Jun 26, 2026
Cyber scams are getting far more sophisticated, and the latest concern is unsettling: scammers may be able to extract your fingerprints from the photos you post on social media — and use AI to enhance and weaponize them against you.
Posts circulating online claim that hackers can lift your fingerprint from a high-resolution photo — a close-up selfie, a victory sign, a hand holding a receipt, even a wave — and then replicate it using AI. From there, the worry is they could use that fingerprint data to break into biometric-secured devices and accounts, or fuel identity theft and phishing attacks.
Advertisement
Unlike a password, you can’t change your biometric data — your fingerprint, face, retina or voice.
Thanks for subscribing!
The best of Money.ca
delivered weekly
By signing up, you accept Money.ca Terms of Use, Subscription Agreement, and Privacy Policy.
Could it really happen to you?
“This sounds like the stuff out of spy novels or Mission: Impossible,” said Carnegie Mellon University professor Vyas Sekar to CBS News. “In theory, it’s possible, especially if people are posting high-resolution images.”
Still, Sekar noted for a bad actor to put stolen biometric data to use, they would also need access to a device that requires a fingerprint scan — like your phone or laptop. A more likely target is a “high-value” individual, such as someone with access to a high-security facility.
That isn’t entirely theoretical. In 2014, Jan Krissler of the European hacker network Chaos Computer Club used photos of then-German defence minister Ursula von der Leyen — now President of the European Commission — to recreate her fingerprint.
While the average person isn’t likely to be targeted for fingerprint extraction, Canadian cybersecurity officials are raising concern about a wider pattern of AI-assisted biometric fraud.
In June 2025, the Canadian Centre for Cyber Security (CCCS) — a part of the Communications Security Establishment Canada — issued a joint advisory warning Canadians of an active campaign where malicious actors were using AI to impersonate high-profile public figures. The advisory noted that Canadian officials had “recently become aware of similar tactics targeting Canadians in a related or linked campaign” to one the FBI was already tracking.
The stakes here are real. According to the Canadian Anti-Fraud Centre (CAFC), Canadians reported a record $704 million in fraud losses in 2025 — and that figure represents only an estimated 5% to 10% of actual incidents. Identity fraud was the most commonly reported fraud type, accounting for 8,403 cases.
Consolidate your debt and simplify your life. Click here to find a no-annual-fee card that offers 0% interest for up to 12 months.
Advertisement
Must Read
- Warren Buffett used these 4 solid, repeatable money rules to turn $9,800 into a $150B fortune. Here’s how to apply them to your own life
- Stop the leak: 5 costs Canadians (still) overpay for every single month. How many are sabotaging your 2026 budget?
- Three in four Canadians say their insurance premiums have increased in the last two years. Compare 20+ quotes on Rates.ca and save up to 20% when you bundle home and auto
Join 19,000+ readers and get Money.ca’s best stories and exclusive interviews first — clear insights curated and delivered weekly. Subscribe now.
Common scams to watch out for
Hackers don’t need a copy of your fingerprint to target you. Other types of attacks — voice cloning and AI impersonations, in particular — are far easier to pull off and have already hit Canadians hard.
“It’s already possible to go online and learn how to make a convincing deepfake, based on a mere three seconds of recorded audio of someone’s voice — using off-the-shelf, publicly available software,” according to KPMG Canada. “On top of this, there is an emergence of ‘deepfake-as-a-service’ as a lucrative market on the dark web.”
The KPMG Canada Business Fraud Survey, conducted in February 2026 among 251 Canadian companies by the Angus Reid Group, found that 81% of businesses that have been defrauded say generative AI was used in the attack. The most common AI attack methods identified were AI-generated phishing emails and chats (60%), deepfakes and manipulated documents (39%) and voice-clone calls imitating executives (24%).
The CCCS’s National Cyber Threat Assessment 2025-2026 backs up this trend, noting that AI is helping to create attacks that are both personalized and persuasive. Publicly reported AI-generated harm incidents in Canada grew from 36 cases in 2022 to 107 in 2023.
Scams also tend to spike during the summer travel season. According to Norton’s threat intelligence team, “People are understandably distracted, spending more on travel and tickets, tapping confirmation links without a second look.”
“Voice cloning has made phone-based imposter scams harder to detect, and deepfake technology has made romance fraud and investment schemes more convincing,” according to Norton.
Advertisement
A trending scam to be aware of this summer is reservation hijacking, where fraudsters use lookalike booking platforms to steal your reservation details — then trick you into surrendering payment information. Because the scammer has your real reservation number, the approach can look completely legitimate.
Other active scams include:
- Fake tickets for sold-out concerts, festivals and sporting events
- Fake gambling sites tied to major events
- Crypto and investment scams
- Tech support scams
- AI romance scams
How to protect your data
The best way to protect your data is using a combination of healthy digital habits and technical safeguards.
Start with your social media. Avoid posting close-up photos that clearly show your fingertips or palm details — peace-sign selfies are a particular risk. Review your privacy settings on all platforms and limit the amount of personal information you share publicly.
Take advantage of multi-factor authentication (MFA) on all your important accounts. MFA requires two or more forms of verification — for example, a password and a one-time code sent to your phone — so that a stolen password (or replicated fingerprint) alone isn’t enough to break in.
Advertisement
Use a strong, unique password for every account. Anti-malware software, spam filters and caller ID protection add further layers of defence. Keep all software and operating systems updated with the latest security patches.
Be cautious of unsolicited calls, emails or texts asking for your personal or financial information — including your Social Insurance Number (SIN). Your SIN is described by cybersecurity experts as “the master key to our identity in Canada.” Guard it carefully: You’re legally required to share your SIN only with employers, some financial institutions — for interest-bearing accounts, for example — and specific government programs.
“Instead, contact them using a website you know is trustworthy. Or look up their phone number. Don’t call a number they gave you or the number from your caller ID,” advises the CAFC.
Don’t click on suspicious links in unsolicited messages, and hang up on suspicious calls even if the phone number looks legitimate — numbers can be spoofed. And if someone insists you pay with cryptocurrency, a wire transfer, a payment app or gift cards, treat that as a serious red flag.
What Canadians can do right now
If you suspect you’ve been targeted or victimized by online fraud or a cyber scam, here are your Canadian-specific next steps:
- Report to the CAFC and the RCMP’s National Cybercrime Coordination Centre (NC3) using the new centralized Report Cybercrime and Fraud portal at reportcyberandfraud.ca, or call 1-888-495-8501. You can report anonymously. Even if you weren’t a victim but witnessed a scam, a report helps law enforcement track trends and prevent future fraud.
- Contact your local police. File a police report and keep the report number for your records.
- Alert your bank and credit card providers immediately if you believe any financial accounts may be compromised.
- Contact Canada’s two main credit bureaus — Equifax Canada (1-800-465-7166) and TransUnion Canada (1-800-663-9980) — to place a fraud alert on your credit file.
- If your SIN may have been compromised, contact Service Canada (1-800-622-6232) and the Office of the Privacy Commissioner of Canada to report the breach and learn your options.
- Report spam and electronic threats (phishing texts, fraudulent emails) to the Spam Reporting Centre at fightspam.gc.ca, which enforces Canada’s Anti-Spam Legislation (CASL).
The best time to set up these protections is before you need them. Reviewing your privacy settings, activating multi-factor authentication and knowing who to call if something goes wrong takes minutes — and could save you far more than money.
You May Also Like
- This 7-step plan from Dave Ramsey is designed to help you ditch debt, save more and build wealth — here’s how it works
- Prioritize these 4 critical investments and watch your net worth skyrocket
- Focus on these 3 ‘magic numbers’ to become a millionaire — and only on these numbers. How do you stack up?
- Millionaires under 43 are reshaping investing — just 25% of their portfolios are in stocks. Here’s where their money is going
The most expensive financial mistakes are often the ones you don't see coming. Join 19,000+ Canadians who get the money moves, risks and opportunities shaping their finances — delivered free each week. Subscribe now.
Vawn Himmelsbach is a veteran journalist who covers tech, business, finance and travel. Her work has been featured in publications such as The Globe and Mail, Toronto Star, National Post, CBC News, Yahoo Finance, MSN, CAA Magazine, Travelweek, Explore Magazine and Consumer Reports.
