Employee Identity Validation

“Sorry, Benedetto, but I need to identify you,” the executive said. He posed a question: What was the title of the book Vigna had just recommended to him a few days earlier. Recently, a Ferrari executive was nearly deceived by a convincing deepfake impersonating CEO Benedetto Vigna but listened to his gut and stopped to verify that he was speaking with the real Vigna. This incident highlights the escalating risk of AI-driven fraud, where sophisticated deepfake tools are used to mimic voices and manipulate employees. Perhaps more importantly, how awareness of these threats can save your organization from fraud. The executive received WhatsApp messages and a call from someone posing as Vigna, using a different number and profile picture. The imposter's voice was a near-perfect imitation, discussing a confidential deal and asking for assistance. Suspicious, the executive asked a verification question about a book Vigna recently recommended, causing the call to abruptly end. Key Takeaways: Verify Identity: Always confirm the identity of the person you're communicating with, especially if the request is unusual. Ask questions only the real person would know. (Teach this to your family as well, this applies to real world- not just business) Be Alert to Red Flags: Differences in phone numbers, profile pictures, and slight mechanical intonations in the voice can signal a deepfake. Continuous Training: Regularly train employees on the latest deepfake threats and how to spot them. Robust Security Protocols: Implement multi-factor authentication and strict verification processes for sensitive communications and transactions. As deepfake technology advances, it's crucial to stay vigilant and proactive. By fostering a culture of security awareness and implementing strong verification methods, we can protect our organizations from these sophisticated scams. Awareness matters. #cybersecurity #insiderthreat #Deepfake #AI #Fraudprevention #Employeetraining #Ferrari #Securityawareness #humanrisk

Identity issues in SaaS don’t always come from the outside. They build up over time, accounts that were never deprovisioned, roles with outdated access, logins no one tracks because they bypass the SSO. Most tools focus on access control at the point of login. SSO and IAM systems validate credentials, enforce MFA, and manage provisioning workflows. But they don’t tell you if a former employee still has access in Salesforce. They don’t show which accounts were created locally or which users have permissions far beyond their role. Reco’s Identities Agent addresses what traditional tools miss. It continuously monitors identity posture across your SaaS apps and flags: • Over-privileged users with excessive permissions • Unauthorized app access from unmanaged accounts • Stale accounts tied to former employees • Locally created identities outside of your IdP When issues are found, RECO initiates remediation, removing access, disabling accounts, or syncing identity data back to your IdP.

AI can steal your identity. ✅  AI can also save it. ✅ We’re entering a new era of cyber threats.  One where AI isn’t just a tool for productivity, but a weapon for deception. 👉 AI-generated phishing emails no longer come with broken grammar or shady links.  👉 Voice deepfakes can now impersonate your colleague or family members with terrifying accuracy.  👉 Sophisticated scams are targeting your most trusted assets — your people and your data. The scariest part? You may not even know you’ve been compromised until it's too late. That’s why identity protection needs to evolve.  We have to go from reactive to proactive, from manual to agentic. And we have to do it NOW.  Salesforce, in particular, has already reimagined how to handle one of the most critical identity vectors: employee data. Using MuleSoft as the backbone and Agentforce AI as the brain, Salesforce has built an intelligent identity verification engine across 90+ internal and external systems. Here’s what it does: • Detects employee record discrepancies across Workday, Slack, Okta, and more.  • Verifies root causes in real time. No ticket needed.  Calls reprocessing MuleSoft APIs instantly to resolve mismatches.  • If automation fails, routes the issue directly to the right team with full context. This means:  ✅ No more case backlogs.  ✅ No more guessing games.  ✅ No more identity drift across systems. But this is more than just fixing bad data. This is how you fight AI with AI. By combining integration intelligence with agentic action,  Salesforce has built a resilient digital fabric where: • Every identity is verified.  • Every system is synchronized.  • And every user interaction is protected. Before the damage is done. AI may be the attacker. But with the right architecture, AI can also be your first responder. Let’s talk: How is your organization securing identities in the age of AI?  Are your integrations helping or hurting your security? #AI #CyberSecurity #MuleSoft #Agentforce #ZeroTrust #Integration #IdentityProtection #Phishing #DataGovernance #AgenticEnterprise 

I have the honor of spending hundreds of hours with security and identity practitioners across many Fortune 500 companies. These organizations have the most sophisticated and well educated IAM programs on the planet. Here are the 4 gaps they are concerned with when it comes to securing the identities of their human population. 1. Employee interview and onboarding - They want to make sure that the people joining their company are who they say they are and that once they are onboard, that they don't outsource their access and responsibilities to anyone else. 2. Daily Authentication - Relying on phishable factors such as OTP and PUSH is no longer acceptable in the age of AI enabled phishing and social engineering. Moving to a phishing resistant authentication method is critical. 3. Password and MFA reset - Hackers are taking advantage of insecure credential issuance processes in a major way. Securing the IT service desk and the self service credential reset process with a high assurance verification system is critical. 4. Endpoint access - Most endpoints are accessible only via password or allow a simple fallback to a password if the biometric is not working. Eliminating passwords for endpoints is critical so that keylogging malware cannot intercept a credential and then use it to move laterally within the enterprise environment. For more information on this, check out our zero trust identity guide - https://lnkd.in/gMGbKzaT For more information on how to securely onboard and verify users' identities, check out our HYPR affirm demo - https://lnkd.in/eUPNrAUk

From August 1, 2025, the Employees' Provident Fund Organisation (EPFO) now requires Aadhaar-based Face Authentication (FAT) via the UMANG app for: 1. UAN allotment and activation, 2. Activation of existing UANs, and 3. Face authentication for already activated UANs . This means employees can now generate and activate their UAN independently, without involving their employer—except in special cases . Who’s Exempt? International workers, and Citizens of Nepal and Bhutan …can still use the traditional employer-based method for UAN generation . Why This Change? The previous system often involved manual data entry by employers, causing errors in details like date of birth, mobile numbers, or missing mobile numbers altogether . FAT via UMANG ensures secure, accurate biometric authentication by pre-populating data directly from Aadhaar’s database, fetching the UAN securely, and enabling instant activation all in one step . After successful face authentication, the system activates the UAN and sends it via SMS, allowing members immediate access to EPFO services like passbook, KYC updates, and claim filing . How It Works: Step-by-Step 1. Install Apps Download UMANG and Aadhaar Face RD apps from Google Play or App Store . 2. In UMANG App Go to “UAN Allotment and Activation” (for new users) or relevant sections for existing UANs . 3. Enter Aadhaar & Mobile Provide your Aadhaar number and mobile number linked to Aadhaar, and check the consent box for Aadhaar validation . 4. Verify via OTP Tap “Send OTP”, verify the code, and if prompted, proceed to install/launch the Aadhaar Face RD App . 5. Face Authentication Consent, allow the app to access your camera, scan your face, and complete biometric validation via UIDAI API . 6. Receive UAN & Activation UAN is generated and activated instantly; you’ll receive it via SMS and can download the e-UAN card PDF for official use . Feedback & Concerns The Indian Staffing Federation (ISF) highlights that this mandate is causing delays in onboarding contract workers, especially where workers lack smartphones or face authentication fails, potentially disrupting payroll and PF contributions . Southern India Mills’ Association (SIMA) has urged EPFO to revert to the old method, citing frequent app crashes, server errors, and difficulties mapping existing UANs—calling for sensitivity programs and a hiatus until tech issues are resolved .