This Viral Trend Gives Scammers a Perfect Script

The “Cute” Cartoon Trend That’s a Social Engineering Goldmine

As security awareness professionals, we know that the hardest threats to defend against aren’t complex hacks—they’re the ones that use a “smiling face” to bypass our guard. The latest viral AI caricature trend (where users ask ChatGPT to create a cartoon of them at their desk) is exactly that. It’s fun, it’s engaging, and for a scammer, it’s essentially a pre-written script for a perfect social engineering attack.

When employees participate in these trends, they often feed AI a dangerous trifecta: a high-res photo of their face, their specific job identity, and a collection of personal interests. This provides everything a threat actor needs to craft a believable “work support” vishing call or a highly targeted “pig-butchering” scam.

Advice to Encourage Among Employees

To help your team enjoy AI trends without handing over the keys to their identity, encourage these “Automotive-style” safety checks for their digital lives:

• Audit the “Memory” Prompt: Many users use prompts like “Create this based on everything you know about me.” Remind your staff that ChatGPT’s memory can contain years of potentially sensitive chat history. Advise them to treat AI like a “helpful stranger” in a coffee shop—if you wouldn’t tell a stranger your employer’s name or your specific desk location, don’t type it into a prompt.

• Keep it Generic: If an employee must participate, teach them to use generic identifiers. Instead of “a nurse at Mayo Clinic,” suggest “a generic healthcare worker in a blue scrub set.” This prevents scammers from knowing exactly which organization to impersonate in a follow-up phishing attempt.

• The “Face” Factor: Discourage using the same high-quality headshots found on LinkedIn or work badges for these generators. Using a less-identifying, non-front-facing photo makes it significantly harder for attackers to use the source image for deepfakes or identity verification bypasses.

• Privacy Hygiene: Use these viral moments as a “teachable moment” to remind employees to check their OpenAI Data Controls. Disabling “Improve the model for everyone” ensures their personal details aren’t being used to train the next generation of LLMs.

• Post-Trend Cleanup: Encourage employees to “clean up the trail” by using tools like Google’s “Results About You” to remove personal contact info that might be used to validate the details found in their AI cartoons.

By shifting the focus from “don’t have fun” to “have fun safely,” you build a culture of vigilance that extends far beyond the office walls.

Read the full breakdown of the risks behind viral AI trends here: This Viral Trend Gives Scammers a Perfect Script