The Federal Bureau of Investigations (FBI) has released a new warning regarding the use of deepfakes by cybercriminals to apply for remote jobs.
In a public service announcement on Tuesday, the FBI Internet Crime Complaint Center (IC3) stated that it has received “an increase in complaints reporting the use of deepfakes and stolen Personally Identifiable Information (PII) to apply for a variety of remote work and work-at-home positions.”
The remote positions, the FBI added, often came from fields related to information technology and computer programming as well as database and software-related roles. Some of the positions would provide access to everything from customer PII and financial data to proprietary information.
The FBI noted not only the reported use of deepfakes, which use artificial intelligence to depict an individual as saying or doing something they didn’t actually say or do, but of voice spoofing during online interviews with some applicants.
“In these interviews, the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking,” the FBI said. “At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually.”
The AI-based methods would also often be used in conjunction with stolen PII, allowing cybercriminals to pass pre-employment background checks.
In a statement to the Daily Dot, Giorgio Patrini, founder and CEO of the deepfake detection firm Sensity, called the FBI warning a worrying development “but by no means a surprise.”
In a report released last month, Sensity showed how it was able to use deepfake technology to bypass automated liveness tests, also known as “know your customer” or KYC tests, utilized by banks and cryptocurrency exchanges to verify users’ identities.
“As highlighted in our recent report, any company relying on onboarding via remote identity verification is under serious threats of frauds by deepfakes,” Patrini said.
The FBI is urging any companies or individuals targeted by such tactics to immediately report them to the IC3.