Remote hiring has become increasingly common in the digital, post-pandemic age. This brings many efficiencies but it also presents some challenges, one being the difficulty in verifying the identities of new workers.
With many organisations now conducting virtual interviews as a standard part of the recruitment process, this challenge is set to become even more widespread. To offer a datapoint: it was recently reported that 69% of employers are now incorporating video interviews into their hiring process compared with pre-pandemic levels when just 22% of employers conducted virtual interviews.
This surge in remote hiring reflects the evolving nature of today’s workforce. It now comprises many different groups including permanent, temporary, freelance, contract, and even voluntary workers with a significant majority being remote or hybrid. Furthermore, technology makes it easy. As a consequence, we’re seeing more employers using video interviews and virtual means to perform identity checks. And while adopting this approach can greatly speed up the onboarding process it also means that organisations could be leaving themselves more vulnerable to the threat of identity fraud including the use of deepfakes.
A prime example of this and a stark wake-up call for organisations worldwide is the recent case of a North Korean hacker who infiltrated a U.S. cybersecurity firm using deepfake technology and a stolen identity. The incident is clear evidence of the alarming vulnerability of hiring processes in the age of remote work and sophisticated AI-generated synthetic media.
KnowBe4, a company specialising in security awareness training, disclosed it had been the victim of this elaborate scheme, demonstrating that even organisations with robust security protocols can be deceived. The perpetrator, using a stolen U.S. identity and an AI-enhanced photograph, successfully navigated the company’s hiring process, including video interviews and background checks. The deception was only uncovered after the individual began deploying malware on company devices. The number of other organisations who fell victim to this kind of attack, but have not disclosed it, is unknown.
The rise of deepfakes poses a serious and immediate threat to workforce identity verification processes that would not have been considered vulnerable until now. Consequently, there is an urgent need for organisations to adopt advanced identity verification measures based on strong biometric liveness assurance, especially for remote workforce onboarding. As deepfake technology becomes increasingly sophisticated and accessible, the threat of identity fraud in the workplace is no longer a futuristic concern, but a very present reality.
Beyond the Headlines: Deepfakes in Everyday Life
While the KnowBe4 incident highlights the dangers of deepfakes in the workplace, the threat extends far beyond the professional sphere. Deepfakes are being weaponised across many domains including:
- Social Media: AI-generated influencers and digital avatars blur the lines between real and synthetic personas, raising ethical concerns about authenticity and transparency.
- Politics: Deepfakes are used to manipulate public opinion and spread disinformation, with potential consequences for election integrity and global democracy.
- Dating Apps: Deepfakes are used to create fake profiles and perpetrate romance scams, making it harder for users to distinguish between genuine connections and malicious actors.
- Financial Scams: Deepfake videos of prominent figures are used to promote fraudulent cryptocurrency schemes, exploiting trust and manipulating investors.
These examples demonstrate the pervasive nature of criminalised deepfake technology and its potential to cause significant harm across various aspects of life by subverting our faith in the evidence of our own eyes. By understanding the broader implications of deepfakes, we can better appreciate the urgency of addressing this threat in the workplace.
The Limitations of Traditional Verification Methods
Traditional hiring processes, including video interviews and background checks, are proving inadequate in the face of sophisticated deepfake technology. Put simply it’s completely moved the goalposts. As the recent iProov study has shown, attackers can utilise real-time deepfakes to seamlessly integrate synthetic video into video conferencing calls, making it virtually impossible for human observers to detect the deception.
Research has consistently shown that humans are remarkably poor at distinguishing real faces from deepfakes. However, another iProov study found that nearly half of Americans (47%) say they would have no problem spotting a deepfake image over a real user image. This is alarming because today’s deepfakes are virtually indistinguishable from reality without specialised detection tools. This leaves individuals and organisations highly susceptible to identity theft, fraud, and sophisticated social engineering attacks. Relying on human judgment alone is no longer a viable solution.
Deploying A Biometric Shield Against Deepfake Fraud
The simplest and most secure way for organisations to ensure the authenticity of individuals during the hiring process is to adopt science-based facial biometrics with liveness detection. This technology ensures that the person is not only who they claim to be but also that they are a real person authenticating in real-time. This three-pronged approach – right person, real person, authenticating now – is crucial in combating sophisticated identity fraud.
A Call to Action: Secure Your Workforce Today
The threat of deepfake-enabled identity fraud is real and the hiring process is particularly vulnerable. Organisations must act now to implement robust identity verification processes that can effectively combat this evolving threat and reduce the risk of hiring fraud and protect against potentially catastrophic security breaches.
As deepfake technology continues to advance, so too must your defenses. The technology solutions you deploy must ensure you remain ahead of the emerging threats and that your organisation has the necessary protection to defend against the ever-changing identity fraud landscape. The time to act is now. Don’t wait for a deepfake to infiltrate your workforce.
