The FBI Internet Crime Complaint Center (IC3) warns of an increase in complaints reporting the use of deep fakes and stolen Personally Identifiable Information (PII) to apply for a variety of remote work and work-at-home positions. The fake job candidates don’t stop there—sometimes, they get hired. The end game? To gain access to, steal, or corrupt data and systems.
“Complaints report the use of voice spoofing, or potentially voice deep fakes, during online interviews of the potential applicants,” the FBI states. But video and imaging AI can be used, too.
Which positions are hit hardest? Think of jobs that have high data access. “The remote work or work-from-home positions identified in these reports include information technology and computer programming, database, and software-related job functions. Notably, some reported positions include access to customer PII, financial data, corporate IT databases and/or proprietary information,” the report includes. These fake job candidates may also be able to gain access to data and systems, release ransomware, and obtain the credit card information or Social Security numbers of customers or employees.
The perpetrators may even be involved in espionage. No kidding.
“Some imposter candidates actually work for the North Korean government,” explains Protocol’s Mike Elgan, referencing a statement by the FBI and the U.S. State and Treasury Departments. “Because of U.S. sanctions, North Koreans are ineligible for jobs at American companies. (Companies that employ North Koreans can be fined roughly $330,000 per violation.) So the North Korean government lets people apply and work as imposters in exchange for taking most of their salaries, or North Korean spies get jobs under false identities in order to steal secrets. Some North Koreans used their real identities, but claimed they were outside North Korea.”
Imagine this scenario: You’re interviewing someone for a remote IT position. They look great on paper, and they say all the right things in their video interviews, even though the connection is a bit laggy and weird. You run a background check on them as part of the onboarding process, and everything checks out. They’re hired! What you don’t know is that the person you thought you hired has no idea because THEY didn’t participate in the interview OR show up on day one. Their PII was stolen, and their image and voice were “borrowed” from videos they’ve posted online.
The good news, says the FBI, is that technology to create deepfake job candidates is still flawed.
“In these interviews, the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking. At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually,” the FBI states. MIT Media Lab has a checklist of video elements to observe closely, including skin texture, shadows and whether or not glasses have a glare.
But as you know, AI is advancing rapidly. So, relying on “tells” via flawed technology is dangerous. Other advice includes having candidates show you their IDs or having them stand up and turn around…but these recommendations are troublesome and can lead to claims of discrimination (plus they’re awkward, quite honestly).
Our best advice? Meet in person at some point in the hiring process.
“Nothing beats an in-person interview for several reasons. Of course, it’s a great way to catch fake job candidates, but it’s also a great way to pick up on non-verbal cues from legitimate candidates, too,” says Stephanie Grubbs, The HT Group Regional Managing Director for Staffing and Professional Services. “If you’re not in the same area or same country, consider flying them in or working with a recruiting firm in that area that can meet with the job candidate in person. This is particularly important for roles that require a security clearance or have access to other sensitive information.”
For more ideas on dodging fake job candidates, including deep fakes, feel free to contact our recruiters.