FBI warns of deepfake fraudsters applying for remote employment


The FBI has issued a warning for all tech companies to keep a lookout for fraudster applicants who use stolen information to secure remote employment. FBI has warned the companies that the candidate for any report software coding position may not actually exist.

The FBI Internet Crime Complaint Center (IC3) has warned of an increase in complaints reporting the use of deepfakes and stolen Personally Identifiable Information (PII) to apply for a variety of remote work and work-at-home positions. Deepfakes include a video, an image, or a recording convincingly altered and manipulated to misrepresent someone as doing or saying something that was not actually done or said, through a press note, June 28.

The FBI has said that the remote work or work-from-home positions identified in these reports include information technology and computer programming, database, and software-related job functions. Some of the reported positions include access to customer PII, financial data, corporate IT databases and proprietary information.

Fraudsters are using a combination of stolen PII and advanced imaging technology to dupe tech companies to a work-from-home job. According to FBI, the fraudsters aim to gain insider access to information like a customer and financial data, corporate databases, and proprietary information.

FBI says, “Complaints report the use of voice spoofing, or potentially voice deepfakes, during online interviews of the potential applicants. In these interviews, the actions and lip movements of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking. At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually.”

Complaints that have been lodged with IC3 also prove that the fraudsters have used stolen PII to apply for these remote positions. Victims have reported to the FBI that the fraudsters had used their identities and pre-employment background checks and PIIs given by some of the fake applicants belonged to another individual.

The FBI has urged companies or victims who identify this type of activity to report it to the IC3 (www.ic3.gov) along with available information like IP or email addresses, phone numbers, or names provided in job applications.

The Bank Info Security says combining stolen personally identifiable information with deepfakes is a new threat tactic, while quoting Andrew Patel, senior researcher at the Artificial Intelligence Center of Excellence at cybersecurity firm WithSecure.

Patel warns, “Don’t count on deepfakes always being easy to catch. As they mature, deepfake technologies will eventually be much more difficult to spot. Ultimately, what we’re seeing here is identity theft being taken to a whole new level.”