Podcast: Play in new window | Download (Duration: 12:10 — 16.7MB)
Subscribe: RSS
Summary
On this episode of Chattinn Cyber, Marc is chattin’ with Aaron Painter, a seasoned enterprise tech executive with years at Microsoft and experience leading operations in China and the UK, shares the origin story of his company, Nametag. After observing the rise in identity theft among friends and family, Aaron was struck by how outdated and vulnerable identity verification processes had become—especially the ease with which attackers could answer common security questions using publicly available data.
The conversation turns to the evolution of cyber threats, particularly social engineering and deepfake-enabled attacks. Painter outlines a disturbing trend where attackers bypass even sophisticated technological protections like multi-factor authentication (MFA) by exploiting weak points in human processes, such as IT help desks. One example he highlights is the MGM breach, where a phone-based social engineering tactic led to significant damage.
Painter emphasizes that many organizations’ defenses rely on trust in video verification—such as Zoom or Teams calls—but that these platforms are now susceptible to real-time deepfake emulation. Attackers can impersonate employees or candidates using advanced visual spoofing tools, bypassing traditional verification methods and gaining access to critical systems.
To address these vulnerabilities, Nametag offers a mobile-first identity verification solution that leverages smartphone cryptography and biometric tools to take three-dimensional selfies and securely scan IDs. This process ensures stronger identity proofing, even under conditions that would normally be vulnerable to deepfake deception or impersonation.
The episode concludes with Painter warning HR professionals about the increasing threat of hiring fraud—where bad actors impersonate real candidates using deepfakes. He advises that companies don’t need to replace existing systems like Workday or Okta but should instead implement layered solutions that complement current infrastructure and close critical security gaps.
Key Points
- Cybersecurity Gaps Are Human, Not Just Technical: Despite widespread use of MFA, social engineering attacks targeting help desk personnel remain a primary threat vector.
- Deepfakes Are Evolving Rapidly: Attackers increasingly use deepfake technologies to impersonate employees or job applicants on video calls, rendering basic visual verification untrustworthy.
- Nametag’s Mobile-First Approach: Nametag strengthens identity verification by using mobile devices’ cryptographic and biometric capabilities to combat real-time deepfake impersonation.
- Hiring Fraud Is a Growing Threat: Criminals, sometimes state-sponsored, use deepfake tools to impersonate legitimate job candidates, gain access to internal systems, and cause serious security breaches.
- Enterprise Integration Over Replacement: Painter advocates for bolting on new security layers rather than replacing entire systems—filling in gaps while preserving operational continuity.
Key Quotes
- “All you have to do is call and pretend to be the account holder and say you were locked out. Then there’s a clear vulnerability. And that vulnerability is a social one or human one.”
- “The platforms weren’t really built to prevent against deepfakes… You’ve got that person showing up completely different on the video call.”
- “95% of the background check providers do it with a Social Security number and no identity verification.”
- “We invented the same concept of scan your ID and take a selfie—but we do it exclusively on mobile.”
- “I knew identity verification was a hot area. I had no idea it would be this hot.”
About Our Guest
Aaron Painter is the visionary CEO of Nametag Inc., the pioneering identity verification platform dedicated to protecting users from impersonators and AI-generated deepfakes. With a mission to enhance online authenticity and foster trusted relationships, Nametag has emerged as the go-to solution for leading companies aiming to combat fraud and streamline account security. Aaron’s commitment to user-centered security is deeply personal, stemming from his own experiences with online fraud and identity theft, which inspired him to assemble a team of security experts to revolutionize account protection. A global leader with a rich background, Aaron has lived and worked across six countries on four continents, and he is the author of the best-selling book *LOYAL*, where he emphasizes the importance of cultivating a culture of listening in leadership. His impressive career includes serving as CEO of Cloudreach, a top multi-cloud solutions provider, and holding various leadership roles at Microsoft. A Fellow at the Royal Society of Arts and a member of the Forbes Business Council, Aaron is also a sought-after speaker and advisor, known for his ability to blend international practices with local insights to build innovative, high-performing teams.
Follow Our Guest
About Our Host
National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.
Follow Our Host