By Sam Ancer
Hackers in the Hiring Process
In June this year the Federal Bureau of Investigation released a report on how hackers were using remote work opportunities to access sensitive data within tech companies.
How do Hackers Hijack Hiring?
The FBI reports that hackers steal the Personal Identifiable Information (PII) of credentialed developers in order to apply for remote working jobs.
Once they are in the hiring process, hackers will then use deepfake technology, as well as voice changing software, to impersonate the person who’s PII they’ve stolen.
Deepfake technology refers to digitally replacing your face with someone else’s, usually this is done with AI technology, and can be done with just a single clear image.
You might think you’ll be able to figure out if someone is using a deepfake during a job interview but recent research suggests that people are worse at detecting deepfakes than they think they are.
Technology is getting better at detecting deepfakes, however, they tend to be behind the curve and playing catch-up, so, unless your candidate is properly vetted, you can never be too sure about who you are hiring remotely.
What do the Hackers Want?
Hackers specifically target organisations that hold a lot of sensitive data that they can then sell on the dark web. Specifically they are looking for credit card details, social security or identity document numbers.
This is of course incredibly worrying for any large organisation that is hiring remotely, because now there are extra concerns in the hiring process beyond just the regular expenses and double checking references.
But wait, things get worse!
State Sponsored Hackers
The North Korean government has been using the tech space as a way to get around sanctions for the past few years.
North Korean hackers have been applying for remote work pretending to come from China and other East Asian nations to get around sanctions.
Reports suggest that around 90% of the earnings these hackers make go to fund the nuclear weapons program of the People’s Republic of North Korea.
The North Korean government has specifically been targeting cryptocurrencies as this allows them to secure funding without having to deal with sanctions.
This year more than $2 billion has been stolen from cryptocurrency companies.
The United States government just released a $10 million bounty on North Korean hackers, due to the amount of damage the state sponsored hacking groups have done.
If you’re on the job market you’re also not safe!
Axie Infinity loses $540 million
In April this year the NFT based game Axie Infinity had $540 million stolen from them by hackers. It turns out that they were breached from an elaborate phishing campaign that targeted one of their senior engineers on LinkedIn.
The individual had been given a job offer, and when they clicked on the pdf attachment, they downloaded malware which was able to breach their systems.
Costing the company you currently work for 540 million dollars while looking for a new job makes it pretty tough to find new work.
How Do Recruiters Protect You From Hackers?
Well recruitment companies are able to protect both candidates and companies from hackers in a few ways.
- Firstly, if you are working with a recruitment company like us, you know that we have vetted every candidate you see, so there’s no risk of accidentally hiring a hacker through us.
- We also provide background checks and criminal checks to ensure that the candidates you receive from us are definitely real.
- If you are a candidate, you will know that all the companies we work for are 100% legitimate, and so you don’t have to worry about phishing campaigns targeting the company you work for.
- All hackers need to compromise your systems is for one person, in one part of your critical systems, to make a single, half-second mistake.
- Hackers know that the hiring process engages with unknown entities and take advantage of this lowering of your guard during this time.
- Instead of putting yourself at risk, rather work with recruitment companies like us who are able to ensure that every candidate you get, and every opportunity that comes your way, is completely safe.
- Remote work has become an increasingly crucial element of the job market, and so it’s unlikely that we will be able to avoid candidates wanting to work remotely, so instead of limiting your potential talent pool to avoid risk, make sure you’re getting the best real candidates by working with an established, trustworthy recruitment firm.
Security breaches can cost a company $800 000 on average, which makes it a massive risk to operate independently when recruitment firms can mitigate some of that risk for you.
