Companies hiring for an open IT position might need to do more than scrutinize how prospective employees react to the question “What is your worst quality?” If the prospective hire sneezes or coughs without moving their lips, their worst quality might be that they’re not actually real.
The FBI wrote to its Internet Crime Complaint Center Tuesday that it has received multiple complaints of people using stolen information and deepfaked video and voice to apply to remote tech jobs.
According to the FBI’s announcement, more companies have been reporting people applying to jobs using video, images, or recordings that are manipulated to look and sound like somebody else. These fakers are also using personal identifiable information from other people—stolen identities—to apply to jobs at IT, programming, database, and software firms. The report noted that many of these open positions had access to sensitive customer or employee data, as well as financial and proprietary company info, implying the imposters could have a desire to steal sensitive information as well as a bent to cash a fraudulent paycheck.
What isn’t clear is how many of these fake attempts at getting a job were successful versus how many were caught and reported. Or, in a more nefarious hypothetical, whether someone secured an offer, took a paycheck, and then got caught. These applicants were apparently using voice spoofing techniques during online interviews where lip movement did not match what’s being said during video calls, according to the announcement. Apparently, the jig was up in some of these cases when the interviewee coughed or sneezed, which wasn’t picked up by the video spoofing software.
The FBI was among several federal agencies to recently warn companies of individuals working for the North Korean government applying to remote positions in IT or other tech jobs in May. In those cases, fake workers often bid on remote contract work through sites like Upwork or Fiverr using fake documentation and references.
In cases like those described in the federal agencies’ May report, some fake operators worked through several layers of shell companies, making it much harder to discern their identity.
Though the technology has come a long way, some of the more amateur attempts at deepfakes often result in faked voices that barely match up with speakers’ mouths. Other, professionally produced video can make a much better attempt at generating a real-seeming human.
And it’s not so easy to detect a fake video as you might think, especially if you’re not looking for it. Artificial intelligence meant to detect altered video could range in accuracy from 30 to 97%, according to a recent report by researchers from Carnegie Mellon University. There are ways for humans to detect fake video, especially once they’re trained to watch for certain visual glitches such as shadows that don’t behave as they should or skin texture that doesn’t seem accurate.
Feds asked companies who suspect a fake applicant to report it to the complaint center site.