Consumer protection

Fake Google Forms phishing campaign targets job seekers

A phishing campaign is targeting job seekers with fake Google Forms pages designed to harvest account credentials. Attackers are using a spoofed domain, forms.google.ss-o[.]com, to mimic the legitimate Google Forms service and trick victims into signing in.

The fraudulent pages advertise a Customer Support Executive role and prompt applicants to enter personal details before clicking a ‘Sign in’ button. Victims are then redirected to id-v4[.]com/generation.php, a domain previously linked to credential harvesting campaigns.

Researchers identified the operation as part of a broader wave of job-themed phishing attacks. The attackers used a script called generation_form.php to create personalised tracking links and implemented redirects to evade security analysis by sending suspicious visitors to local Google search pages.

Security experts warn that the campaign relies on domain impersonation techniques, including the use of ‘ss-o’ to resemble ‘single sign-on’. The fake site reproduces Google branding elements and standard disclaimers to increase credibility.

Users are advised to avoid clicking unsolicited job links, verify opportunities through official channels, and enable multi-factor authentication. Password managers and real-time anti-malware tools can also reduce exposure to credential theft.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

EVMbench from OpenAI, Paradigm and OtterSec measures AI smart contract risks

OpenAI, with Paradigm and OtterSec, introduced EVMbench to test how AI agents detect, patch, and exploit smart contract flaws. The benchmark draws on 120 real vulnerabilities from 40 blockchain projects to better reflect live conditions.

Researchers report that leading agents can now discover and exploit end-to-end vulnerabilities in live blockchain instances. Over six months, exploit success rates rose sharply, prompting both praise for improved auditing capabilities and concern over the rapid scaling of offensive skills.

EVMbench evaluates agents across three modes: detect, patch, and exploit. Each stage reflects increasing technical complexity and mirrors the responsibilities faced in production blockchain environments, where contracts are often immutable, and errors can lead to irreversible losses.

Recent incidents underline the stakes. A vulnerability in AI-generated Solidity code reportedly mispriced an asset, triggering liquidations and losses. Such cases highlight the risks of deploying AI-written financial logic without rigorous human review and governance safeguards.

While EVMbench advances measurement of AI capabilities, it remains limited to curated vulnerabilities and sandboxed conditions. As blockchain adoption expands and criminal misuse evolves, researchers stress the need for responsible AI development alongside stronger innovative contract security practices.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Lithuania selects Swiss firm Procivis for national eIDAS 2.0 wallet sandbox

Swiss firm Procivis has secured a contract to deliver Lithuania’s end-to-end Digital Identity Wallet sandbox, supporting the country’s preparations under eIDAS 2.0. The project will establish a national testbed for digital ID use cases and interoperability across the European Union.

Selected by Lithuania’s digitalisation agency, Procivis will build a platform for public authorities and relying parties to test secure digital wallet use cases. The sandbox will validate readiness ahead of the EU’s 2027 digital identity wallet deadline.

The updated eIDAS 2.0 technical framework sets out how wallets will store and share trusted digital credentials and electronic identification. Governments and private organisations will be able to integrate services into the wallets, streamlining authentication, onboarding, and cross-border access.

Across Lithuania and the EU, testbeds and large-scale pilots have been central to turning regulatory requirements into interoperable infrastructure. Lithuania’s sandbox will also support activities under the EU’s LSP Aptitude consortium, which is testing cross-sector digital identity solutions.

Procivis said the collaboration aims to accelerate practical validation while ensuring compliance with European standards on security, interoperability, and data protection. The company stated that supporting a timely, budget-aligned implementation of eIDAS 2.0 remains central to its mission.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

India’s UIDAI rolls out AI-enabled biometric deduplication and document verification platform

UIDAI has deployed an advanced platform that uses AI-enabled models to improve biometric deduplication, the process of ensuring that each resident has a unique identity record, by checking fingerprints, facial images and iris scans against the entire Aadhaar database.

The authority describes this system, developed with the International Institute of Information Technology, Hyderabad, as an ‘Invisible Shield’ that can perform billions of computations efficiently at a population scale, running on high-performance inference infrastructure such as NVIDIA DGX systems to enhance accuracy and speed nationwide.

In addition to biometric matching, the platform incorporates AI-based document metadata extraction and verification to curb enrolment fraud, using secure APIs (e.g. DigiLocker) for source-of-truth checks against submitted documents.

The system is already being rolled out in several states. It is expected to expand across India in the coming months, boosting service quality, reducing turnaround times for Aadhaar enrolment and update transactions, and reinforcing trust in the digital identity infrastructure.

The initiative is part of a broader push to leverage AI for fraud detection and identity assurance at a national scale. It comes amid ongoing efforts by UIDAI to modernise authentication processes as biometric and AI-based systems evolve.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Brand turns AI demon into marketing stunt

Beverage company Liquid Death triggered confusion during the Winter Olympics after airing an AI advert featuring a figure skater who transforms into a red-eyed demon. The commercial appeared on Peacock’s Olympics stream but was not posted online, leaving viewers questioning whether it was real.

The brand later confirmed the advert was intentional and designed to parody fears around AI. According to Liquid Death, the limited run and lack of online acknowledgement were meant to amplify the sense of unease during the Winter Olympics broadcast.

Marketing analysts said that brands are increasingly leaning into AI scepticism to build trust with wary consumers. Campaigns from Equinox and Almond Breeze have similarly contrasted human authenticity with AI-generated content.

Despite the strategy, the Winter Olympics stunt drew criticism on social media, with some users labelling the advert AI slop. The reaction highlights both the risks and rewards for brands experimenting with AI-themed messaging.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

South Africa balances fintech innovation with financial stability

South Africa’s fintech sector has evolved from a niche disruptor into a pillar of the digital economy, fuelled by rapid digital adoption and entrepreneurial growth. Regulators are now tasked with supporting innovation in decentralised finance and AI while safeguarding market stability and consumer protection.

Coordinated oversight has been central to that effort. The Intergovernmental Fintech Working Group, bringing together the National Treasury, the South African Reserve Bank and the Financial Sector Conduct Authority, promotes a harmonised and principle-based regulatory approach.

A significant turning point came when crypto assets were classified as financial products under the Financial Advisory and Intermediary Services Act. Licensing requirements for Crypto Asset Service Providers and alignment with Financial Action Task Force standards strengthened consumer safeguards and anti-money laundering controls.

Fintech also plays a growing role in financial inclusion, particularly through mobile money, digital lending and digital payments. Wider access to affordable financial tools supports inclusive economic growth across underserved communities.

AI presents fresh regulatory questions around bias, transparency and operational resilience. Ensuring compliance with the Protection of Personal Information Act while encouraging responsible experimentation remains central to South Africa’s evolving fintech strategy.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

MIT study finds AI chatbots underperform for vulnerable users

Research from the MIT Centre for Constructive Communication (CCC) finds that leading AI chatbots often provide lower-quality responses to users with lower English proficiency, less education, or who are outside the US.

Models tested include GPT-4, Claude 3 Opus, and Llama 3, which sometimes refuse to answer or respond condescendingly. Using TruthfulQA and SciQ datasets, researchers added user biographies to simulate differences in education, language, and country.

Accuracy fell sharply among non-native English speakers and less-educated users, with the most significant drop among those affected by both; users from countries like Iran also received lower-quality responses.

Refusal behaviour was notable. Claude 3 Opus declined 11% of questions for less-educated, non-native English speakers versus 3.6% for control users. Manual review showed 43.7% of refusals contained condescending language.

Some users were denied access to specific topics even though they answered correctly for others.

The study echoes human sociocognitive biases, in which non-native speakers are often perceived as less competent. Researchers warn AI personalisation could worsen inequities, providing marginalised users with subpar or misleading information when they need it most.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

UK sets 48-hour deadline for removing intimate images

The UK government plans to require technology platforms to remove intimate images shared without consent within forty-eight hours instead of allowing such content to remain online for days.

Through an amendment to the Crime and Policing Bill, firms that fail to comply could face fines amounting to ten percent of their global revenue or risk having their services blocked in the UK.

A move that reflects ministers’ commitment to treat intimate image abuse with the same seriousness as child sexual abuse material and extremist content.

The action follows mounting concern after non-consensual sexual deepfakes produced by Grok circulated widely, prompting investigations by Ofcom and political pressure on platforms owned by Elon Musk.

The government now intends victims to report an image once instead of repeating the process across multiple services. Once flagged, the content should disappear across all platforms and be blocked automatically on future uploads through hash-matching or similar detection tools.

Ministers also aim to address content hosted outside the reach of the Online Safety Act by issuing guidance requiring internet providers to block access to sites that refuse to comply.

Keir Starmer, Liz Kendall and Alex Davies-Jones emphasised that no woman should be forced to pursue platform after platform to secure removal and that the online environment must offer safety and respect.

The package of reforms forms part of a broader pledge to halve violence against women and girls during the next decade.

Alongside tackling intimate image abuse, the government is legislating against nudification tools and ensuring AI chatbots fall within regulatory scope, using this agenda to reshape online safety instead of relying on voluntary compliance from large technology firms.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Summit in India hears call for safe AI

The UN Secretary General has warned that AI must augment human potential rather than replace it, speaking at the India AI Impact Summit in New Delhi. Addressing leaders at Bharat Mandapam in New Delhi, he urged investment in workers so that technology strengthens, rather than displaces, human capacity.

In New Delhi, he cautioned that AI could deepen inequality, amplify bias and fuel harm if left unchecked. He called for stronger safeguards to protect people from exploitation and insisted that no child should be exposed to unregulated AI systems.

Environmental concerns also featured prominently in New Delhi, with Guterres highlighting rising energy and water demands from data centres. He urged a shift to clean power and warned against transferring environmental costs to vulnerable communities.

The UN chief proposed a $3 billion Global Fund on AI to build skills, data access and affordable computing worldwide. In New Delhi, he argued that broader access is essential to prevent countries from being excluded from the AI age and to ensure AI supports sustainable development goals.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Microsoft outlines challenges in verifying AI-generated media

In an era of deepfakes and AI-manipulated content, determining what is real online has become increasingly complex. Microsoft’s report Media Integrity and Authentication reviews current verification methods, their limits, and ways to boost trust in digital media.

The study emphasises that no single solution can prevent digital deception. Techniques such as provenance tracking, watermarking, and digital fingerprinting can provide useful context about a media file’s origin, creation tools, and whether it has been altered.

Microsoft has pioneered these technologies, cofounding the Coalition for Content Provenance and Authenticity (C2PA) to standardise media authentication globally.

The report also addresses the risks of sociotechnical attacks, where even subtle edits can manipulate authentication results to mislead the public.

Researchers explored how provenance information can remain durable and reliable across different environments, from high-security systems to offline devices, highlighting the challenge of maintaining consistent verification.

As AI-generated or edited content becomes commonplace, secure media provenance is increasingly important for news outlets, public figures, governments, and businesses.

Reliable provenance helps audiences spot manipulated content, with ongoing research guiding clearer, practical verification displays for the public.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Diplo chatbot can make mistakes. Consider checking important information.