Best Practices for Defeating Deepfake Candidate Fraud

By Laura Durfee, Senior Director of Talent, DNSFilter

As technology continues its headlong evolutionary sprint, talent acquisition pros must address the skyrocketing threat of deepfake and fraudulent candidates. This is no longer a theoretical concern; we are seeing these types of fraud happen on a regular basis. 

Last year, the U.S. Department of Justice discovered an operation, potentially linked to North Korea, that impacted more than 300 companies and generated almost $7 million for non-existent IT workers. A prominent cybersecurity firm unwittingly hired an IT worker from North Korea who was using a stolen American identity and who tried to install malware on the company’s network. Another company unintentionally hired someone from North Korea, and this person breached its network, exfiltrated data and demanded a ransom. And a hiring platform became suspicious of a candidate when he showed signs of having rehearsed his background story and provided evasive answers.

The threat to organizations is clear. Whereas it was once a given that candidates were actual human beings, companies must now enact a stringent verification process to ensure the candidate is legitimate. Fraudulent activity by deepfake candidates has increased substantially; companies need to know about this increase, the role hiring departments must play and practical strategies to diminish or eliminate these risks.

Candidate Fraud on the Rise

Gartner analysts predict that one in four job applicants may be fake by 2028. For talent acquisition pros, this is a terrifying possibility, especially for remote positions where it’s difficult or impossible to meet in person prior to the hiring decision.

Hiring fake applicants comes with multiple negative consequences, not the least of which are wasted time, money and human effort. Other negatives include intellectual property theft, data breaches, the installation of malware and brand damage. It’s a talent pro’s nightmare to find out that a candidate they went to bat for is not a real person, or at least not the person they pretended to be. Even worse is discovering that the candidate who seemed like a great fit actually came in with malicious intent.

Factors That Enable Fraud

Candidate fraud is increasing in volume and sophistication, enabled by a confluence of factors:

• Generative AI: Fraudsters have an array of AI tools at their disposal with which to create fake resumes and online profiles, perfect-sounding answers to interview and application questions, and deepfakes – and they can do it quickly. A recent report found that it could take as little as 70 minutes for a researcher with no experience in image manipulation to create a fake job applicant.
• The “work from anywhere” (WFA) shift: The rise in WFA jobs and online video interviews has been a boon to many – including fraudsters. Remote interviews make it easier for fraudulent applicants to fake their identity and location. Because they’re not in the same room as the interviewer, they can breeze through interviews, phone screenings, virtual I-9 verifications and background checks.
• Malicious group effort: Bad candidate behavior is not reserved for individuals; there are now (as noted earlier) organized criminal groups – sometimes state-sponsored – that coordinate members’ efforts to steal identities and sneak past security measures. North Korea has been mentioned several times, and for good reason: its IT worker scams have netted anywhere from $250 million to $600 million per year since 2018.
• Inequities in pay and skills demand: Financial pressure and the perennially high demand for skills like cybersecurity are a recipe for people or groups to commit fraud to get hired. This is part of the reason why technical roles are highly targeted by fraudsters.

This form of fraud has become so well-known in a short time frame that some companies have lists in their applicant tracking systems of candidates whose profiles share characteristics with known deepfake candidates. Sharing these lists with industry partners will help more enterprises spot these fraudsters.

Eight Best Practices to Stop Candidate Fraud

Enterprises need a holistic strategy to defeat candidate fraud and the threats it represents. Implement these eight best practices:

• Consider tools that aid detection: There are tools designed to work with video interviewing platforms and spot deepfake activity. If it’s financially possible, consider implementing such a tool.
• Establish fraud-proof vetting: Institute a robust identity verification process that includes verifying all contact details and working with specialized providers for sensitive roles.
• Train interviewers: Educate those responsible for hiring about candidate fraud and how to spot suspicious behavior. Require the candidate’s camera to be on during video interviews. Ask in-depth questions and watch for evasive answers.
• Use least-privilege principles: Only grant new hires access to the systems and data their role requires, then monitor them for suspicious activity. 
• Collaborate across functions: Empower teams across the board with shared threat context and well-defined escalation paths to detect irregularities early on.
• Tech controls: Use solutions to help identify VPNs and VoIP numbers to verify the candidate’s location.
• Make in-person onboarding mandatory: Whenever possible, require new hires to be physically present for onboarding and team get-togethers.
• Ship equipment securely: You only want to ship to an employee’s verified address or use a secure pickup location. 

Vigilance Required

Who would have thought just a few years ago that candidate fraud would achieve today’s level of sophistication? This type of fraud has evolved into its own industry, sometimes well-funded and always well-coordinated. Hiring pros must be vigilant and proactive as they devise new processes to ensure the identity – and sometimes the existence – of prospective hires. Use the best practices outlined above to protect your company from these fraudulent practices.