Deepfake scammer attempts to infiltrate AI security firm

The Register reports that a cybersecurity executive narrowly avoided hiring a deepfake applicant for a security researcher role, highlighting a growing trend of AI-powered scams targeting companies.

Jason Rebholz, co-founder and CEO of Evoke Security, shared his experience of being targeted by a scammer using a deepfake video during a job interview. The applicant's profile picture was an anime character, and their resume was hosted on a cloud platform, raising initial red flags. Rebholz, despite his expertise in deepfakes, experienced internal conflict, questioning if he was wrongly dismissing a legitimate candidate. The scammer's video interview featured a blurry, plastic-like face, a virtual background with a greenscreen reflection, and inconsistent facial features, confirming it was a deepfake. The applicant also repeated interview questions and quoted Rebholz's own online content. 

This incident highlights the significant security risks posed by IT worker fraud, which has already cost American businesses tens of millions of dollars. Experts suggest a combination of high-tech and low-tech solutions, including trusting one's gut, mandating cameras be on during interviews, and requiring candidates to turn off virtual backgrounds. For remote positions, initial on-site work periods can add friction to the hiring process, potentially exposing fake identities. The prevalence of these scams, frequently discussed in CISO groups, necessitates a proactive approach to verification and a willingness to challenge suspicious candidates directly to mitigate risks of data theft and financial loss.

Source: The Register