Shielding Your Privacy from ChatGPT Ads: How to Protect Yourself in the Age of AI The classic stamp scam has evolved: now it arrives via email, with perfectly crafted messages, precise personal data, and deepfakes that mimic voices and faces with astonishing fidelity. In 2025, artificial intelligence ceased to be a promise and became the most powerful tool of cybercrime. "Deceiving a person remains the most profitable attack," says Manuel Achaques, Presales Team Lead at Hornet Security for Iberia, Italy, and Latin America. "The difference is that now AI allows this to be done on a large scale and with unprecedented personalization." The balance of the last year is clear: attacks are more effective, not because users are more careless, but because cybercriminals have access to advanced tools and leaked data from massive breaches in airlines, utilities, and public administrations. Names, addresses, phone numbers, and emails fuel hyper-personalized attacks that are hard to detect. The average citizen is especially vulnerable. Frauds arrive via SMS, WhatsApp, or calls, with personal information that surprises due to its accuracy. "Our data is already in compromised databases," warns Achaques. Therefore, experts insist on changing passwords across services, activating multi-factor authentication, and, above all, not acting hastily in response to urgent messages. "Urgency is the most commonly used psychological trick," emphasizes Achaques. Companies face an even more critical landscape. Supply chain attacks, targeting less protected suppliers, have increased. "Attackers look for the easiest entry point," explains Alex Rocha, Country Manager Iberia at Armis. The attack surface has expanded: IT systems, cloud, OT, IoT, and now corporate AI. Unmonitored assets can be the entry point for lateral movements within the network, turning incidents into crises. Critical infrastructures are priority targets. An attack can disrupt essential services and undermine public trust. The Spanish public sector, with accelerated digitalization and legacy systems, is particularly vulnerable. Ransomware, which encrypts data and demands a ransom, has become professionalized: attackers steal information before encrypting it and sell access on the black market. Paying does not guarantee data recovery, and double extortion is now common. The use of AI in the workplace adds risks. "Many employees upload confidential information to public models unknowingly," warns Achaques. It is essential to establish clear policies and raise awareness about the safe use of these tools. Looking ahead to 2026, AI will not only enhance attacks but will also be capable of launching autonomous and adaptive campaigns. Deepfakes will be nearly indistinguishable, and synthetic identities will further complicate fraud detection. Additionally, quantum computing threatens to break current encryptions: criminals are already storing encrypted data to decrypt it in the future ("harvest now, decrypt later"). What can organizations do? Experts recommend three pillars: total visibility of assets, proactive threat anticipation, and resilience to recover from incidents. Cyber exposure management platforms help identify and mitigate vulnerabilities before they are exploited. Layered protection (strong passwords, multi-factor authentication, biometrics, recovery plans) remains essential, but resilience is key: assume that an attack will come and be prepared to minimize the impact. The human factor remains the weakest link. Continuous training and phishing simulations are essential. Regulation, such as the NIS2 directive and certifications like CCN-ENS Alto, drives the adoption of security measures. Spain has internationally recognized defense teams and organizations like Incibe or CCN, the result of years of public-private investment and collaboration. The message is not one of alarm but of preparation: the technology used by attackers is also available to defenders. AI can detect anomalies, automate responses, and personalize defenses. For citizens, the key is to develop digital security habits: unique passwords, multi-factor authentication, and skepticism towards urgent messages. "It's not about disconnecting but about adapting and preventing," concludes Achaques. Just as we protect our homes, we must protect our digital lives. Source: eldiadecordoba.es