How to Improve Security in Hiring Processes

Candidate fraud is becoming its own full-time job to manage. It feels like every recruiter I know has a wild story from the last six months. Fake resumes. People using AI to answer interview questions in real time. Full-blown imposters taking technical interviews or, even worse, showing up on day one after getting hired. One recent study reported a 92 percent increase in fraudulent candidates since 2022, and projections show that with AI adoption, this could climb another 30 to 50 percent. Fraud in recruiting isn’t new, but the scale and sophistication definitely are. Here are some things that my network and I have incorporated into our processes that actually work at catching bad actors early: • 𝗦𝘁𝗮𝗿𝘁 𝘄𝗶𝘁𝗵 𝗯𝗲𝘁𝘁𝗲𝗿 𝘁𝗼𝗼𝗹𝘀: Many ATS platforms now offer fraud detection as an add-on feature, and new tools like tofu help flag suspicious profiles upfront. Huge time saver. • 𝗥𝗲𝗱𝘂𝗰𝗲 𝗮𝘂𝘁𝗼-𝗮𝗽𝗽𝗹𝘆 𝘀𝗽𝗮𝗺: AI auto-apply tools are flooding pipelines. Work with your ATS and IT teams to block domains that are clearly mass-application bots. • 𝗔𝗱𝗱 𝗮 𝗽𝗿𝗲-𝘀𝗰𝗿𝗲𝗲𝗻 𝘀𝘁𝗲𝗽 𝗯𝗲𝗳𝗼𝗿𝗲 𝗮𝗻𝘆 𝗹𝗶𝘃𝗲 𝗶𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄𝘀: A simple video intro request weeds out a shocking number of questionable candidates. Most bad actors never submit anything, and the ones who do tend to be easy to flag. • 𝗨𝘀𝗲 𝗭𝗼𝗼𝗺 𝗮𝘀 𝘁𝗵𝗲 𝗱𝗲𝗳𝗮𝘂𝗹𝘁 𝗳𝗼𝗿 𝗵𝗶𝗴𝗵-𝗿𝗶𝘀𝗸 𝗿𝗼𝗹𝗲𝘀: This allows IT/security to verify IP addresses and confirm basic location info. • 𝗔𝘀𝗸 𝗵𝘆𝗽𝗲𝗿-𝗹𝗼𝗰𝗮𝗹, 𝗿𝗲𝗮𝗹-𝗹𝗶𝗳𝗲 𝗾𝘂𝗲𝘀𝘁𝗶𝗼𝗻𝘀: If someone claims they lived in NY for ten years, they’re going to know the code of their preferred airport without hesitation. Same with local sports teams or college mascot. Real candidates answer instantly. Fraudsters need time to stall and panic google the answer. • 𝗔𝗱𝗱 𝗶𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄 𝗿𝗲𝗰𝗼𝗿𝗱𝗶𝗻𝗴: Tools like BrightHire, Metaview, and ATS-native recording features in Ashby or Kula help add another layer of protection as cheating in interviews has become extremely common. • 𝗦𝘁𝗿𝗲𝗻𝗴𝘁𝗵𝗲𝗻 𝗽𝗿𝗲-𝗯𝗼𝗮𝗿𝗱𝗶𝗻𝗴 𝘃𝗲𝗿𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗽𝗿𝗼𝘁𝗼𝗰𝗮𝗹𝘀: Double down on ID checks, verification steps and flags for anyone who asks to send equipment somewhere that doesn’t match their application details. These inconsistencies are usually early indicators of a bigger problem. The fraud problem isn’t going away, but neither is the TA community’s ability to adapt. If you have other tactics, tools or red flags you’ve seen, drop them in the comments.

By 2028, 1 in 4 job candidates worldwide will be fake. That's not a prediction. It's from Gartner. At Deel we're seeing a significant rise in applications, and specifically in Engineering there are larger spikes of fake candidates. Stay vigilant! What's happening? Scammers are scraping LinkedIn profiles and company staff lists. They're building convincing fake candidate profiles. Real-looking faces, real-sounding credentials, real video calls powered by AI. This is impacting remote roles! When they are hired, they walk remotely straight into your systems, not office. Your proprietary data. Your business records. Your customers' personal information. So what should companies actually do? Verify identity before day one. Video interviews aren't enough anymore. Use layered identity verification to spot fraud detection. Don't simply rely on this, ensure background checks, government ID checks, liveness detection, and third-party background screening that goes beyond a CV. cc Neev Wilf and the Clarity team. Thank you for your partnership. Train your hiring teams. Recruiters need to know the signs: slight video lag, unnatural blinking, audio that doesn't quite sync. Deepfake detection is now a hiring skill. Build a compliant global onboarding process. Ad hoc remote hiring with no structured verification is where the gaps appear. Process beats panic every time. The companies that win are the ones who hire globally and verify rigorously. Don't let a fake face cost you a real fortune.

If your business hires people, your hiring process is part of your attack surface. The hiring process is built on trust, urgency, attachments, links, and conversations with strangers. That makes it attractive to attackers. It’s already being exploited. Recent incidents: ↪ Résumés with malicious ISO attachments are circulating. ↪ Fake candidates send links that install malware. ↪ North Korean APTs run IT worker scams. HR teams handle files from unknown people and click links to portfolios every day. That's the job. It's also the risk. Safer hiring workflows can reduce exposure: ➔ Open résumés in isolated environments. ➔ Use least-privilege access for recruiters. ➔ Verify candidate identity before any access. ➔ Educate teams on common attack methods. Hiring workflows deserve the same security attention as finance and IT admin access. Worth reading: ➢ CSO Online: "Resumes with Malicious ISO Attachments": https://lnkd.in/gVju8BuT ➢ Help Net Security: "HR Recruiters Targeted with Malware": https://lnkd.in/gkWpcGBg ➢ Dark Reading: "North Korean APTs Use AI in IT Worker Scams": https://lnkd.in/gn-AP6X4 #Cybersecurity #HRSecurity #RecruitingSecurity #PhishingAttacks #CyberRisk 

Fake candidates are flooding inbound channels right now…… If you’re a founder, CISO, or internal TA leader it’s not just you. This is happening across the US at scale. I’m speaking daily with hiring teams at some of the most respected cybersecurity companies in the market. Many are now on high alert. What’s actually happening? - AI-generated resumes tailored perfectly to job specs - Stolen GitHub portfolios / recycled project work - Candidates unable to explain 'their' own tooling or detections - Deepfake / proxy interview scenarios starting to creep in - Do final interviews in person where possible. If your hiring model is built on inbound applications and keyword screening… you’re exposed. What’s working: - Move away from over-reliance on job adverts for critical hires - Introduce early technical gates (live, observed problem solving & not take-homes) - Build known talent pools you’ve already vetted over time (more valuable than ever) - Backchannel references before final stages - Partner with niche specialists who operate in-network, not in-volume The best hiring teams aren’t reacting to this. They are already moving to controlled pipelines. Inbound is now the least trustworthy part of the funnel. If you’re hiring & want to know where your process falls down drop me a message on LinkedIn or ask below. I’ll tell you exactly where it breaks.

If you or anyone you know is job hunting, read this! There’s a new - and frankly unsettling - tactic emerging in the threat landscape that professionals in tech, recruiting, and security should be aware of. Threat actors are now posing as legitimate employers and guiding candidates through seemingly normal hiring pipelines… right up to the live interview stage. Here’s where it gets dangerous: Candidates are invited to a Zoom interview that includes a “coding exercise.” Nothing unusual on the surface - until they’re asked to run provided code, install a dependency, or share their screen while interacting with a prepared environment. That’s the trap! The exercise environment or instructions are weaponized. In some reported cases, candidates unknowingly execute malicious scripts, expose sensitive local data, or grant access that enables compromise of their machine or accounts. Why this works: * It exploits trust in the hiring process * It targets technically capable individuals (high-value access) * It happens in real time, under pressure, with lowered skepticism Red flags to watch for: * Being asked to download or run code from unfamiliar, unverified sources * Interviewers pushing you to disable security controls or “just trust the setup” * Unusual urgency or pressure during technical exercises * Requests to access local files, system info, or credentials unrelated to the task What you can do: * Treat interview environments like production: verify everything * Use isolated environments (VMs, containers, or throwaway machines) * Never run unknown code on your primary system * Ask questions—legitimate companies won’t object to reasonable security caution This is social engineering evolving to meet modern workflows. The hiring process itself is becoming an attack surface. Would you recognize this in time? Have you or anyone you know encountered this firsthand? Stay sharp out there! #CyberSecurity #InfoSec #ThreatIntelligence #SocialEngineering #CyberThreats #Malware #Phishing #SecurityAwareness #TechCareers #JobSearch #RemoteWork #Zoom #Hiring #Developers #ITSecurity #DigitalTrust #CyberDefense #SecurityCulture

After hiring hundreds of people, here's the most important thing I've learned to increase your hiring hit rate: Treat talent acquisition as the new risk mitigation department. We have strategies for crafting targeted JDs, we use filtered friction to qualify candidates before they get near an interview, and we have a specific way to build interview questions that actually evaluate expertise. BUT…none of that beats making someone prove they are who they say they are. We call this the demonstration of value. With AI, anyone can look up buzzwords, nail an interview, and sound like exactly what you're looking for. That doesn't mean they can do the job. So whether it's a live skills assessment, having them share past documentation, or a combination of both, you have to verify capability and experience before you make the hire. The amount of risk you mitigate in the hiring process will be equally proportionate to the success you have once they're in the seat. Next time a hire doesn't work out, get honest with yourself about whether you actually mitigated the risk before bringing them on.

𝗥𝗲𝗺𝗼𝘁𝗲 𝗵𝗶𝗿𝗶𝗻𝗴 𝗷𝘂𝘀𝘁 𝗴𝗼𝘁 𝗿𝗶𝘀𝗸𝗶𝗲𝗿. A security startup nearly hired 𝘁𝘄𝗼 𝗳𝗮𝗸𝗲 𝗲𝗻𝗴𝗶𝗻𝗲𝗲𝗿𝘀 using 𝗔𝗜 𝗱𝗲𝗲𝗽𝗳𝗮𝗸𝗲 𝗺𝗮𝘀𝗸𝘀. Here’s how they caught them—and how you can protect your hiring process. 𝗪𝗵𝗮𝘁 𝘄𝗲𝗻𝘁 𝘄𝗿𝗼𝗻𝗴? • The resume + coding skills were perfect—too perfect. • The candidate spoke zero Polish (despite claiming to be from Poland). • AI disguise glitch → They refused to put a hand in front of their face on video. 🔎 𝗛𝗼𝘄 𝘁𝗼 𝘀𝗽𝗼𝘁 𝗔𝗜 𝗳𝗮𝗸𝗲𝗿𝘀: 1️⃣ 𝗡𝗼 𝗳𝗶𝗹𝘁𝗲𝗿𝘀 𝗮𝗹𝗹𝗼𝘄𝗲𝗱 – Ask candidates to disable all video effects. 2️⃣ 𝗗𝗼 𝘁𝗵𝗲 “𝗵𝗮𝗻𝗱 𝘁𝗲𝘀𝘁” – AI avatars struggle with physical gestures. 3️⃣ 𝗩𝗲𝗿𝗶𝗳𝘆 𝗶𝗱𝗲𝗻𝘁𝗶𝘁𝘆 𝗲𝗮𝗿𝗹𝘆 – Cross-check digital footprints & request live verifications. 4️⃣ 𝗥𝗲𝗰𝗼𝗿𝗱 𝗶𝗻𝘁𝗲𝗿𝘃𝗶𝗲𝘄𝘀 – Review footage for odd facial movements. 5️⃣ 𝗧𝗿𝘂𝘀𝘁 𝘆𝗼𝘂𝗿 𝗴𝘂𝘁 – If something feels off, dig deeper. This is a 𝘄𝗮𝗸𝗲-𝘂𝗽 𝗰𝗮𝗹𝗹 for all recruiters and hiring managers. The risks are real, and the consequences could be massive—especially in security and tech. How is 𝘆𝗼𝘂𝗿 𝗰𝗼𝗺𝗽𝗮𝗻𝘆 preparing for this new AI hiring challenge?

Spotting fake candidates in interview processes. The issue: - Stolen identities. - AI Deepfake interviews. - Heavily eddited resumes bypassing ATS. - Candidate passes the interview, another works the role. I typically break down a solution into 4 key phases: Application process: - Verify LinkedIn - established history & activity, organic recommendations? - Identify sudden jumps between unrelated tech on CV with no transition. - Look for identical formatting structure across multiple applied candidates. Screening & Interview process: - Always conduct onsite if possible. - Use collaborative practical exercises & tests vs just theory. - Ask candidates to explain past real-world decisions and failures in depth. Offer & Onboarding: - Restrict account / device sharing for new starters. - Monitor sudden communication/personality changes. - Mandatory government ID verification before offer made. Final checks: - Background checks to include: I-9, SSN & Address history verification. - Reference check ex-employers, ensure you can find the references LI profile. - Due diligence on where this candidate come from: were they a referral or someone previously placed, or someone completely new who applied? Reality is, there will always be someone who manages to slip through process. But as a minimum your partners should be implementing the above to support in reducing the risk considerably. Xinova Group

What percentage of applicants are fraudulent? I was shocked to learn that it's around 30-50% (especially for remote roles!) Misrepresenting skills, lying about experiences, or fake reference are nothing new - this is why companies have methods in place to validate skills through assessments, verify the identity of references, etc. But the current state - different people showing up throughout the interview, the person who shows up on day one being a different person from the one who interviewed, people using AI filters to misrepresent their identity or to feed them answers to try and game an interview is a new challenge. Of course some folks are just trying to game the system to land a job in a difficult job market. But there are also bad actors who are looking to gain access to private data or destroy systems and that's a huge risk for employers (and all of us who trust these companies to protect our data). This was a big topic of discussion at Talent Connect this week, and here's what some companies are doing: - Checking email history - Checking for VPN usage - Using IP addresses to verify location - Using AI screeners that also monitor for use of additional tools, whether you're reading from a script, etc. - Asking candidates to share their background or share their entire screen - Checking your LinkedIn - Using tools like CLEAR or ID me to to verify identify - Recording interviews or taking pictures of candidates at each stage - Having people show their ID on screen and using facial recognition software to ensure a match - Requiring an in person interview as part of the job, even if the job is remote Does some of this feel invasive to an applicant, particularly when most people are doing the right thing and just trying to get a job? Yes, I would imagine so. Do I think companies are going to prioritize candidate experience at the expense of their own security? Absolutely not. The risk of a company accidentally hiring a bad actor is far greater than them declining someone great for their role who doesn't like their hiring process. My advice to jobseekers: 1. You need to do your due diligence.  Multiple times every day, I see people falling for scams. And some of the practices above are great ways for scammers to take advantage of jobseekers. So before actually clicking links, showing your ID, or taking an interview, make sure you're communicating with a legitimate employer. 2. Maintain an active LinkedIn.  Include a profile picture, post every now and then, have connections from former employers or classmates. 3. Decide what you're comfortable with Personally, if I want to work at a company and trust that company, I'm gonna do the AI interview or their ID verification. If you don't want to, that's OK, but know it could mean being disqualified. 4. Don't do things that make you look fake If your application looks like the ones submitted by bots, they may assume you're a bot.

Hackers and scammers are now hiding inside job applications. That’s not paranoia. That’s FIN6, a cyber-crime group that’s weaponising fake resumes to infect recruiters. Here’s how they do it: Who is FIN6? FIN6, also known as Skeleton Spider, is a financially motivated cyber-crime group. They started by targeting payment-card systems (POS) to steal card data. These days, they are going after HR teams by pretending to be job seekers on LinkedIn and Indeed. Their tactic? Build trust first: they send well-crafted “job application” messages, then follow up with phishing emails that contain a non-clickable resume link. Why you should care? -As recruiters or hiring managers: don’t trust every LinkedIn message even if it looks legit. -Pause before you click a URL into your browser… especially if it came in a resume email. -Verify people: call the “applicant” through another channel, check their references, don’t just click. -Train your team: teach HR to spot unusual resume sites, unexpected ZIPs, or “please type this long link manually” emails. #CyberSecurity #CyberCrime #HumanBehaviour #SocialEngineering #JobScam #RecruitmentFraud #CyberAwareness