The Federal Bureau of Investigation (FBI)'s Internet Crime Complaint Center (IC3) issued a warning on the use of deepfakes and stolen personally identifiable information (PII) by individuals attempting to earn remote work positions.
According to the warning, jobs in the information technology (IT) field are being targeted by the fraudulent activity, as well as positions related to software and database management and computer programming.
Complaints submitted to IC3 noted tactics such as voice spoofing or potential voice deepfakes being used during online interviews with job candidates. Stolen PII was also used by some applicants to attempt to gain a remote position. Stolen PII was intercepted during the pre-employment background check stage of the job applications, according to a complaint.
The fraudulent applications may represent an effort to gain employee access to corporate networks. As the deepfakes and stolen PII tactics have been targeting roles with significant access privileges to enterprise systems, security teams should watch for insider threats within their networks. Security and HR teams can collaborate to identify fraudulent job applications and prevent an insider threat from escalating to a cyberattack.