The FBI now warns that some malicious actors are using deepfakes to trick their way through tech job interviews, fooling interviewers into getting high-paid remote roles.
Even worse, the scammers are using deepfakes based on the credentials they steal from actual people.
“Complaints report the use of voice spoofing, or potentially voice deepfakes, during online interviews of the potential applicants. In these interviews, the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking. At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually,” says the FBI.
Generally, the scam starts with a regular citizen having their information leaked in a hack or security mishap.
Once scammers get their email address and name, they can check their social media accounts to steal pictures as well.
Then, they use those pictures to generate convincing deepfakes and start applying to jobs, in the hopes of fooling hiring managers who are rushing to meet quotas.
Since some scammers don’t live in the US, landing a well-paid remote job is worth the effort. The FBI explains that, while this is a reason for running deepfake scams, some go even further.
Some scammers are trying to steal sensitive company data to sell on the black market, and are going for “… some reported positions include access to customer PII, financial data, corporate IT databases and/or proprietary information,” as the FBI says.
Fortunately, the scammers’ techniques are not yet very refined and the videos are of low enough quality to raise red flags to attentive hiring managers and recruiters. In the future though, when deepfake technology will become indistinguishable from actual footage of human beings, things might get a little messy.
As for what a person can do to avoid having their information stolen, security best practices apply:
1. Use strong, unique passwords and 2FA authentication for any service you sign up for to minimize the risk of your data getting leaked.
2. Be careful how much info and images you share on your social media accounts and, if possible, make sure you only share them with a limited number of close friends and acquaintances.