The Remote Job Applicant You’re Interviewing Could Be a Deepfake

What is Deepfake?

Deepfake refers to using an artificial intelligence (AI) technique called deep learning to create realistic fake images, audio, or videos of people, objects, or events.

Hence the portmanteau: deepfake.

So what separates deepfakes from other AI-generated fakes? The element of human input.

According to Graphika Senior Analyst Cristina López, “You have a lot of AI assistance with [computer-generated imagery], but at the end of the day, there is a human with a human viewpoint controlling what the output is going to be.”

With deepfakes, however, no human input is required in how the computer chooses to create the images. Users only need to decide whether or not the output is what they want at the end of the process.

Read More: The Dangers of Deepfake

How Are Scammers Leveraging Deepfake Technology?

While many people use deepfakes for entertainment—like this viral TikTok account full of deepfake Tom Cruise videos—more use them for malicious purposes.

As reported by the FBI, cybercriminals are using deepfake technology to apply for remote jobs.

Focusing on IT roles that grant them unrestricted access to sensitive corporate data, malicious actors steal an applicant’s identity through online sources and social media accounts. They use the stolen identity to apply for remote positions at IT, computer programming, database, and software firms.

During the online interview with the target company, the cybercriminals then use video and audio deepfake technology to appear and sound like the applicants whose identity they stole.

And just like that, scammers can use technology in their social engineering (and reverse social engineering) campaigns against your company.

Read More: How Cybercriminals Use Reverse Social Engineering to Steal Your Medical Data

Deepfake Job Applications in 2023: How Are They Worse?

Since its first appearance in 2017, deepfake technology has been used for political satire, comedy, entertainment, online shopping, police work, and education across the globe.

However, as deepfake technology improves and becomes more accessible, organizations (and governments) worldwide worry about its abuse and misuse. Here are two ways malicious deepfakes are a more significant threat now than ever:

More Sophisticated and More Accessible Technology

From amateur attempts to sophisticated software, deepfake technology has come a long way.

Five years ago, there were less than 10,000 deepfakes detected online. Today, the number of deepfakes online is in the millions.

Five years ago, deepfakes were easier to spot—they didn’t blink normally, lip-syncing was off, and the fine details were crudely rendered. Today, deepfakes can be up to 97% accurate.

Threat intelligence company Sensity even found that 86% of the time, anti-deepfake technologies accepted deepfake videos as real.

With deepfake applications becoming increasingly sophisticated and available, cybercriminals can easily access and misuse powerful technology.

Wide Adoption of Remote Work

Before the COVID-19 pandemic sent the world into lockdown, a work-from-anywhere arrangement was the exception, not the norm.

Today, companies can perform job recruitment, interviews, and onboarding remotely. Remote work is the new standard. In fact, a survey by Green Building Elements states that more than half of all US employees hired since March 2020 have yet to meet any of their work colleagues in person.

As more companies embrace virtual communications and a global workforce, cybercriminals are coming up with creative ways to spot and exploit vulnerabilities in the hiring process. Impersonating remote job applicants to get hired and gain insider access to your network is just one of them.

Read More: The Biggest Security Threat to Your Healthcare Practice is on Your Payroll

How to Avoid Falling Victim to Deepfake Scams

With scammers using deepfake tech to apply for remote jobs, the risk is two-fold. Actual applicants are at risk of identity theft, and hiring companies are at risk of giving cybercriminals access to their corporate network.

Here are ways individuals and companies can protect themselves from deepfake scams.

Tips for Individuals and Job Applicants

1. Keep Your Personal Information Private

Deepfake technology is so powerful that it requires very little information to work. So if you’re active on social media platforms, your information is already available for deepfake software to abuse.

To reduce your chance of being an identity theft victim, you can keep your online accounts private and limit your posts' reach to people you actually know.

You can also avoid posting too many photos and videos of yourself. Setting a limit to your social media posts is an effective way to avoid all kinds of tech-savvy criminals.

Read More: How to Keep Your Business Safe from Social Media Burglary

2. Protect Your Social Media Accounts

If you don’t want scammers to steal your online identity, apply for jobs in your work industry, and damage your reputation, don’t give them any opportunity to hack your social media accounts.

Use strong passwords with at least 11 characters and a mix of letters, numbers, and symbols. If you find strong passwords challenging to create or remember, using a password manager to generate and store them is a smart idea.

Also, consider enabling multi-factor authentication (MFA) in all your accounts. If a hacker guesses your password, MFA gives your account an added layer of security that’s difficult to break through.

Read More: Finding Out If Your Email or Social Media Account Is Hacked

3. Watch Out for Scam Remote Work Tech Positions

If you’re looking for remote positions in the tech industry, make sure the email address or online account you’re sending your information to is legit. Check their website for job openings. You don’t want to submit your personal details to a fake account only for them to use it to apply for other remote job positions.

If you use LinkedIn to job-hunt, you can check the Verifications section of a job recruiter’s profile to see if they are genuinely affiliated with the company you’re applying to.

Tips for Companies That Have Job Openings

1. Conduct Thorough Pre-Employment Background Checks

In their public service announcement, the FBI stated that pre-employment background checks helped discover that personally identifiable information (PII) provided by some of the fake applicants belonged to another individual.

Conduct strict background checks so you and your team can actively verify the information every job applicant submits. Check their social media accounts for any signs of a fake identity.

2. Give Your Team Regular Cybersecurity Awareness Training

Human error is the weakest link in the cyber chain. According to the 2022 Data Breach Investigations Report, 82% of breaches involved the human element.

Keep your organization safe from sophisticated scams and cyber attacks by implementing regular cybersecurity awareness training among your employees, including your recruitment and HR staff. With practical training, you can equip your team with the knowledge to spot, respond to, and avoid fake job applicants.

Read More: The Ultimate Secret to Keeping Your Data Safe

3. Take a Good Look at the Screen

Deepfaked videos can be tricky to spot, but visual indicators such as distortions, warping, and inconsistencies can be very helpful.

During remote job interviews, check for inconsistencies in the movement of the person’s head and torso. See if their face and lip movements are consistent with the audio.

“In these interviews [with the fake applicants], the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking,” stated the FBI. “At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually.”

Protect Yourself from the Dangers of Deepfake with ER Tech Pros

Deepfake technology is advancing alarmingly fast, and it’s getting harder for humans to catch up. Dealing with cyber threats like deepfaked job applications is a highly technical task you may not be able to handle yourself.

This is a job for solid cybersecurity solutions and a reputable IT partner.

Whether you’re looking for a deepfake detection software, password manager, MFA tool, cybersecurity awareness training, or a fully managed IT and cybersecurity solutions provider, ER Tech Pros is here to give your business the maximum protection and round-the-clock support you deserve.