Security Firm Discovers Remote Worker Is Really a North Korean Hacker

floofloof@lemmy.ca to Technology@lemmy.world – 316 points –
pcmag.com
23

You are viewing a single comment

Wait, they hired someone without even having a video call?

Maybe they lied in the call and said they weren't a North Korean hacker. That would be the kind of devious thing a hacker might do.

They submitted a deep fake photo and never did a call.

To prevent a repeat, KnowBe4 is advising its peers in the industry to consider interviewing prospective employees on a video call to ensure they’re real

Holy shit, this is classic. The next time I let my ADHD get the better of me and I accidentally click on a link in a spoof phishing email (and, yes, try to log in to whatever account they told me there was a problem with because I'm an idiot, you're so perfect, shut up) sent as a test by the IT department which results in them requiring me to take some KnowBe4 refresher course, I'm sending them this article and telling them "This one is a freebie."

As someone managing KnowBe4 for our Clients, I'd actually let you pass with it... ;D

Yeah, shows that the internal client is researching security topics

Ohh cool. Some of our security training is from them. Always seemed to be the most basic stuff too. Pretty awful they couldn't take the most basic step to ensure a person is who they say they are.

Oh lol, my company is/was using them to produce testing phishing emails to determine if employees can spot them. It is quite ironic they fell for the ultimate phish.

Wasn't there a case recently where some hackers in Hk videocalled and faked being a bank guys boss and got him to send over money.

Hey now, it's even on the USA visa application:

Do you seek to engage in or have you ever engaged in terrorist activities, espionage, sabotage, or genocide? ☐

Did you expect there to be a portrait of Kim in the background?

Probably was for a high stress, high turnover position where anyone competent and breathing would do.

Seems weird...but I have totally done two different job interviews where nobody has their camera on.

They didn't do one in this case, but I have heard stories of these sorts of malicious actors paying people stateside or elsewhere to take the video interviews. I've had to do ID checks on video in recent-ish interviews.

And with deepfakes they could make the video call look like the person in the fake photo they sent.