Forget scamming grandma with fake IRS calls. According to the FBI, hackers are now stealing personal information and using deepfakes to apply for remote jobs.
As spotted by Bleeping Computer, the warning was posted as a public service announcement on the Internet Crime Complaint Center, where the FBI explained how cybercriminals are stealing Americans’ personal identifiable information (PII) and applying for remote jobs, and then using deepfake videos to pass online job interviews.
“The remote work or work-from-home positions identified in these reports include information technology and computer programming, database, and software-related job positions.” The FBI post said. “Notably, some reported positions include access to customer PII, financial data, corporate IT databases and proprietary information.”
Personal identifiable information, or PII, can include any information used to identify you, such as your social security number, your driver’s license, and even your health insurance information. Once cybercriminals have your PII, they can apply for remote jobs using your name and address along with fake qualifications.
The impressive part happens once they’ve been asked for a remote interview. The hackers will use deepfake videos to pretend they are you during an online video meeting. They may also use deepfake voice modifiers for telephone interviews.
Deepfake technology uses AI and machine learning to carefully match a subject’s facial expressions to an actual video. It only needs a single still photo, such as from a driver’s license, and can recreate an impressively realistic video. Experts have been warning of the increasing prevalence of deepfakes in cybercrime for a few years, with Europol even releasing a report about deepfakes being used to impersonate powerful CEOs.
Thankfully, there are ways to spot a deepfake. Often the lip movements don’t sync with the words being spoken. Because the hackers need to use pre-recorded voices for the AI to generate a match, there can be sneezing or coughing in the audio while the face remains unmoved.
The FBI said many of the fake applicants provided background checks to other people, and the background results did not match up.
The hackers’ goal seems to be to gain access to information secured behind corporate firewalls. Once they have access, they can steal hordes of information including passwords and credit card numbers. The FBI release did not state if any companies are known to have been breached in this way.
The FBI is asking all victims of this new cybercrime to lodge a complaint with the Internet Crime Complaint Center (IC3).