Background Verification Services

Candidate fraud is rampant. Some recent examples I've seen: - fake candidates using the resume/LinkedIn of real people - people using AI filters in interviews - people fabricating experience on their resume - different people showing up at different stages of interviews Companies are already doing many of the following to catch fraud: - checking IP addresses for a match between the stated location and app location - checking for VPN usage since this could indicate someone is attempting to hide their location - checking for unusual behaviors like an app that should take 15 minutes being submitted in 30 seconds as an example indicating an AI-generated app vs human-generated one. - checking the age of your email address - checking the account behind your phone number - reviewing your LinkedIn account to see how it matches the content of your resume - contacting you via LinkedIn to ensure you are the person who applied - checking your previous applications to the company for consistency across experiences - recording interviews or taking pictures at each stage to verify the same person is showing up - verifying the identity and IP address of your references - holding on site interviews, even for remote jobs - running more thorough background checks and employment verifications Most companies recognize that some of the above "flags" will be present in legitimate candidates. For example, VPN use is quite common for many in tech, lots of people use phones that may show a parent or partner's name on the account, you might be applying while on vacation, etc. But if multiple flags are present, they may decide the risk is too great and simply move on the next candidate. So if I were applying right now, I would: 1. Be aware of the above when applying. 2. Put a picture on your profile (this may minimize the chances of someone using your name/profile to apply for jobs and also helps employers verify you are in fact the person on the interview). 3. Consider the content on your public social media profiles - companies will be checking more and more to mitigate their risks, and that means they'll have more line of sight into you how you think about the workplace, your expertise, etc. Make sure this is additive, rather than something that raises flags. Finally, I'll note that the common responses I see to the above are things like, "well employers made this an issue by making it so hard to get a job". And while I could have a conversation about why this is illogical, it's honestly just not even worth a discussion. Because no company is sitting there right now thinking, "gosh, people are struggling to navigate this job market, let's just open ourselves up to risk." They're just not. Their priority is to minimize risks. Hiring a fraudulent candidate with bad intentions could put their entire company at risk and they aren't going to do that. So if you're navigating a job search - especially for remote tech jobs, keep this in mind, and adjust accordingly.

A VP of recruiting told me they caught 200 North Korean state-sponsored actors trying to land jobs at their company in the last 12 months. The FBI has issued multiple warnings. Fraud in hiring has officially reached a breaking point. These aren't amateur scammers. They're real engineers with real skills using fake identities that cost less than $100. They proxy their IP addresses through the Midwest so you can't tell where they're actually located. Once hired, they build security backdoors, steal IP, and gain access to sensitive data. They're targeting engineering roles and customer service positions - anywhere with data access. And that's just one type of fraud. Here's what I keep hearing from recruiting leaders: 1. Mass AI applications are flooding the top of the funnel Candidates are using AI to apply to hundreds of jobs at once. The barrier to entry has collapsed. This alone isn't catastrophic if you have good screening technology. But it's creating noise that makes everything else harder to detect. 2. Resume misrepresentation has become systematic Candidates use AI to tailor resumes to exact job requirements, inserting skills and experience they don't have. On paper they look perfect. Then you hop on a call and their skills clearly don't match. Recruiting teams are now cross-referencing LinkedIn with resumes just to see if things smell right. 3. Interview fraud is getting sophisticated Some candidates have other people interview on their behalf. Others use AI to cheat in real-time. For video calls, teams are asking candidates to put their hand in front of their face. It breaks the deep fake. 4. In-person verification is making a comeback The Wall Street Journal reported that fraud is accelerating return-to-office interview policies. For remote companies, requiring in-person onboarding serves the same purpose. If candidates know they'll eventually meet face-to-face, fraudsters often move to easier targets. 5. Upfront disclosure is your best deterrent Tell candidates in the first round: we verify employment, we verify education, we will speak with previous direct managers. Fraudsters self-select out. They'd rather find an easier target than risk exposure. Smart companies make the cost of fraud visible before the process even begins. Because right now, the barrier to committing hiring fraud is lower than it's ever been. Your job is to raise it. P.S. This is from my full conversation with James Mackey on State of Hiring. Watch it here:  https://lnkd.in/gKSWc5Eg

Illinois HR Teams should know that SB 2339 was passed on October 30, 2025, which expands the Right to Privacy in the Workplace Act. The bill is now on Gov. Pritzker's desk and will immediately take effect once signed. The law creates new rules around employment eligibility verification (like E-Verify), privacy, and employer responsibilities. Here is the bill status: https://lnkd.in/etkmnRtR What HR needs to know: E-Verify & Employment Verification Systems ▪ Previously, employers could voluntarily use E-Verify with notice, training attestation, and recordkeeping. ▪ SB 2339: Prohibits employers from imposing checks beyond federal E-Verify rules, protects employees from extra document requests and pre-screening (amended 820 ILCS 55/10). Handling Discrepancies ▪ Previously, adverse action based on agency/third-party discrepancy notices were at employer discretion, with only minor penalties (820 ILCS 55/10, 820 ILCS 55/5-6). ▪ SB 2339: No adverse action solely on third-party mismatch (ex: SSA or IRS) unless from federal immigration authorities; higher penalties and new private right of action (820 ILCS 55/10(b-5)). Notification Requirements ▪ Previously, limited obligations to notify affected employees of adverse verification findings or rights to contest tentative non-confirmations. ▪ SB 2339: Employers must provide detailed written notice to employees (and their representatives) within five business days of any negative finding, informing them of the issue, timeline to contest, upcoming meetings, and representation rights. They must also post official government notices about E-Verify rights in visible workplace location. Local Government Preemption ▪ Previously, individual municipalities and counties could enact tougher employment verification rules. ▪ SB 2339: State law now overrides all local rules—verification now standardized statewide (amended 820 ILCS 55/10(d)) Penalties and Good-Faith Defense ▪ Previously, violations were classified as petty offenses, with limited fines and little civil recourse for affected employees. ▪ SB 2339: Violations are subject to more severe civil penalties, compensatory damages, and attorney’s fees. The law provides legal safe harbor for employers who act in good faith reliance on guidance from the Illinois Department of Labor or DHS, or who make honest administrative errors that do not affect employment or pay. (820 ILCS 55/18) Tips for HR: 1) Update E-Verify practices to only follow federal rules for employment verification—no extra checks or pre-hire document requests. 2) Notify employees of negative findings in writing within 5 days and post E-Verify rights. 3) Train HR teams to recognize the difference between valid federal agency notices and third-party ones not covered by immigration enforcement If you have more info or comments, please share below. Thanks! #EVerify #Immigration #EmploymentLaw #HR

Candidate fraud is becoming a real challenge in today’s hiring landscape. We’re moving far beyond simple résumé embellishments. Talent teams (like mine) are now confronting falsified identities, AI‑generated résumés, coached answers, and even full proxy interview setups. Fraud is particularly prevalent in remote and high‑volume hiring, where identity is harder to verify consistently. Real World Examples: • Fake résumés and identities blocked at scale Amazon reported blocking more than 1,800 job applications from suspected North Korean operatives posing as legitimate candidates to infiltrate remote tech roles. • Deepfake job candidates passing video interviews Fraudsters are now using AI‑generated videos and audio to impersonate real people, enabling them to “attend” interviews undetected. This has become one of the top emerging fraud threats for employers in 2026. • Proxy interview schemes Some candidates hire stand‑ins to complete technical or behavioral interviews on their behalf (THIS BLOWS MY MIND 👿 ) — a trend that has sharply increased between 2023 and 2026. What happened to the simple value called integrity? • Mass‑produced AI‑generated applications Automated tools can now generate polished, fabricated career histories and “perfect” responses, enabling candidates to apply at scale while blending fake profiles with real identities. So how do we stay ahead? Verify identity earlier — catching fraud early prevents wasted time and reduces exposure. Use AI for detection — behavioral analytics, voice/face matching, and credential verification tools can flag inconsistencies. Adopt structured interviews & skills‑based tests — harder for fraudsters to fake and easier to validate. Add layered verification checkpoints — a “defense‑in‑depth” model catches fraud at multiple stages without overwhelming candidates. Fraud is evolving fast — but so are our tools and strategies. With the right structure and vigilance, we can protect our hiring processes, our teams, and the trust that sits at the center of every great hire.

“Sorry, Benedetto, but I need to identify you,” the executive said. He posed a question: What was the title of the book Vigna had just recommended to him a few days earlier. Recently, a Ferrari executive was nearly deceived by a convincing deepfake impersonating CEO Benedetto Vigna but listened to his gut and stopped to verify that he was speaking with the real Vigna. This incident highlights the escalating risk of AI-driven fraud, where sophisticated deepfake tools are used to mimic voices and manipulate employees. Perhaps more importantly, how awareness of these threats can save your organization from fraud. The executive received WhatsApp messages and a call from someone posing as Vigna, using a different number and profile picture. The imposter's voice was a near-perfect imitation, discussing a confidential deal and asking for assistance. Suspicious, the executive asked a verification question about a book Vigna recently recommended, causing the call to abruptly end. Key Takeaways: Verify Identity: Always confirm the identity of the person you're communicating with, especially if the request is unusual. Ask questions only the real person would know. (Teach this to your family as well, this applies to real world- not just business) Be Alert to Red Flags: Differences in phone numbers, profile pictures, and slight mechanical intonations in the voice can signal a deepfake. Continuous Training: Regularly train employees on the latest deepfake threats and how to spot them. Robust Security Protocols: Implement multi-factor authentication and strict verification processes for sensitive communications and transactions. As deepfake technology advances, it's crucial to stay vigilant and proactive. By fostering a culture of security awareness and implementing strong verification methods, we can protect our organizations from these sophisticated scams. Awareness matters. #cybersecurity #insiderthreat #Deepfake #AI #Fraudprevention #Employeetraining #Ferrari #Securityawareness #humanrisk

Fraudulent Candidates Are Everywhere—Here’s What We’re Doing About It Over the last few months, we’ve seen a huge rise in fraudulent applicants here at Tailscale. In some cases, as many as half of applicants on a job are not who they say they are. Yes, really. The good news: we’ve gotten very good at spotting it, and I wanted to share what I have learned. 🎯 Who’s a Target? -remote-first tech companies -companies with fully remote interview processes ❓ Why? Fraudsters are hoping they can: -impersonate someone else -use deepfake video or audio -bypass less-rigorous screening steps -eventually steal data or paychecks Basically, anywhere the hiring process happens behind a laptop, fraud is rising. 🛑 The Most Telltale Signs: -no profile photo (or a cartoon avatar- as much as we love them!) on LinkedIn -no connections or a brand-new LinkedIn account -application language suspiciously close to the exact verbiage in your job description -different name on the resume vs email vs LinkedIn (not just a nickname… literally different identities) -repeated applications even after being rejected -listing n/a in job posting questions to bypass or writing nonsensical answers ⚠️ Important: One flag alone does not mean fraud—but multiple flags together should absolutely make you pause and verify. Some Tips 👉 Message them on LinkedIn before the interview If the LinkedIn looks legit but something else feels off, send a message and ask them to confirm the interview time. If it’s a fraudulent applicant, 1 of 2 things might happen: 1) the real person responds (“um…who??”) 2) the scammer disappears Either way, you get clarity without wasting time. 👉 Email before the interview. You can literally say: “We’ve been seeing a lot of fraudulent applications—would you mind confirming X?” Most legitimate candidates won’t mind at all. 👉 For Engineers, ask for a GitHub link in your application questions & have them to add you to a private repo (takes 30 seconds). 👉 Use verification tools. We use tofu, and it’s been excellent. It can tell you: -if their email address or LinkedIn was created yesterday -whether the email matches the LinkedIn signup -if the phone number is tied to prior scams -whether the same resume shows up under multiple names at your company or the countless others in their network It’s worth the investment—especially if you’re remote and high-volume. 💡 Remember: Behind every scam attempt, there’s sometimes a real person whose identity is being abused. If you confirm something is fraudulent, be kind and send a quick InMail to the person. Most have no idea someone applied on their behalf. TL;DR Fraudulent applicants are here, they’re getting more sophisticated, and we’re not tolerating it. At Tailscale, we’re actively verifying identity, tightening processes, and investing in tools. If you’re a hiring manager or recruiter dealing with the same, I hope this helps. And if you’re a scammer thinking of applying here… please don’t. We’re onto you. 😉

Candidate fraud is becoming its own full-time job to manage. It feels like every recruiter I know has a wild story from the last six months. Fake resumes. People using AI to answer interview questions in real time. Full-blown imposters taking technical interviews or, even worse, showing up on day one after getting hired. One recent study reported a 92 percent increase in fraudulent candidates since 2022, and projections show that with AI adoption, this could climb another 30 to 50 percent. Fraud in recruiting isn’t new, but the scale and sophistication definitely are. Here are some things that my network and I have incorporated into our processes that actually work at catching bad actors early: • 𝗦𝘁𝗮𝗿𝘁 𝘄𝗶𝘁𝗵 𝗯𝗲𝘁𝘁𝗲𝗿 𝘁𝗼𝗼𝗹𝘀: Many ATS platforms now offer fraud detection as an add-on feature, and new tools like tofu help flag suspicious profiles upfront. Huge time saver. • 𝗥𝗲𝗱𝘂𝗰𝗲 𝗮𝘂𝘁𝗼-𝗮𝗽𝗽𝗹𝘆 𝘀𝗽𝗮𝗺: AI auto-apply tools are flooding pipelines. Work with your ATS and IT teams to block domains that are clearly mass-application bots. • 𝗔𝗱𝗱 𝗮 𝗽𝗿𝗲-𝘀𝗰𝗿𝗲𝗲𝗻 𝘀𝘁𝗲𝗽 𝗯𝗲𝗳𝗼𝗿𝗲 𝗮𝗻𝘆 𝗹𝗶𝘃𝗲 𝗶𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄𝘀: A simple video intro request weeds out a shocking number of questionable candidates. Most bad actors never submit anything, and the ones who do tend to be easy to flag. • 𝗨𝘀𝗲 𝗭𝗼𝗼𝗺 𝗮𝘀 𝘁𝗵𝗲 𝗱𝗲𝗳𝗮𝘂𝗹𝘁 𝗳𝗼𝗿 𝗵𝗶𝗴𝗵-𝗿𝗶𝘀𝗸 𝗿𝗼𝗹𝗲𝘀: This allows IT/security to verify IP addresses and confirm basic location info. • 𝗔𝘀𝗸 𝗵𝘆𝗽𝗲𝗿-𝗹𝗼𝗰𝗮𝗹, 𝗿𝗲𝗮𝗹-𝗹𝗶𝗳𝗲 𝗾𝘂𝗲𝘀𝘁𝗶𝗼𝗻𝘀: If someone claims they lived in NY for ten years, they’re going to know the code of their preferred airport without hesitation. Same with local sports teams or college mascot. Real candidates answer instantly. Fraudsters need time to stall and panic google the answer. • 𝗔𝗱𝗱 𝗶𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄 𝗿𝗲𝗰𝗼𝗿𝗱𝗶𝗻𝗴: Tools like BrightHire, Metaview, and ATS-native recording features in Ashby or Kula help add another layer of protection as cheating in interviews has become extremely common. • 𝗦𝘁𝗿𝗲𝗻𝗴𝘁𝗵𝗲𝗻 𝗽𝗿𝗲-𝗯𝗼𝗮𝗿𝗱𝗶𝗻𝗴 𝘃𝗲𝗿𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗽𝗿𝗼𝘁𝗼𝗰𝗮𝗹𝘀: Double down on ID checks, verification steps and flags for anyone who asks to send equipment somewhere that doesn’t match their application details. These inconsistencies are usually early indicators of a bigger problem. The fraud problem isn’t going away, but neither is the TA community’s ability to adapt. If you have other tactics, tools or red flags you’ve seen, drop them in the comments.

By 2028, 1 in 4 job candidates worldwide will be fake. That's not a prediction. It's from Gartner. At Deel we're seeing a significant rise in applications, and specifically in Engineering there are larger spikes of fake candidates. Stay vigilant! What's happening? Scammers are scraping LinkedIn profiles and company staff lists. They're building convincing fake candidate profiles. Real-looking faces, real-sounding credentials, real video calls powered by AI. This is impacting remote roles! When they are hired, they walk remotely straight into your systems, not office. Your proprietary data. Your business records. Your customers' personal information. So what should companies actually do? Verify identity before day one. Video interviews aren't enough anymore. Use layered identity verification to spot fraud detection. Don't simply rely on this, ensure background checks, government ID checks, liveness detection, and third-party background screening that goes beyond a CV. cc Neev Wilf and the Clarity team. Thank you for your partnership. Train your hiring teams. Recruiters need to know the signs: slight video lag, unnatural blinking, audio that doesn't quite sync. Deepfake detection is now a hiring skill. Build a compliant global onboarding process. Ad hoc remote hiring with no structured verification is where the gaps appear. Process beats panic every time. The companies that win are the ones who hire globally and verify rigorously. Don't let a fake face cost you a real fortune.

A real face can be fake trust. You think seeing a real photo makes it safe. It actually makes you more vulnerable. I’ve seen attacks where nothing looked “fake”… Because nothing was. → Real employee photos copied from LinkedIn → Executive headshots reused in fake profiles → Event pictures turned into scam identities → Deepfake images used to build instant trust The image is real. The identity is not. Here’s where it gets dangerous: → A “recruiter” reaches out → steals credentials → A “CEO” asks for urgent payment → money gone → A “vendor” updates bank details → funds redirected → A “colleague” asks for MFA code → access lost No malware. No hacking tools. Just trust… weaponized. Why does this work so well? → People trust familiar faces → Visuals reduce suspicion → Profiles look polished and legitimate → Social proof lowers defenses Humans verify faces faster than facts. That’s the gap attackers exploit. Red flags most people miss: → New profile, senior title → Low connections but high authority claims → Reverse image shows different names → Strange job history gaps → Urgent financial requests Small signals. Big impact. What actually reduces risk: →Verify identity, not appearance → Always confirm payments via voice → Use DMARC, SPF, DKIM for email security → Train teams on impersonation tactics → Limit public exposure of key employees → Monitor brand and identity misuse Smart companies don’t trust what looks real. They verify what is real. If money or access is involved → slow down and double-check. Because one trusted image… can open the door to a very real breach. What’s one check your team always does before trusting a request? Most scams don’t break systems. They break assumptions. Agree? ➕Follow Inga S. for more cyber content.

If your business hires people, your hiring process is part of your attack surface. The hiring process is built on trust, urgency, attachments, links, and conversations with strangers. That makes it attractive to attackers. It’s already being exploited. Recent incidents: ↪ Résumés with malicious ISO attachments are circulating. ↪ Fake candidates send links that install malware. ↪ North Korean APTs run IT worker scams. HR teams handle files from unknown people and click links to portfolios every day. That's the job. It's also the risk. Safer hiring workflows can reduce exposure: ➔ Open résumés in isolated environments. ➔ Use least-privilege access for recruiters. ➔ Verify candidate identity before any access. ➔ Educate teams on common attack methods. Hiring workflows deserve the same security attention as finance and IT admin access. Worth reading: ➢ CSO Online: "Resumes with Malicious ISO Attachments": https://lnkd.in/gVju8BuT ➢ Help Net Security: "HR Recruiters Targeted with Malware": https://lnkd.in/gkWpcGBg ➢ Dark Reading: "North Korean APTs Use AI in IT Worker Scams": https://lnkd.in/gn-AP6X4 #Cybersecurity #HRSecurity #RecruitingSecurity #PhishingAttacks #CyberRisk