Deepfakes—a word combination of “deep learning” and “fakes”—is a revolutionary technology with various purposes.
At the Illinois Holocaust Museum and Education Center, deepfake technology has allowed people to “interview” a holocaust survivor and listen to firsthand accounts of the events. The movie industry has also used it to resurrect or de-age actors digitally.
Although there are many benefits from deepfake technology, many have found ways to use it for malicious purposes, and one such use is deepfake fraud, where it has been gaining popularity lately. This involves scammers trying to defraud organizations using the technology, who will then steal sensitive information and even valuable company secrets for personal gain.
How Does Deepfake Hiring Fraud Happen?
Deepfake technology requires deep learning and artificial intelligence (AI) algorithms which typically use complex face-swapping techniques.
The Federal Bureau of Investigation (FBI) released a public service announcement on June 28, 2022, about an increase in the use of deepfake technology and stolen Personally Identifiable Information (PII) when applying for remote work positions.
People can’t make deepfakes without reference materials. According to Protocol, one possible way for scammers to obtain the references needed to impersonate someone else is by posting fake job openings. They gather and harvest personal information and resumes, among others, from interested job applicants, which adds another layer to identity theft.
Although the technology is highly advanced, scammers don’t need much to execute deepfake fraud; they only require photos of the person they intend to imitate. There are also publicly available applications such as Xpression Camera—typically used for entertainment—that enable anyone to alter their likeness in a real-time video call.
The Goals of Getting In
Scammers use deepfake fraud for money and access to sensitive information. According to the FBI PSA, scammers tend to focus on applying for informational technology (IT) positions, which are roles that allow access to corporate IT databases, customer PII, and proprietary information.
Another possible objective that scammers may have is to gain intelligence as an act of international espionage and intrigue. In an advisory, the FBI and US State and Treasury departments warned businesses to be wary of North Korean workers posing as non-North Koreans to gain employment in IT roles, especially in crypto startups.
According to the advisory, the Democratic People’s Republic of Korea (DPRK) sends thousands of highly skilled IT professionals worldwide to earn money and help fund the creation of weapons of mass destruction (WMD).
5 Ways to Avoid Hiring Deepfake Applicants
The threat of deepfake fraud means that you’ll need to update your candidate screening and identity authentication methods. As an IT professional, updating your processes is necessary to help improve your company’s hiring operations and avoid falling victim to deepfake fraud.
Since it’s difficult to catch a deepfake fraud, prevention is better than detection.
1. Verify real identity before hiring and do a thorough background check
A candidate’s valid government IDs, such as their passport or driver’s license, can help you verify their real identity. However, ask for these IDs after you’re prepared to hire them. They may file a discrimination lawsuit against you if they provide you with their IDs early on in the process and fail to get hired.
Consider doing background checks on all of your employees to ensure that all workers are who they say they are.
2. Take extra caution when hiring IT personnel who’ll be granted high-security clearances
Do an extra-thorough background check when you plan to hire someone for an IT role where they may have access to your company’s sensitive information. Consider checking their criminal records and working with cybersecurity experts to verify their identity.
3. Do in-person interviews, if possible
In-person interviews are your best defense against deepfake frauds. These interviews allow you to ensure that each person is who they say they are. Consider in-person interviews, even with remote workers, if your business can make it happen.
4. Pay special attention to their facial expressions
According to the FBI, you can spot a deepfake fraud by keeping your eye on the candidate’s mouth during your video interview. There may be times—such as when they cough or sneeze on camera—when their movements don’t coordinate with their audio.
You may also ask them to turn their heads to the left or right; live deepfakes distort the facial image when the user turns their head 90 degrees from the camera.
5. Ask them to share their screen
If you still feel something is unusual during the interview, consider asking the candidate to share their screen. Doing so may allow you to catch whether or not they may be talking to proxies that coach them through their interview questions.
Verify Identities and Protect Your Business
Deepfake technology has provided people with many opportunities to learn and be entertained. But it has also given scammers a new, dangerous tool to steal identities and defraud businesses.
While cybersecurity trends show that governments are taking a more active role in defending the public against cyber threats, there are steps you can easily take to safeguard your business today.
Cybersecurity experts can help you strengthen your data and know your employee authentication solutions. Q5id provides identity proofing and authentication tools that can play an integral role in avoiding deepfake fraud or hiring fake candidates.
Contact us to discover how our cybersecurity services can benefit your business.
"*" indicates required fields