This July, a global phishing campaign was uncovered where attackers created deepfake profiles of real-life CISOs and security executives on LinkedIn. These profiles engaged in high-level recruitment conversations and ultimately distributed malware through seemingly legitimate file shares and meeting invites.
Dubbed “PhantomHire” the campaign affected over 30 multinational companies. Victims were lured into conversations with what appeared to be real people, complete with fake Zoom interviews powered by deepfake avatars and voices.
Security experts warn that professional networks are now high-value targets for social engineering. The deepfake technology used in PhantomHire was advanced enough to pass live scrutiny, highlighting the need for identity verification protocols on platforms like LinkedIn.
Organizations are urged to implement mandatory cybersecurity training around social networking and require sandbox testing for shared documents.
