Deepfakes, fraudsters and hackers are coming for cybersecurity jobs

Companies in the market for cybersecurity professionals could face a new method of attack, made harder to spot because of artificial intelligence: Hackers posing as job applicants.

As cyber threats targeting U.S. companies multiply, some security leaders have increased scrutiny during hiring to weed out bad actors—or simply applicants with over-embellished résumés.

Globally, the cyber sector faces a shortfall of roughly four million professionals, an increase of 12.6% from 2022, according to ISC2, a professional and certification group in cybersecurity. Fraudsters are seizing on the demand.

Lili Infante, founder and chief executive of CAT Labs, said during The Wall Street Journal’s Tech Live: Cybersecurity conference on Thursday that North Korean hackers frequently target her cryptocurrency asset recovery startup by pretending to apply for jobs. Some are even referred by recruiters.

“We’ve weeded out over 50 candidates that were North Korean spies,” she said, “to the point where I had to put certain controls in place in my hiring process.”

If hired, the spies could seek out intellectual property and steal corporate data, Infante said. If they’re able to infiltrate a crypto firm, they could put vulnerabilities into code to loot assets, she added.

U.S. officials have warned of a shadowy workforce of thousands of North Korean information-technology workers in low-level jobs worldwide. They have helped Pyongyang evade harsh international sanctions and raise billions of dollars through computer fraud and hacking efforts—often helped by westerners posing as would-be job applicants.

More than 300 U.S. companies unknowingly hired foreign nationals with ties to North Korea for remote IT work, the Justice Department alleged last month.

It isn’t just North Korean spies cyber hiring teams are looking to block. More common are applicants whose skills might not match their listed accomplishments.

Brent Conran, chief information security officer of Intel, at Thursday’s event said he personally interviews job candidates hired into a senior level within the chip giant. Intel has also arrayed “technical gates” to check for skills aptitude—a test Conran said he was required to pass.

Meredith Harper, senior vice president and CISO of credit-card issuer and financial services firm Synchrony Financial, said she’s typically able to detect if job candidates embellished résumés in the first five minutes of a conversation.

“It’s important to be able to see them, whether it’s on video or in-person, to feel the energy, to hear their answers to the specific questions,” Harper said at Thursday’s event.

The rise of AI tools, however, has made it harder to spot impostors.

Chatbots like ChatGPT can help job applicants perfectly tailor résumés and generate answers for cover letters. AI-created deepfakes, which bad actors can use to mimic real people on video and voice calls, have already led to cyber breaches and an increase in sophisticated impersonation attacks.

“I always ask them to show their ID on video. That’s it. It has to match your face,” Infante said. “With deepfakes and remote work, it gets pretty easy if you’re not careful to hire a North Korean spy.”

To root them out, Infante said she’s suspicious of résumés that seem too good to be true. They also tend to have education listed in countries like Malaysia or Singapore, but work experience only in the United States.

Some résumés may contain phone numbers that are voice over internet protocol technology, or VoIP, which don’t require contracting with a cellular provider like Verizon or AT&T. Job candidates who lack an online presence also raise eyebrows.

Infante said she also puts applicants through an automated identity verification before a conversation, and verifies their education credentials.

Since the start of the generative AI boom nearly two years ago, the cyber sector has been on high alert for an increase in AI-aided hacks and cybercrime. While the technology has given hackers a head start, 85% of surveyed cybersecurity professionals say it will aid their work in the long-term, Clar Russo, CEO of ISC2, said at Thursday’s event.

Write to Belle Lin at belle.lin@wsj.com