As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories— Bala Kumar of Jumio examines how hackers in disguise use deepfakes to scam businesses, and what you can do to protect yourself.
Since the pandemic first introduced the idea of remote work, there’s been a constant stream of news surrounding data breaches, ransomware attacks, and other malicious cyber incidents. From the JBS to the Colonial Pipeline attacks, many enterprises believe they have seen it all. But now there’s a new type of threat on the rise– fraudsters posing as remote workers to gain employee-level access to corporate systems. Some companies have already fallen victim to these attacks, underscoring just how creative today’s generation of fraudsters has become.
This article will dive into the attack vectors of remote work scammers and how companies can identify them before they unintentionally hire and pay them to be destructive.
The ‘Hackers in Disguise’ Epidemic
The Department of the Treasury, State Department, and FBI recently released a warning about North Korean IT workers posing as freelance contractors in order to collect revenue for their country. Thousands of fraudsters have already taken on contracts, with the ability to each generate more than $300,000 in scams. There were also similar incidents reported just weeks ago, when the FBI issued a public service announcement warning companies to watch out for hackers using voice and video deepfakes and stolen personal data to apply for remote work positions. Some of these roles granted access to financial data, customer personally identifiable information (PII), corporate IT databases, and more.
With access to a myriad of sensitive data, hackers can access corporate bank accounts and steal funds, leak customer and employee information to the dark web, launder money to illegally fund weapon programs, and conduct countless other types of state-sponsored fraud. Aside from the immense financial damage from fraudsters, data privacy regulations place an additional burden on enterprises through stricter standards on how organizations handle consumer data. Companies that are hit with a data breach or leak can be heavily penalized and lose their brand reputation, not to mention face severe governmental or legal consequences for violating government sanctions or enabling bad actors on the world stage. As organizations interact with these sophisticated hackers, their stakes are higher than ever.
Companies are Facing a New Level of Sophistication
The cost of cyber-crime is expected to reach $10.5 trillion by 2025, demonstrating both the ability and ambition of this new generation of fraudsters. Today’s hackers possess the expertise and sophistication to bypass many of the most sophisticated cybersecurity technologies, including facial recognition. As witnessed with the remote-work hackers, they can leverage consumer PII to identify what an individual looks like and create highly realistic deepfakes of them to deceive someone through a screen. Deepfakes, or synthetic media often used for malicious purposes, are images and videos of people that are digitally altered utilizing the power of artificial intelligence (AI). Deepfakes can be dangerous because, while many are clearly fake, others can be challenging to detect with the human eye. Compelling, realistic deepfake videos can dupe even some liveness detection systems. As hackers become smarter and more sophisticated, deepfakes, among other deceiving technologies and the AI creating them, are only getting stronger. It’s crucial that enterprises evolve their cybersecurity precautions to adapt to these new, emerging threats.
Combating Hackers in Disguise Requires Modern Tools
As enterprises continue their operations in virtual or hybrid environments, they must know without a doubt that the employees and contractors they are interviewing and hiring are legitimate. They need robust security methods to identify synthetic media and deepfakes, among other sophisticated techniques hackers may use to enter corporate systems. For instance, organizations can adopt selfie identity verification technology, which compares a real-time selfie to a government-issued ID using biometric authentication to scan a person’s unique human traits. This method is far safer and more secure than other cybersecurity tools, such as multi-factor authentication (MFA) and credential-based authentication. It guarantees employees working within the system are truly who they claim to be. This measure can be integrated into the employee onboarding process to confirm their true identity, but it should also be used at every subsequent employee login to ensure a hacker isn’t posing as a current employee.
Preparing for the New Generation of Hackers
Doing business with hackers, even unknowingly, can be incredibly dangerous for a company and its employees, customers, and partners. Enterprises must be well-equipped with the right tools and procedures to ensure their employees are correctly identified and aren’t scammers in disguise. In today’s digital-first world, it’s imperative that organizations know and trust everyone they are doing business with to avoid becoming another cybersecurity statistic.
- Deepfakes: How Businesses Can Defend Against Scammers - October 19, 2022