At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Stolen PII and deepfakes used to apply for remote tech jobs

    Ransomware

    The Federal Bureau of Investigation (FBI) warns of increasing complaints that cybercriminals are using stolen Personally Identifiable Information (PII) and deepfakes to apply for remote work positions.

    Deepfakes (digital content like images, video, or audio) are sometimes generated using artificial intelligence (AI) or machine learning (ML) technologies and are difficult to distinguish from authentic materials.

    Such synthetic content has been previously used to spread fake news and create revenge porn, but the lack of ethical limitations regarding their use has always been a source of controversy and concern.

    The public service announcement, published on the FBI’s Internet Crime Complaint Center (IC3) today, adds that the deepfakes used to apply for positions in online interviews include convincingly altered videos or images.

    The targeted remote jobs include positions in the tech field that would allow the malicious actors to gain access to company and customer confidential information after being hired.

    “The remote work or work-from-home positions identified in these reports include information technology and computer programming, database, and software-related job functions,” the FBI said.

    “Notably, some reported positions include access to customer PII, financial data, corporate IT databases and/or proprietary information.”

    Video deepfakes are easier to detect

    While some of the deepfake recordings used are convincing enough, others can be easily detected due to various sync mismatches, mainly spoofing the applicants’ voices.

    “Complaints report the use of voice spoofing, or potentially voice deepfakes, during online interviews of the potential applicants,” the US federal law enforcement agency added.

    “In these interviews, the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking. At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually.”

    Some victims who reported to the FBI that their stolen PII was used to apply for a remote job also said pre-employment background checks information was utilized with other applicants’ profiles.

    The FBI asked victims (including companies who have received deepfakes during the interview process) to report this activity via the IC3 platform and to include information that would help identify the crooks behind the attempts (e.g., IP or email addresses, phone numbers, or names).

    In March 2021, the FBI also warned in a Private Industry Notification (PIN) [PDF] that deepfakes (including high-quality generated or manipulated video, images, text, or audio) are getting more sophisticated by the day and will likely be leveraged broadly by foreign adversaries in “cyber and foreign influence operations.”

    Europol also warned in April 2022, that deepfakes could soon become a tool that cybercrime organizations will use on a regular basis in CEO fraud, to tamper with evidence, and to create non-consensual pornography.

    With thanks to the Cyber Defence Alliance and BleepingComputer. The full story is here: https://www.bleepingcomputer.com/news/security/fbi-stolen-pii-and-deepfakes-used-to-apply-for-remote-tech-jobs/

    in a situation where it’s necessary to use your cyber insurance.

    Request A Demo: Security Awareness Training

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Save My Spot!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top