TechnologyDo you use LinkedIn? Watch out! This...

Do you use LinkedIn? Watch out! This is how cybercriminals could be stealing your data

-

- Advertisement -

Job search through platforms such as LinkedIn o InfoJobs is increasingly widespread among companies that, thanks to them, can alert a greater number of users about a new vacancy, as well as group the applications in a simple and orderly way.

Because users share personal data on these services, such as name, email, what company they work for, or their profile pictures, cybercriminals have found in these platforms the perfect target to perpetrate their attacks.

- Advertisement -

These are aimed both at companies seeking to fill their available jobs, through techniques such as deepfake, and at the workers themselves, who end up being victims of phishing by presumably legitimate business accounts.

One of the most recent cases is that of the group of cybercriminals known as Lazarus, attributed to the main intelligence agency in North Korea, which uses this type of social network to generate initial contact with its victims.

- Advertisement -

Their modus operandi when collecting data is consistent with that carried out by other groups of hackers with the aim of mislead job seekers through job search platforms.

LOOK: Gmail: can others read your emails? They detect malware that accesses your account without a password

First of all, these cybercriminals carry out a study on the target profile to find out, among other factors, their interests, the environments in which they move, their contacts or the company they work for, among other details.

The attackers then carry out a tailored approach, that is, they personalize the first contact with their victims according to their interests in order to gain their trust.

Once they have achieved take advantage of this contact with job applicants to send malware or harmful code to their victims. These phishing attacks can include files or links intended to take over all or part of your devices.

Deployment of this malware and remote access tools (RATs) are two of the most common methods used by cybercriminals to spy on and monitor infected computers.

In this way, they can not only access, steal and share their victims’ data, but also have access to passwords and credentials for other services, such as bank accounts or digital wallets.

SEE ALSO: Delete them now! Alert of new Android apps that could use your bank details

DEEPFAKE TECHNOLOGY AT THE SERVICE OF REMOTE WORK

This is not the only strategy used by cybercriminals in the workplace, as In recent years, technologies for deepfakewhich allow you to modify the appearance or voice of people in images or videos.

This is possible thanks to technologies based on Artificial Intelligence (AI), through which scammers can make it appear that certain individuals have done or said things that are untrue and create videos with images of the candidates to make them look like real people.

The rise of deepfake is mainly due to the implementation of new remote work environments, a decision made by most companies worldwide after the start of the pandemic.

In this context, Some organizations were forced to opt for a new virtual format for recruiting candidates. In this way, they had to conduct job interviews by video calls, in order to protect the health of their employees.

In this way, imposters use videos, images, recordings and stolen identities of legitimate users and pose as other people to obtain a remote job position.

LOOK: Cyberattacks for less than $10: what is the world of malware as a service like?

Once hired and within the organizational chart of a company, they have access to the company’s passwords and credentials, as well as personal documents that they can use for their own benefit, such as to perpetrate blackmail or obtain some other type of economic gain.

In this sense, the cybersecurity company can differentiate two types of attacks with deepfakes: deepface (which are carried out through images and videos) and deepvoice (through recorded audio and voices).

Both methods are based on so-called deep learning, a specific field of AI that is based on the functioning of the human neurological system, and on global public databases, which contain images, videos and audios.

First of all, deepface consists of creating images and videos that imitate objects or faces of real people thanks to antagonistic generative neural networks (GANs). These GANs are a type of AI algorithm capable of generating photographs that look authentic to the human eye.

For its part, cybercriminals use deepvoice to replicate the voice of a real person from their audio fragmentsa format that, according to the cybersecurity firm Panda Security, has already been used to impersonate CEOs of “big companies.”

LOOK: Take care of your smartphone! This malware impersonates your apps to infect your computer

All in all, thanks to the deepfake cybercriminals can bypass today’s robust and widespread defense systemssuch as biometric security, which verifies the identity of a subject based on the recognition of their iris or fingerprint.

HOW TO DETECT A POSSIBLE CASE OF DEEPFAKE

Although fraudsters employ increasingly sophisticated techniques to carry out these attacks on companies and institutions of various kinds, There are certain variables that allow detecting possible cases of deepfake.

Panda Security recommends that companies or people with public projection carry out daily monitoring of their social networks, in order to control any content that could go viral and could harm their reputation.

In relation to job interviews, it is advisable that companies take into account details such as the possible abruptness of the person’s posture or blinking, which can reveal if it is a false candidate.

Another aspect to take into account during these virtual encounters is the brightness, if it changes from one frame to another and the way in which it is reflected in the skin tone.

The tone of a person’s voice can also be a good indication that deepfaking is being used, if the candidate’s voice is previously known. Otherwise, it should also be verified that what the interviewee answers is consistent with the discourse that he tends to project.

Source: Elcomercio

- Advertisement -
spot_img

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

What Giorgia Meloni really offers as leader of the far-right coalition that won the elections in Italy

EU, immigration, family or energy policy: these are the main points...

Cesar, the blind dog who fell into a hole and was rescued by California firefighters

This time it was not a forest fire or a burning building, but the firefighters of California They saved...

Pension reform, use of 49.3, price of a pack of cigarettes… What to remember about Elisabeth Borne’s ads

pensions The Executive's decision on the planned method to initiate a pension...

Back in images in the Urban Route of the 20 years of the House

Celebrating your 20th birthday on a Sunday morning with over 1,000...

Must read

You might also likeRELATED
Recommended to you