A recent case of faked identity has put a new twist on threats companies face from deepfake technology. A tech company with robust pre-employment screening methods hired a person that turned out to be a North Korean national with ambitions to appropriate company data. Luckily, the company also has robust network security practices and the employee’s plot was thwarted. The lesson remains: it’s time to re-examine identity verification procedures when hiring new employees.
HR departments may have to move fast during the hiring process, which often is a completely virtual experience. This typical scenario opens the door for AI-assisted identity masking. That’s why it’s important for the HR team to meet candidates in-person rather virtually. This may not always be possible since the workforce can now be remote from all parts of the world but it is an old standard that is worth reprising.
Standard pre-employment background checks rely on candidate-provided credentials. A bad actor may have all the information traditionally entered on applications: address history, date of birth, social security number, and even employment and education history (probably lifted from a legitimate public LinkedIn profile). However, the bad actor may not have access to individuals who can serve as professional references.
A strategy HR teams can use to mitigate the risk of faked identities is to verify professional references. The best type of reference would be individuals from the applicant’s previous employers. A legitimate candidate should be able to provide at least two references with corporate email addresses and phone numbers that correspond to the past company. Personal email addresses or cell numbers for professional references are not sufficient. In most instances, the actual candidate will reach out to their former colleagues or supervisors and ask if they can be a reference for a new employment opportunity. This is not fool proof, but it is an extra step that can uncover fraudsters. The caveat is checking professional references is a time-consuming human endeavor and many companies have eliminated it from the hiring process. In the age of deepfake, it’s time to bring the practice back.
Since last year, Reuters, the FBI and other sources have reported on and issued warnings about North Korean software engineers using fake names and images, counterfeit ID documents, and phony LinkedIn profiles when applying for jobs at U.S. companies. And the pool of bad actors using stolen identities procured from the Dark Web coupled with deepfake technologies is proliferating at record speed.
This recent case serves as a reminder that AI-enabled fraud takes many shapes and standard HR practices for identity screening and verification may be a vulnerability.
Want to learn more? Contact Us.