Get ready for the latest social engineering attack, deepfake job interviews. Last week the Internet Crime Complaint Center (IC3) of the FBI published an alert on deepfake job interviews.
What is a deepfake
Deepfakes are a newer technology that allows someone to create a video with almost identical likeness and facial and body expressions of other people. They look almost identical to the real person. According to The Guardian, “The 21st century’s answer to Photoshopping, deepfakes use a form of artificial intelligence called deep learning to make images of fake events” Deepfakes can also be made into photographs.
New social engineering attack
This is a new social engineering attack and something your small business may not be ready for. A cybercriminal will have access to personally identifiable information and apply for a work from home job. When online for the interview the cybercriminal uses a deepfake live video as their image in the video conference. The cybercriminal is hoping to win the job, thus granting access to the small business’s confidential data.
What to look for
When performing remote interviews it is important to try and verify who you are speaking with. When posting a work from home job, consider having a headshot be required for the position, along with a phone screening prior to a video interview. Once at the video interview watch for things like lip or body movement not aligning with the audio. Consider having someone on the hiring team to look specifically for deepfakes. Misaligned audio becomes more obvious when someone coughs or sneezes.
Cybercriminals are always looking for new ways to exploit organizations and gain access to confidential business data. This is certainly one of the more creative attacks they are using.
For more information on social engineering attacks and other small business cybersecurity resources, check out Small Business, Big Threat!