The U.S.’s Federal Bureau of Investigation has warned that cybercriminals are using deepfakes and stolen information to apply for home-based jobs, which they can use to gain access to and exploit sensitive data.
In a public service announcement, the FBI wrote that its Internet Crime Complaint Center (IC3) had received “an increase in complaints reporting the use of deepfakes and stolen Personally Identifiable Information (PII) to apply for a variety of remote work and work-at-home positions.”
It defined deepfakes as “a video, an image, or recording convincingly altered and manipulated to misrepresent someone as doing or saying something that was not actually done or said.”
Criminals were trying to find employment in information technology and computer programming, database, and software related job functions, said the FBI, some of which include access to customer PII, financial data, corporate IT databases and/or proprietary information.
Complainants cited the use of voice spoofing, or potential voice deepfakes, during online interviews of purported job applicants. Tell-tale signs during interviews included the actions and lip movement of the person being interviewed on-camera not fully coordinating with the audio of the person speaking, and coughing, sneezing, or other auditory actions diverging from what is seen.
Stolen PII is also being used to apply for remote positions, said the Bureau. “Victims have reported the use of their identities and pre-employment background checks discovered PII given by some of the applicants belonged to another individual,” it added.
The FBI urged anyone who encountered such activity to report it to the IC3, www.ic3.gov, with any available details such as IP or email addresses, phone numbers, or names provided.