In a new post (opens in new tab) on its Internet Crime Complaint Center, the U.S. law enforcement agency warned that there has been an increase of complaints regarding the use of deepfakes and stolen personally identifiable information (PII) to apply for a wide variety of remote and work from home positions. As Gizmodo (opens in new tab) points out, these impostors are using deepfaked videos during job interviews to pretend to be someone they’re not while concealing their own identities. While deepfakes have typically been created using photos and videos of celebrities, as the technology has improved, it has become easier to impersonate ordinary people. At the same time, these fake job applicants are also using voice spoofing to sound more like the people they’re impersonating.
A means to access sensitive customer and company data
Besides collecting a fraudulent paycheck, these impostors are applying for open positions at IT, programming, database and software firms for a more notorious reason: to steal their data. According to the FBI’s report, many of these positions entail having access to sensitive customer and company data as well as to financial information. By securing a position at one of these companies, a cybercriminal could establish a foothold within an organization to launch attacks against the company itself or to attack its partners and vendors. This makes sense as after onboarding, new employees gain access to company systems and software which is much easier than trying to find unpatched vulnerabilities or other software flaws to exploit. Likewise, they could potentially remain in one of these positions for a lengthy period of time as long as their new employer doesn’t frequently make use of the best video chat apps for remote meetings.
Unexpected coughs and sneezes are hard to spoof
Fortunately, faking an online job interview isn’t as easy as it seems as even the best deepfake software out there can’t handle unexpected interruptions. As the FBI notes in its report, several deepfaked job interviews were unsuccessful due to coughing, sneezing and other auditory actions that did not align with the interviewee’s video feed. After noticing these discrepancies, the interviews were cut short due to the deceptive practices being used by the job applicants. While video spoofing software may be able to fake someone’s appearance and even their voice, it just isn’t sophisticated enough to compensate for unexpected interruptions like a cough or sneeze.
What to look out for when conducting remote interviews
Although holding in-person interviews is still the ideal way to get a feel for a candidate before hiring them, this often isn’t possible, especially with remote positions. One easy way to spot deepfakes in remote interviews is by having an applicant attend multiple meetings. This way you have more chances to notice if something is off about their video feed and there’s a higher chance that they may cough or sneeze which would throw off their deepfake software. Likewise, you should pay close attention to the movement of their lips and other actions while listening to them speak as “the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking” according to the FBI. Currently deepfaked job interviews are a rarity but as the software to create them improves, they could become more common. If this does happen, expect Zoom and other video conferencing companies to begin implementing deepfake recognition software on their platforms.