets for sold-out concerts, festivals and sporting events, as well as fake gambling sites for major sporting events like the World Cup. Ongoing scams include crypto and investment scams, tech support scams and AI romance scams.

How to protect your data

The Wagoner County Sheriff’s Office recommends taking precautions against potential biometric fraud, such as not posting close-up selfies that clearly show fingertips or palm details and using multi-factor authentication.

Multi-factor authentication requires you to provide two or more forms of verification to access an account or system, such as a password and biometric data. That way, even if someone steals your password (or replicates your fingerprint), they can’t get into your device if they can’t pass the second or third verification process.