It cannot be denied that the rise of remote work has opened up many opportunities for both employers and job seekers. Despite this, however, it has also presented a plethora of challenges when it comes to recruiting in the cybersecurity and tech spaces, one of the most notable of which is the proliferation of candidates who either don’t exist entirely or who aren’t who they claim to be.
Companies have embraced digital channels and processes to streamline recruitment and onboarding, saving time, money, resources, and extending opportunities to workers who are not bound by geographical red tape. However, with virtual interviews and remote onboarding now the norm, hiring managers face the risk of encountering credible, convincing fake candidates.
While it’s easy to view these evolving situations as nothing more than a nuisance, the security and operational risks for organizations posed by fake candidates should not be ignored.
The growing problem of fake job candidates
It’s not easy to quantify the exact scale and severity of this growing recruitment issue, but reports from various industries suggest that the problem is widespread across a broad spectrum of sectors. Some hiring managers estimate that large amounts of the resumes and applications they receive for remote job vacancies show signs of being tied to sophisticated, calculated fraud or social engineering schemes.
Receiving an influx of fake candidates and applicants is time-consuming for Human Resources and recruitment departments, but if these functions are not inherently cyber-aware, the consequences can be particularly devastating.
The FBI has even issued warnings about AI-generated “deep fakes” being used to apply for remote job positions. The use of this technology may not be common in most cases, where fake profile pictures and refusing to turn on cameras can be enough to make an application seem convincing and legitimate. However, this presents a further problem, as the FBI has also warned that some applicants have used stolen Personally Identifiable Information (PII) to progress through pre-employment background checks and screening processes.
How to spot signs of possible fraudulent applicants
To safeguard their organizations’ operations, data, and staff, hiring managers must be vigilant and cognizant of the common warning signs associated with fake job applicant scams.
These include:
- Unrealistic workplace adjustments: Fake applicants may mandate that they need a surplus of company-owned equipment or accommodations to do their jobs, which may alert hiring managers to suspicious activity. They must - under the law - make reasonable adjustments for legitimate candidates with specific conditions to help them perform at their best, but this is harder to do when the candidate’s identity is masked.
- Pristine, squeaky-clean resumes: Fake candidates often tailor their resumes to match the job requirements exactly. Sometimes, applications can feel overly perfect and unrealistic.
- Reluctance to use video: Candidates who refuse to turn on their cameras or who only communicate via messaging applications may be hiding their true identity.
- Evasive behavior: Fraudsters may avoid or fail to answer personal questions about their work history, as they may be disguising themselves as someone else for the purposes of a job application.
- Inconsistencies: Hiring managers can invariably spot signs of a fraudulent applicant when there are notable discrepancies between social media profiles, resumes, verbal accounts of work history, and fraudulent supporting material or certifications.
- Background check issues: Legitimate candidates will invariably be willing to undergo standard background screening, whereas fake applicants may appear more hesitant.
- Unusual requests: Candidates may insist on unusual employment arrangements when submitting an application for full-time employment, such as immediate access control or elevated user permissions.
- Use of Voice Over IP (VOIP) numbers: Fake applicants may use Internet-based or disguised phone numbers rather than legitimate landlines or cellphones.
Why do people submit fake job applications?
The motivations behind fraudulent, falsified, and embellished applications can vary from perpetrator to perpetrator, but understanding them can help organizations implement the right security and verification measures to safeguard themselves.
Unqualified candidates may seek to bypass location or visa barriers to earn a job, so they may attempt to disguise who they really are. Some fake job applicant scams may be calculated as part of a wider outsourcing scheme, which sees groups of individuals working in tandem to secure a position, with work being distributed among them.
More worryingly, fraudsters may appear authentic and deceive hiring managers into thinking they are legitimate, whereas they may have stolen personal information to apply for positions. The hiring manager and organization may be completely unaware if their background check and identity verification processes are not up to scratch.
Certain bad actors may attempt to infiltrate a particular organization’s systems, networks, and data as part of a corporate espionage effort, which could leave the employer in disarray if a breach is discovered and they were found to have not secured their infrastructure correctly.
The risks of pursuing false candidates
Hiring a fake candidate may be unlikely, but doing so presents serious potential consequences, including:
- Exploited security vulnerabilities.
- Stolen data and intellectual property.
- Compromised company, staff, shareholder, and partner information.
- Legal liabilities and sanctions.
- Financial losses stemming from fraud or theft.
- Team demoralization.
- Hampered efficiency and productivity.
- Operations and supply chain disruption.
- Penalties for data protection non-compliance.
- Wasted resources, time, money, and effort.
How to overcome the risks of fake applicants
The most effective solution to minimize the risk and impact of fake job applicants is for organizations to take several steps when vetting and verifying their candidates and their applications.
- Implement strict measures to vet candidates via video interviews and using remote ID verification software. Enforce that video interviews are mandatory, and failing to comply will render an application void.
- Partner with reputable background check service providers to thoroughly and conclusively verify a candidate, including their identity, employment history, education, third-party qualifications, and social media profiles.
- Use services to authenticate a candidate’s contact information, including their name, addresses, and phone numbers.
- Develop a comprehensive interview process with multiple team members included in the process, taking note of their perspectives and insights.
- Use secure applications to verify legitimate identity documents against known databases and repositories in cases of high-profile criminal activity.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwire.
