Hiring Fraud Exposed! Latest AI Threats to Business.

Show Notes

🔥🚨NEW EPISODE 🔥🚨We delve into the Latest AI Threats To Small Business. Exposing AI Hiring Fraud! Watch to the end to see live examples of how this is happening today.

Topics covered: 

🔥AI Fraud in Interviews, 

🔥How AI Scams Effect Business, 

🔥AI Fraud In Job Interviews

 

takeaways

• AI-driven fraud is a growing concern for businesses.
• Many resumes are now generated by AI, raising authenticity issues.
• North Korean agents have infiltrated numerous US companies.
• Cybersecurity alerts from the FBI should be taken seriously.
• Employers must be vigilant about hiring practices.
• Deepfakes are being used to create fake identities.
• The consequences of hiring fraud can be severe.
• Small businesses are particularly vulnerable to these threats.
• Implementing multi-factor authentication is essential.
• Trust but verify is crucial in today's hiring landscape.

Grow without Interruption. Stop Breaches. Leverage Advances in Technology with NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com  
 

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss a video episode!

Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Youtube (FKA Google) Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

Chapters

• 0:00: Intro to AI
• 0:00: Protecting Businesses from Cyber Threats
• 2:19: The Rise of AI-Driven Fraud
• 3:05: Understanding AI in Employment Practices
• 6:41: Latest AI Threats To Small Business
• 9:37: Hiring Fraud Exposed
• 12:18: The North Korean Cyber Threat
• 13:34: Metrics and Measurement in Cybersecurity
• 18:16: The Future of Cybersecurity and Business Resilience

Transcript

🔥🚨NEW EPISODE 🔥🚨We delve into the Latest AI Threats To Small Business. Exposing AI Hiring Fraud! Watch to the end to see live examples of how this is happening today.

 

Topics covered: 

🔥AI Fraud in Interviews, 

🔥How AI Scams Effect Business, 

🔥AI Fraud In Job Interviews

 

takeaways

• AI-driven fraud is a growing concern for businesses.
• Many resumes are now generated by AI, raising authenticity issues.
• North Korean agents have infiltrated numerous US companies.
• Cybersecurity alerts from the FBI should be taken seriously.
• Employers must be vigilant about hiring practices.
• Deepfakes are being used to create fake identities.
• The consequences of hiring fraud can be severe.
• Small businesses are particularly vulnerable to these threats.
• Implementing multi-factor authentication is essential.
• Trust but verify is crucial in today's hiring landscape.

TOPICS: latest ai threats to small business,hiring fraud,ai fraud in interviews,how ai scams effect business,ai fraud,ai fraud in job interviews,latest ai threats,new ai deception,ai in hiring process,ai for job applications,can you spot a deepfake,how to avoid ai scams,how ai scams effect small business,ai deception,can you spot the deepfake,global news,fraud,warning,AI,artificial intelligence,AI crime,AI scam,AI generated fraud,ai scams on the rise,AI tools

Host (00:00.118)
If you have hired people in the past couple years, you may need to double check their identities and their true backgrounds. That is the warning, along with a $5 million reward issued by the Department of Justice here in the United States, directed toward business owners and business leaders. Media reports recently broke stories that are littered with warning to hiring managers and human resource departments, warning of new AI-driven fraud, cybercrime, and espionage.

Well, I was blown away after I spoke to a business leader who, when asked about how technology is affecting his business, he described AI driven fraud attacks they are now dealing with during their routine hiring process. This is the reality, the what you are likely facing, whether you realize it or not. This isn't a movie plot. This is real. How do they pull this off? And more importantly, could it happen to you? Stay with me because what I'm about to

reveal what you need to attach for and how to protect your company. This is the story of the latest AI threats to small business. And now, the show.

you

Host (01:25.611)
Join us as we go behind the scenes of today's most notorious cybercrime, translating cybersecurity into everyday language that's practical and easy to understand. appreciate you making this an award-winning podcast by downloading our episodes on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies, and now the show.

Host (02:02.381)
Excellent. Welcome everybody. I'm your host, David Morrow and very excited about today's episode. We have John Fly with Firm Pilot and we're going to walk through the new age of employment, the intersection of leadership, technology and culture. And John, welcome to the studio, man. Pleasure to be here. So where are you joining us from? You are a little bit down south, right? Yeah, I'm near Nashville, Tennessee. I'm in Murfreesboro. Beautiful.

beautiful part of the country. So explain to everybody, yeah, walk us through kind of where you are today. Always interested in origin stories and what makes people do what they do. Sure. So starting into 2023 to current, I am the CTO of a small AI powered marketing organization called Firm Pilot. We use AI and automation to

provide our clients, which are mostly law firms, with the content and impact they're looking for to become highly ranked on search engines, highly discoverable, and bring in the clients that they're after. So using a lot of generative AI and a lot of modern AI ML and automation to deliver that. That's phenomenal. So what are some of the things that Firm Pilot will do for a law firm? Like, will they curate newsletter articles or LinkedIn posts or?

So, know, ABA journal articles, that type of stuff. Yeah. So our, our main, our main services really are about getting content out there. so it's, it's blog posts and social media posts. a lot of law firms right. Are our local serving their local community. Absolutely. Google business profiles are a huge, part of our strategy. and then building backlinks. So guest posts and other systems.

We do other things too, but those are like the big content gen features. And so we, we've built out a pretty comprehensive kind of digital writing room, if you will, that simulates content drafting, adding calls to action, linking strategies, knowledge enrichment. And so that knowledge enrichment is very key. We have to write entertaining, but a hundred percent factually accurate and up-to-date content. So yeah, we, are enriching all of our content.

Host (04:30.817)
modern law and governmental resources. So that's really interesting because lawyers, especially depending on what type of practice they have, right? I mean, they tend to be very focused on the courtroom and evidence and discovery and investigation, but being subject matter experts and being out there and relating that to where their ultimate clients are, a lot of them have struggled with that for years. So this is, it seems like a really

very germane offering in a way of leveraging AI. Is there also a portal where they can kind of select some of the things they like to talk about, or do you do that in an intake with them? Sure, right now. So again, the company's really early stage. It was started early 2023. Our founder, who's got a tech background, his brother's a practicing attorney. so that was, that's great about the kind of ineffectiveness of

know, these marketing law law firm marketing agencies is what spawned this out of Jake's mind. Sure. So just as a bit of a peer into my history, I've been in leadership roles and hiring and putting together hiring programs and retention programs for probably 15 years. I've interviewed probably thousands of people.

This year as firm pilots growing, I was able to have four technical roles posted at the same time. So I've spent the last few weeks just heads down doing these interviews. And the first thing I noticed was a very common trait. And that was a lot of the resumes were highly tailored to the job. So that's not necessarily a bad thing, but the resumes, when they looked good, they looked really good.

Your assumption there, I didn't mean to interrupt, but your assumption there is they're taking the job description, throwing it in AI and customizing it, having it spit out the custom resume for that, right? 100%. Yeah. It really is dialed into these are the technologies and techniques that we're looking for. So yeah, mean, when I'm reviewing these resumes, the ones that look like, you know,

Host (06:46.635)
you know, rock star developers or, you know, the 10 out of 10 people I'm excited to talk to. I really got kind of cynical by the end of this because I would be looking at the strongest resumes and thinking even before I got on camera, is this, is this even a real person? It was just so bad. well, it's strange, right? We've gotten to a point where a 10 out of 10 resume now is a red flag because it doesn't seem genuine.

had to go over it with a fine tooth comb and prepare questions to really dig in, in case it was a fake. And for the developer role that I had, it was probably about 75 % of the highly qualified resumes ended up being a completely fake persona when I got them on the camera. Wow. Now, were they using AI or something like that in the teams meeting or in the...

They were. So AI deep fakes actively being used while I need to tag this part over to another podcast. Cause that is, that is really shocking for business owners to understand. You know, most of the talent isn't necessarily right local, right? And so you need to find the best person with those skillsets. So you look broader. And so that usually necessitates having

meetings like this, having a teams meeting, having a zoom meeting, whatever, only times have changed and the software is really, really good now. It is. Yeah. It's I've seen it live myself and it's, hard to describe to people, but I'm saying if you don't know what to watch for, it's going to fool you. And that's really where good questioning and always kind of thinking a little cynically helps. Yeah. The, they had a lot of common.

commonalities, so I was able to start really putting it together and by like the tenth one, my Spidey sense went off like right at the start. They were always using a digital background. Most of them had the large over the ear headphones, which those by themselves aren't red flags. But of course what we would notice. Well, I'll just tell you about like 40 or 50 of these into it. I did find one of the guys that were just

Host (09:10.651)
his resume was so ridiculously strong and he was such a weak interviewer. or interviewee. I just asked him, said, I think you're, I think the resume is fake. think you're using AI right now. Can we just, we just stop and you tell me what's going on. And I had one of these guys just kind of break it down for me. What did he say? So he said, he said he's in an office. Like he said, I'm surrounded by people. We're all doing this. He said, yeah.

He said they scrape jobs, they'll use AI to create a really powerful resume. And he said, especially for the big companies that have multi rounds, sometimes it's not even the same person showing up round after round. And so they show up, they have the resume, they have a terminal in front of them. We'll typically have somebody listening in, prompting the LLM based on my question. So I'll ask a question. They'll usually pause with

That's a great question. Let me think about that. Meanwhile, they're prompting the AI. Yeah. And then it's then they're then they're reading. So you'll see them lean in and read sometimes. But they're really good ones. It might be coming in over their headphones. But the the entire schtick is to, you know, I asked him, like, what's the goal? Like, what's the big payoff? And he really said the the goal that they're after is to get to get a job, to get on payroll and then to.

either farm the work out to AI or just stretch it out as long as possible to pull in paychecks. Really? Yeah. So the ultimate goal, or maybe he was not being fully transparent either, but the ultimate goal is not because you guys are firm pilot and you can get access to law firms, right? Which could then access all of the law firm clients and be a huge payload on the dark web.

That really isn't, it's just about getting employed and getting the paycheck. Probably getting employed, pulling in paychecks and probably at this time we're talking about people who have questionable ethics and morals to begin with. Right. So, I mean, you you deal with security. So once somebody's on the inside of an organization, you're talking all kinds of stuff could go wrong. could make it pull data, they could do blackmail, they can install ransomware. Absolutely.

Host (11:28.863)
I really think, you know, I told you earlier, I really think this is just the next evolution of kind of the call center scams that are going on. It's just, know, if one in a hundred works, they've got somebody on the inside pulling a paycheck. And I've been in big companies where it takes three months to get rid of somebody who's just obviously not working out. you know, if you

if their whole shtick is to embed themselves in a company and pull a paycheck for three months, that's a lot of money. Yeah.

Host (12:06.465)
Here's a terrifying statistic that should wake up every business owner. North Korean agents have infiltrated over 300 US companies through remote work schemes, stealing $6.8 million and potentially accessing sensitive corporate data. If you have hired people in the past couple years, you may need to double check their identities and their true backgrounds. That is the warning, along with a $5 million reward issued by the Department of Justice here in the United States, directed toward business owners.

and business leaders. Media reports recently broke stories that are littered with warning to hiring managers in human resource departments, warning of new AI-driven fraud, cybercrime, and espionage. That's absolutely chilling. And what makes it worse is that these weren't just random hackers, but state-sponsored operatives funding weapons programs. So this story is wild. In a criminal complaint unsealed recently, a Ukrainian man named Alex Didenko was accused of operating at least three laptop farms.

comprised of 79 computers in San Diego, Jefferson City, Tennessee, and Virginia Beach, Virginia. Didenco ran a business that allowed clients, including overseas IT workers, to use false identities to get hired for remote work, prosecutors alleged. A person who gave their name as Christina Chapman was among the people that Didenco shipped a laptop to, according to the complaint. When the FBI used a warrant to search Chapman's residence in October, agents found more than 90 computers, the complaint says.

Three jobs filled by North Korean IT workers at U.S. companies were tied through business records to the computers found in Chapman's residence, according to the complaint. Dudenko is accused of aggravated identity theft and wire fraud, among other charges. He is not yet in custody in the U.S., the law enforcement official told CNN. As alleged in the complaint, Dudenko sold the accounts to overseas IT workers, some of whom he believed were North Korean, and the overseas IT workers used the false identities to apply for jobs with unsuspecting companies.

Several U.S. persons had their identities used by IT workers related to Didenko's cell, and evidence in the complaint showed that the overseas IT workers using Didenko's services were also working with Chapman. Polish authorities arrested Didenko on May 6th at the request of the United States, which is seeking Didenko's extradition from Poland. Didenko's company's online domain, UpworkCell.com, was also seized today by the Justice Department pursuant to a court order and all traffic diverted to the FBI. According to the indictment, the overseas

Host (14:27.209)
IT workers associated with Chapman, many of whom were tied to North Korea, posed as US citizens using the stolen, false, or borrowed identities of US nationals and applied for positions at US companies, causing the transmission of false documentation to the US Department of Homeland Security, DHS. The overseas IT workers gained employment at US companies, including at a top five major television network, a Silicon Valley technology company, an aerospace manufacturer, an American car manufacturer, a luxury retail store.

in a US hallmark media and entertainment company, all of which were Fortune 500 companies. Some of these companies were purposely targeted by a group of DPRK IT workers who maintained postings for companies at which they wanted to insert IT workers. Chapman ran a laptop farm hosting the overseas IT workers computers inside her home. So it appeared that the computers were located in the United States and also received and forged payroll checks and received direct deposits of the overseas IT workers wages.

from the US companies into her US financial accounts. The overseas IT workers also attempted to gain employment and access to information at two different US government agencies on three different occasions, although these efforts were generally unsuccessful. The overseas IT workers associated with Chapman's cell were paid millions for their work, much of which has been falsely reported to the IRS and the Social Security Administration in the name of the actual US persons whose identities were stolen or borrowed.

Chapman also allegedly conspired with the John Doe defendants to commit money laundering by conducting financial transactions under aliases to receive money generated by the scheme and transfer those funds outside of the United States in an attempt to hide that these were proceeds of the IT workers' fraud. North Korean IT workers generally pose as other nationalities, offer to work remotely, and apply for jobs in gaming, IT support, and artificial intelligence, among other sectors.

according to a 2022 public warning from the State Department and other agencies. About half of North Korea's missile program has been funded by cyber attacks and cryptocurrency theft, a White House official said last year. You know what really gets me about this case? They managed to fool some of America's biggest companies. We're talking Fortune 500 corporations, including a major TV network and even an aerospace defense manufacturer. His most shocking is that the indictment explains the conspiracy perpetrated a staggering fraud on a multitude of industries.

Host (16:50.283)
At the expense of generally unknowing U.S. companies and persons, the indictment read, impacted more than 300 U.S. companies and SMBs right here in the U.S. Compromised the identities of U.S. persons, caused false information to be conveyed to DHS, Department of Homeland Security on more than 100 occasions, created false tax liabilities for more than 35 U.S. persons, and resulted in at least $6.8 million of revenue for the overseas IT workers. Included among the companies allegedly defrauded in the scheme are a top five national television network and media company.

premier Silicon Valley technology company, an aerospace and defense manufacturer, an iconic American car manufacturer, a high-end retail chain, and one of the most recognizable media and entertainment companies in the world. All of which were Fortune 500 companies, according to the indictment. Well, let's break down how they pulled this off, because it's fascinating in a terrifying way. They had this elaborate setup with an Arizona woman running what they call the laptop. Right, Christina Chapman. When the FBI raided her home, they found more than 90 computers.

She was basically providing the American face for these North Korean IT workers, handling their paychecks and giving them a US address to make everything look legitimate. alleged in the court documents, DPRK has dispatched thousands of skilled IT workers around the world who used stolen or borrowed US persons' identities to pose as domestic workers, infiltrate domestic companies' networks and raise revenue for North Korea. The schemes described in court documents involve defrauding over 300 US companies using US payment

platforms and online job site accounts, proxy computers located in the United States and witting and unwitting U.S. persons and entities. This announcement includes the largest case ever charged by the Justice Department involving this type of IT workers scheme. Two criminal prosecutions brought by the U.S. Attorney's Office for the District of Columbia, one in partnership with the Computer Crime and Intellectual Property Section of the Justice Department's Criminal Division, were unsealed today.

As part of the prosecutions, two defendants have been arrested and related seizures and search warrants have been executed in Washington, DC and other jurisdictions. The investigations were led by the FBI Phoenix and New York field offices and IRS criminal investigation and coordinated with five other FBI field offices and four other US attorney's offices, producing arrests in the United States and Poland. The execution of five premises, search warrants and the seizure of illicitly obtained wages and a website domain.

Host (19:13.953)
Hmm. So seems clear that they weren't just using random fake identities either. They were stealing real Americans identities and creating incredibly detailed backstories that could pass employment verification checks. That's exactly what makes this so dangerous. They thought of everything. Employment histories, professional profiles, background checks. They even managed to fool the Department of Homeland Security's verification systems in some cases. So what's really at stake here? I mean, beyond the immediate financial fraud?

Well, according to the Department of Justice, about half of North Korea's missile program is funded through these kinds of cyber operations. We're talking about state-sponsored espionage disguised as remote work applications. And they were so confident in their scheme that they actually tried to infiltrate U.S. government agencies, though thankfully those attempts weren't successful. You know what's particularly frustrating? The FBI and other agencies actually warned about this exact threat back in May 2022.

They specifically highlighted the risk of North Korean IT workers trying to obtain employment while posing as non-North Korean nationals. The FBI, along with the Departments of State and Treasury, issued an alert years ago, back in May 2022. In the advisory, they alerted the international community, private sector, and public about the North Korea IT worker threat. More updated guidance was issued in October 2023 by the United States, which included indicators to watch for

that are consistent with North Korea IT worker fraud. Well, here's a real example. Back in May, 2022 and reported on this podcast, the US Departments of State and Treasury and the Federal Bureau of Investigation issued an advisory to alert the international community, the private sector and the public to attempts by the Democratic People's Republic of Korea, DPRK and DPRK Information Technology, IT workers to obtain employment.

while posing as non-DPRK. Nationals. The advisory provides detailed information on how DPRK IT workers operate and identifies red flags to help companies avoid hiring DPRK freelance developers and to help freelance and digital payment platforms identify DPRK IT workers abusing their services. A fact sheet, guidance on the Democratic People's Republic of Korea information technology workers has also been published. That must be why the Department of Justice is taking this so seriously.

Host (21:39.77)
They're offering a $5 million reward for information about Chapman's co-conspirators. So let's cover why it is important to pay attention to cybersecurity alerts from the FBI and how this relates to business. Chapman and her co-conspirators allegedly compromised more than 60 identities of U.S. persons, impacted more than 300 U.S. companies, caused false information to be conveyed to DHS on more than 100 occasions, created false tax liabilities for more than 35 U.S. persons,

and resulted in at least $6.8 million of revenue to be generated for the overseas IT workers. The department seized funds related to Scheme from Chapman as well as wages and monies accrued by more than 19 overseas IT workers. Using the stolen identities of US citizens is a crime by itself, but when you use those identities to procure employment for foreign nationals with ties to North Korea at hundreds of US companies.

You have compromised the national security of an entire nation," said Chief Guy Fico of the IRS. For more than 100 years, IRS criminal investigation special agents have been following the money, and their financial expertise has once again stopped criminals in their tracks. Chapman was charged with conspiracy to defraud the United States, conspiracy to commit wire fraud, conspiracy to commit bank fraud, aggravated identity theft, conspiracy to commit identity fraud, conspiracy to launder monetary instruments operating as an unlicensed money transmitting business, and unlawful employment of aliens.

The John Doe's are charged with conspiracy to commit money laundering. If convicted, Chapman faces a maximum penalty of 97.5 years in prison, including a mandatory minimum of two years in prison on the aggravated identity theft count. And the John Doe's face a maximum penalty of 20 years in prison. And it's not just Chapman. There's this Ukrainian guy, Ddenko, who was running similar laptop farms in San Diego, Jefferson City and Virginia Beach. The whole operation was incredibly sophisticated.

IT workers provide a critical stream of revenue that helps fund the DPRK regime's highest economic and security priorities, such as its weapons development program. DPRK leader Kim Jong-un recognizes the importance of IT workers as a significant source of foreign currency and revenue and supports their operations. There are thousands of DPRK IT workers, both dispatched overseas and located within the DPRK, generating revenue that is remitted back to the North Korean government.

Host (24:07.141)
DPRK IT workers are located primarily in the People's Republic of China PRC in Russia with a smaller number in Africa and Southeast Asia. These IT workers often rely on their overseas contacts to obtain freelance jobs for them and to interface more directly with customers. All DPRK IT workers earn money to support North Korean leader Kim Jong Un's regime. The vast majority of them are subordinate to and working on behalf of entities directly involved in the DPRK's

UN prohibited WMD and ballistic missile programs, as well as its advanced conventional weapons development and trade sectors. This results in revenue generated by these DPRK IT workers being used by the DPRK to develop its WMD and ballistic programs in violation of US and UN sanctions. Many of these entities have been designated for sanctions by the UN and United States. The scale of this is just mind boggling. How can businesses protect themselves against something like this?

Well, there are several key red flags that companies need to watch for. First, be suspicious of candidates willing to work for significantly lower wages than market rate. Also watch for inconsistencies in personal information, like different names being used across different documents. And I imagine technical verification is crucial too. Checking IP addresses, monitoring login patterns, that sort of thing? Exactly. Companies need to implement strict protocols for remote access, regular monitoring of network access.

and maybe even periodic in-person check-ins when possible. Multi-factor authentication is absolutely essential. You know what's really concerning? This might just be tip of the iceberg. That's right. And it's not just big corporations at risk. Small and medium-sized businesses are actually more vulnerable because they often don't have sophisticated security measures in place. So what's the bottom line for business leaders trying to themselves? Look, it comes down to three critical steps. First,

strengthen your hiring processes, especially for remote workers. Second, implement robust identity verification systems. And third, and this is crucial, like stay informed about these threats and take government warnings seriously. And I suppose if something seems too good to be true, like an incredibly qualified candidate willing to work for below market rates, probably is. Exactly. In today's world, healthy skepticism isn't just prudent. It's necessary for survival.

Host (26:31.013)
Because while remote work has opened up amazing opportunities, it's also created new vulnerabilities that bad actors are all too ready to exploit. Well, this certainly gives new meaning to the phrase, trust but verify. And remember, this isn't just about protecting your company's bottom line. It's about national security. Every business, no matter how small, has a role to play in preventing these kinds of attacks. Because when we let our guard down, we're not just putting our own operations at risk. We're potentially funding weapons programs halfway around.

the world. So we have a live interview with someone who has lived this nightmare and come up across these AI deepfakes and AI driven fraud attacks during the hiring process. He is the business leader I recently spoke with named John Fly. yes. He's the CTO for FirmPilot, the law firm marketing company who recently was interviewing with several people who despite passing all traditional background checks and criminal background screenings.

were fraudulent and applied for jobs with AI deepfaked resumes and avatars. I was blown away after I spoke to a business leader who, when asked about how technology is affecting his business, he described AI-driven fraud attacks they are now dealing with during their routine hiring process. So stay with us to hear the reality of what you are likely facing, whether you realize it or not.

Host (27:48.645)
Well that wraps this up. Thank you for joining us. We hope you enjoyed our episode. The next one is coming right up. We appreciate you making this an award-winning podcast and downloading on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies and we thank you for watching.