• Imhotep@lemmy.world
    link
    fedilink
    English
    arrow-up
    40
    ·
    3 months ago

    Even though the photo provided to HR was fake, the person who was interviewed for the job apparently looked enough like it to pass.

    why not send an actual picture of his face?

    • Philippe23@lemmy.ca
      link
      fedilink
      English
      arrow-up
      22
      ·
      3 months ago

      My guess would be that they needed to get a mid-point between existing photos of the guy whose identity they stole and the guy that would show up in the video interviews.

      • boyi@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        6
        ·
        3 months ago

        Very unlikely, If you read and refer to the article. The identity was stolen but the pic is a stock photo.

        The two images at the top of this story are a stock photo and what KnowBe4 says is the AI fake based on the stock photo.

        • Philippe23@lemmy.ca
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          3 months ago

          My thought on that is that they needed a new location so their image didn’t just look like a modified version of another of the victim’s public images, so NK searched for a stock photo for a professional looking location. Ars has just located the stock image they started from.

  • Pasta Dental@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    32
    ·
    3 months ago

    This is the company that made “The Inside Man”, a series where a company gets infiltrated by not being careful enough of who they hire

    • Thurstylark@lemm.ee
      link
      fedilink
      English
      arrow-up
      10
      ·
      3 months ago

      Oh yeah, I remember having to watch those for onboarding. They weren’t as cheesy as they could have been for an informational video.

      I do appreciate how they’re handling it, though. A public post-mortem is much more reassuring than damage control PR. Plus, being honest means they gain the IT folks who actually have to use their stuff as allies.

      • Pasta Dental@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        4
        ·
        3 months ago

        Yeah, the series is pretty entertaining actually. And for the PR thing, they pitched it as a learning incident, and I agree with that, but they are lucky nothing truly bad happened because this company sends phishing tests, and a link could be replaced by the attackers - kind of like in a fake fake phishing email.

  • piyuv@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    1
    ·
    3 months ago

    The scam is that they are actually doing the work, getting paid well, and give a large amount to North Korea to fund their illegal programs.

    So even if you do the work and do it well, you’re not allowed to spend your money how you see fit