Forget scamming grandma with fake IRS calls. According to the FBI, hackers are now stealing personal information and using deepfakes to apply for jobs remotely.
In a public service announcement posted on the Internet Crime Complaint Center earlier today, the FBI explained how cybercriminals steal Americans’ personally identifiable information (PII) and apply for outside jobs, then deepfake videos to get online job interviews.
“The remote or work-from-home jobs identified in these reports include information technology and computer programming, databases, and software-related jobs.” The FBI post said. “Some of the reported positions specifically include access to customer PII, financial data, corporate IT databases and proprietary information.”
Personally Identifiable Information, or PII, can include any information used to identify you, such as your Social Security number, your driver’s license, and even your health insurance information. Once cyber criminals have your PII, they can apply for outside jobs using your name and address, along with fake credentials.
The impressive only happens when they are asked for a remote interview. The hackers use deepfake videos to pretend to be you during an online video meeting. They can also use deepfake voice modifiers for phone interviews.
Use of deepfake technology AI and machine learning to carefully match a subject’s facial expressions to a real video. It only needs a single photo, such as from a driver’s license, and can create an impressively realistic video. Experts have been warning for a few years about the increasing prevalence of deepfakes in cybercrime, even Europol release a report about deepfakes used to impersonate powerful CEOs.
Fortunately, there are ways to spot a deepfake. Often the lip movements are not synchronized with the spoken words. Since the hackers have to use pre-recorded voices for the AI to generate a match, there may be sneezing or coughing in the audio while the face remains motionless.
The FBI said many of the fake applicants gave background checks to other people and the background results didn’t match.
The goal of the hackers appears to be to gain access to information secured behind corporate firewalls. Once they have access, they can steal hordes of information, including passwords and credit card numbers. The FBI release did not mention whether any companies are known to have been violated in this way.
The FBI is asking all victims of this new cybercrime to: file a complaint at the Internet Crime Hotline (IC3).