Deepfake: A Real Threat to Employers

As conducting business remotely became necessary with government and business office closures during  the 2020 pandemic, videoconferencing platforms like Zoom, Microsoft Teams, WebEx, and Skype became essential tools. Over the past few years, these convenient technologies have become standard protocol for business meetings. HR departments, for example, use web-based meeting services to conduct virtual candidate interviews as a workaround to the traditional in-person interview.

The ability to screen and interview a job applicant from anywhere there is an internet connection is convenient. But, as with any new technology or system, the law of unintended consequences can arise.  Enter the “deepfake.”

Deepfakes are the latest weapon of criminals looking to commit fraud, corporate espionage, and computer-based crimes. Using stolen personal identifiable information (PII) and artificial intelligence that manipulates imagery, video, and audio, these fraudsters pose as job applicants and “interview” with employers via remote video conferencing. Deepfakes have been reported to be so convincing that HR departments have hired the fraudulent candidates, thereby granting the offender access to privileged information such as financial data, proprietary information, trade secrets, customer PII, and corporate IT databases.

Deepfakes are another example of exploitation through social engineering. Rather than trying to hack a system’s detection, encryption, and firewall protections, the deepfake targets the weakest part of any network: the human element. By fooling HR department representatives into offering them a position with the company and giving them access credentials, the criminal essentially receives the “keys to the castle.”

A recent public service announcement from the Federal Bureau of Investigation’s Internet Crime Complaint Center (FBI IC3) reported an alarming increase in the use of deepfakes for the purpose of being fraudulently hired for remote work or work-from-home positions. In particular, the FBI has received numerous reports from employers of the use of voice spoofing, or voice deepfakes, during online interviews of the offender applicants. In these interviews, the actions and lip movement of the person being interviewed on camera does not completely synchronize with the audio of the person speaking. At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually.

Awareness of the tactic by HR professionals and heightened vigilance during the online interview process are the best countermeasures to deepfake attempts. Paying close attention to details such as unnatural or unchanging lighting on skin or eyeglasses can tip off an interviewer that something is wrong. Watching lip movements closely is also a tell-tale sign; if the interviewee looks as though they are poorly lip-synching, there is a good chance they are using deepfake technology.

Aware of the threat deepfakes pose to the use of their technology, the tech industry is developing countermeasures. For example, Microsoft has implemented a software solution that can detect deepfake artificial intelligence and programming. Some have launched internet forums that raise awareness and education of the deepfake tactic. Technology companies that have not yet rolled out solutions are reportedly engineering their products to counter the deepfake.

But even if you cannot tell it is a deepfake at the “interview,” TruView’s background screening capabilities includes robust and effective identity verification technologies—including consent-based Social Security number verification, biometric identity verification, and knowledge-based identity verification—that provide a critical layer of protection to your hiring process. (See sidebar.) As a responsive partner, TruView is continuously evolving new technologies and customized solutions that address emerging issues and increase the security and effectiveness of your background screening program.