The FBI had announced that cybercriminals are using deepfake technology and stolen data to apply for remote work positions in order to compromise unsuspecting employers.
The FBI’s cyber division had issued a public service announcement warning on Tuesday that it had recorded an increase in complaints regarding deepfake job applicants using stolen data to apply for a variety of positions.
“The FBI Internet Crime Complaint Center (IC3) warns of an increase in complaints reporting the use of deepfakes and stolen Personally Identifiable Information (PII) to apply for a variety of remote work and work-at-home positions,” said the Bureau in its memo.
The visual content is allegedly “convincingly altered and manipulated to misrepresent someone as doing or saying something that was not actually done or said.”
The cybercriminals have mainly applied to positions in information technology and computer programming, database, and software.
Some positions even included access to customers’ personally identifiable information (PII), financial data, corporate IT databases, and proprietary information. This means the threat actors sought to extract data, hack the targeted company, and hold their data for ransom.
Reports received by the IC3 also mentioned voice spoofing, or potential voice deepfakes. However, according to the Bureau, these recordings were not convincing whatsoever.
“In these interviews, the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking,” the FBI said. “At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually.”
Complaints also included the cybercriminals using stolen PII. Victims said that their identities were used without their knowledge and background checks found that some applicants used other people’s PII to increase their chances of getting a job.
People who have fallen victim to this type of activity are instructed by the FBI to report it to the IC3 at www.ic3.gov.