Company releases white paper warning employers to beef up security in hiring after deepfake scam
Employers are being warned to beef up the security of their recruitment processes to avoid becoming victims of fake employee hiring schemes.
The call came after KnowBe4 experienced and mitigated early this year an infiltration attempt by a fake IT worker from North Korea into the organisation.
Stu Sjouwerman, CEO of KnowBe4, advised employers to educate all employees involved in the hiring process to prevent similar instances in their organisations.
"[Organisations should] consider various mitigation tactics such as updating the organisation's hiring process to include asking the candidate to submit fingerprints for identity verification purposes, threat model the organisation's hiring process, and more," he said in a statement.
White paper on hiring scheme released
KnowBe4 has also released a white paper providing advice on how organisations can protect themselves from the hiring scam.
The white paper contains information on what the North Korean fake industry is like, signs to look out for, as well as the ways organisations can update their hiring process to prevent recruiting fake employees.
“Fake remote employees and contractors are now something everyone needs to worry about. Every organization should be updating its hiring policies, processes, and education to reflect this new reality.”
There are common signs of this fake employee hiring scheme both during and after the hiring process, Sjouwerman said.
"We were inspired to share our experience with this unfortunate situation to bring awareness to how pervasive this situation is and to use it as a warning to help protect other organisations from falling victim."
In July, KnowBe4 prevented a North Korean individual from successfully infiltrating the organisation after the person tried posing as an IT job candidate.
Sjouwerman shared that the individual showed a "high level of sophistication in creating a believable cover identity" and was able to exploit the weaknesses of their hiring and background check processes.
The fake employee's laptop was later shut down within 25 minutes of the first security alert, with KnowBe4 saying no illegal access was gained and no data was lost or compromised.