Deep Fakes Now Being Used To Apply For Jobs
Key Points:
- Deepfakes, based on artificial intelligence and machine learning, are so realistic that they can easily fool most unsuspecting people.
- The FBI and other government agencies warn that cybercriminals and malicious actors use deepfake technology to infiltrate U.S. companies.
- Extra precautions must be taken when interviewing candidates online for remote positions.
The FBI issued a warning recently with the title, “Malicious Actors Almost Certainly Will Leverage Synthetic Content for Cyber and Foreign Influence Operations.” The report highlighted cybercriminal techniques commonly known as deepfakes.
Based on artificial intelligence (AI) or machine learning (ML) technologies, synthetic content is generally protected under the First Amendment. However, the FBI has the authority to investigate malicious synthetic content originating from foreign actors or associated with criminal activity. As a result, the FBI warns companies that malicious actors are using deepfake content to apply for remote jobs.
What Is a Deepfake?
Today, AI and ML technology has become so sophisticated that now you can essentially create fake people. Furthermore, technology enables these virtual “people” to speak, respond, and act like normal living, breathing people.
Deepfake techniques enable cybercriminals to create a video that appears natural with realistic movements and audio. The complex technology is a blend of animation and photorealistic art. Deepfakes are created using an AI database that accurately mimics people’s faces and voices to the extent that they are nearly impossible to tell from the real thing.
If you’re looking at a screen and interacting with a deepfake, there’s a good chance that you will think you are talking to a real person. When you do an online search for deepfakes, you’ll see a ton of them that have been made and are so realistic that you tell yourself this has to be a real person, that it can not be something artificial that exists only in the cyber world.
What Is the Threat?
What was initially created as an interesting and exciting oddity has now become a tool foreign countries use to try and infiltrate companies in the United States. And they’re doing it by creating these deep fakes of people and then stealing credentials and information of real people. Cybercriminals are stealing people’s personally identifiable information, also known as PII, and then using that information to apply for employment in industries that offer remote jobs.
In today’s work environment, there are a large number of jobs that are remote only, especially in the information and technology industry. The employee never visits the company’s headquarters for many of these positions. And in many instances, the employer might not even have a brick-and-mortar building where they are headquartered. Today many of these tech companies exist solely on the internet.
Cybercriminals will steal a person’s PII and apply for these jobs using factual information that the potential employer can track. For example, the identity theft victim’s social security number, driver’s license, and other accurate information can often provide potential employers with the credentials needed to earn a remote face-to-face interview. Then, when they go to that interview, whether it is on Zoom, WebEx, or some other video app, they use these deep fakes to hide their true identity and come across as somebody who is genuinely a qualified job candidate.
And they’re using images of real people. So they go online and find John Doe’s picture. They already have all of John Doe’s information, so it’s hard to detect that it’s not the real John Doe. So then they manipulate the image with the technology behind the scenes to make your face talk and respond like a real person.
The idea is to get hired for these technology jobs so that they can infiltrate these companies. They aim to steal information from a company or use those companies to access data from other government agencies. So, for example, they might get a job at a high-security company like Lockheed and then use that information to gain access to classified information that the government has given Lockheed.
The FBI’s warning indicates that this is a real threat and that they have seen instances of its use. While they are not sure how many people have been hired using this kind of deepfake technology, they are warning businesses to be careful and take precautions. Business Identity Compromise, or BIC, where deepfake tools are used to create fake personas or imitate existing employees, can cause significant financial and reputational damage to businesses and organizations that become victims.
How Can Companies Protect Themselves?
Individuals and organizations can lower their risk of becoming a victim of malicious actors using deepfake technology by adopting good cyber hygiene and taking other security measures. For example, companies may have to get more thorough in their analysis of potential job applicants. Taking additional precautions is especially important if you, like many companies, are only doing remote interviews.
Your interview process could require multiple interviews and maybe some other proof of the applicant’s identity beyond an application and the interview. You may have to start running background checks on candidates before you hire them rather than afterward so that you can make sure they are who they say they are.
The FBI was among several agencies to warn companies about individuals working for the North Korean government applying to remote positions in IT or other tech jobs back in May. The department of homeland security issued a similar warning to us because we are a government contractor and have access to some of that information.
Both agencies offered the same warning and specifically noted that government contractors are being targeted very heavily by these fake employees because cybercriminals recognize that these contractors sometimes have access to confidential information or classified information. And if they can get into one of these companies and access their computer systems, they can get the keys to the kingdom.
Stay Secure With Alvarez Technology Group
Keeping your organization secure is a challenge that is continually evolving and requires constant vigilance. Cybercriminals and malicious actors are interested in your data and the data of partner businesses and organizations. At Alvarez Technology Group, we are experts at keeping you and your business safe. Our team monitors current threats to ensure our clients are prepared and protected. Contact us today to learn more about how our team can help protect you and your organization.
