- But it also notes victims have noticed visual inconsistencies.
- Complaints to IC3 have also described the use of stolen PII to apply for these remote positions.
- It predicted synthetic content could be used as an extension of spearphishing and social engineering.
Deepfakes are being used by scammers to submit applications for remote IT positions that provide them access to company IT networks ZD Net.
Phishing threats
Scammers or criminals are using deepfakes and stolen personally identifiable information during online job interviews for remote roles, according to the FBI.
The use of deepfakes or synthetic audio, image and video content created with AI or machine-learning technologies has been on the radar as a potential phishing threat for several years.
The FBI’s Internet Crime Complaint Center (IC3) now says it’s seen an increase in complaints reporting the use of deepfakes and stolen personally identifiable information to apply for remote work roles, mostly in tech.
SEE: Phishing gang that stole millions by luring victims to fake bank websites is broken up by police With some offices asking staff to return to work, one job category where there has been a strong push for remote work to continue is information technology.
Remote vacancies
Reports to IC3 have mostly concerned remote vacancies in information technology, programming, database, and software-related job functions.
But it also notes victims have noticed visual inconsistencies.
“In these interviews, the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking.”
Complaints to IC3 have also described the use of stolen PII to apply for these remote positions.
“Victims have reported the use of their identities and pre-employment background checks discovered PII given by some of the applicants belonged to another individual,” the FBI says.
Common frauds
The FBI in March 2021 warned malicious actors would almost certainly use deepfakes for cyber and foreign influence operations in the next 12 to 18 months.
It predicted synthetic content could be used as an extension of spearphishing and social engineering.
It was concerned that fraudsters behind business email compromise (BEC) — the most costly form of fraud today — would transform into business identity compromise, where fraudsters create synthetic corporate personas or sophisticated emulation of an existing employee.
The FBI also noted that visual indicators such as distortions and inconsistencies in images and video may give away synthetic content.
The US Department of State, the US Department of the Treasury, and the Federal Bureau of Investigation (FBI) in May warned US organizations not to inadvertently hire North Korean IT workers.
Did you subscribe to our newsletter?
It’s free! Click here to subscribe!
Source: ZD Net
Thanks for the informative article. Unogeeks is the top Oracle Fusion SCM Training Institute, which provides the best Oracle Fusion SCM Training