Candidate fraud 101: What it is and what you can do about it

We talked to TA leaders at companies across industries and tapped our product team who's building Gem's fraud detection tools to get their take. What we heard was clear: it's becoming a systemic threat to hiring operations and company security.

According to Gartner, by 2028, one in four job candidate profiles worldwide will be fake. Not embellished. Fake. Entirely fabricated identities, AI-generated work samples, deepfake video interviews designed to deceive hiring teams.

If that sounds far-fetched, consider this: The FBI & CrowdStrike report that North Korean actors have infiltrated hundreds of companies, creating both immediate security breaches and potential legal exposure.

This isn't a future problem. It's happening now, at scale, across the recruiting industry. Fraudulent applications aren't just annoying. They create security threats and waste hours of recruiter time that should be spent building relationships with real candidates.

Why candidate fraud is exploding 

Three forces converged to create the perfect conditions for fraud to flourish:

1. Remote hiring removed physical verification. Virtual interviews, digital document submission, and online assessments created opportunities for deception that simply didn't exist when everyone met face-to-face.

2. AI made fraud accessible. Creating a fake candidate profile used to require sophisticated technical skills. Now it takes minutes and is freely available with AI tools. Deepfake software, AI-generated resumes, fabricated portfolios — it's all remarkably easy to produce.

3. Application volumes exploded. Recruiters are now handling nearly 3x as many applications as they were in 2021. When you're drowning in volume, it's harder to spot the red flags.

What candidate fraud looks like

Fraud exists on a spectrum. On one end, you have minor resume embellishments, like inflated job titles and exaggerated skill proficiency. These have always existed.

On the other end, you have organized fraud operations: stolen identities, proxy interviewees who take assessments on behalf of unqualified candidates, and state-sponsored actors using fake credentials to infiltrate companies. In May 2024, the Department of Justice revealed that more than 300 U.S. companies had unknowingly hired IT workers tied to North Korea, generating at least $6.8 million in overseas revenue.

Most fraud falls somewhere in between:

• Mass applications: Bot-driven spam flooding application systems

• Fake applicants: Fabricated identities with AI-generated profiles and recent LinkedIn accounts

• Stolen identities: Bad actors impersonating real people using stolen PII (personal identifiable information)

• Candidate cheating: Real people using unauthorized help (proxy test-takers, ChatGPT for assessments, someone else doing interviews)

• Organized / State-sponsored fraud: Coordinated operations with sophisticated deepfakes, often tied to foreign governments

The business risk and costs of candidate fraud

When fraud makes it past your screening process, the consequences extend far beyond a bad hire. Here's what's actually at stake:

Security breaches: Fraudulent hires gain access to sensitive systems, intellectual property, and customer data. Once inside your network, they can exfiltrate confidential information, install malware, or create backdoors for future exploitation. The DOJ case involving North Korean IT workers revealed that these actors had access to company systems for months or even years before detection.

Legal and compliance exposure: Hiring sanctioned actors can create legal violations with significant fines. Companies aren't just dealing with a bad hire – they're potentially violating federal law.

Operational disruption: When someone who faked their credentials finally starts work, the impact ripples across teams. Projects stall, deadlines are missed, and other team members scramble to compensate for work that isn't getting done. 

Wasted investment: By the time you discover fraud, you've already spent significant time and money on screening, multiple interview rounds, background checks, and onboarding. Then you start the entire process over, extending time-to-fill and putting additional pressure on your already stretched recruiting team.

Why traditional approaches can’t keep up

Traditional background checks happen too late in the process. Don't get us wrong — steps like I-9 verification and background checks are critical parts of hiring compliance. But they occur after you've already invested significant time screening, interviewing, and evaluating a candidate. They're designed to verify someone is who they claim to be at the point of hire, not to detect sophisticated fraud during the interview process itself.

While recruiters can manually check IP addresses, LinkedIn accounts, and phone numbers for red flags earlier in the funnel, this approach doesn't scale. Asking recruiters to spot deepfakes, AI-generated content, and suspicious digital footprints while managing 40% more open roles than they did three years ago? That's not a sustainable strategy.

What works

Build verification into your workflow, not around it. The best fraud prevention doesn't add extra steps for recruiters or create friction for legitimate candidates. It happens automatically as candidates move through your process — flagging suspicious patterns, highlighting inconsistencies, and surfacing potential concerns without derailing the candidate experience. Recruiting technology is starting to build out capabilities in this arena, and Gem is launching its own fraud detection agent to help you flag suspicious activity before it becomes a problem. You can read more about the announcement and sign up for the waitlist here.

Train your team on red flags. Technology helps, but human judgment still plays a crucial role in decision-making.

Make sure recruiters know what to watch for: 

• Overly polished responses that lack personal detail

• LinkedIn profiles created recently with minimal connections

• Disposable/suspicious email domains

• Reluctance to turn on cameras or perform simple verification tasks,
  Inconsistencies between written and verbal communication

• Employment histories that don't add up when you dig deeper.

Take initial screenings with cameras on. Video verification is one of the simplest ways to confirm candidate identity early in the process. Require cameras for all initial phone screens and subsequent interviews, and watch for red flags like candidates who consistently have "technical difficulties" with their camera or whose appearance changes significantly between calls. While legitimate candidates may occasionally have connectivity issues, patterns of camera avoidance warrant deeper investigation. This practice also helps you spot potential deepfake technology or proxy interview situations before you've invested significant time in the hiring process.

Have an on-site onboarding process. Even for remote roles, requiring new hires to complete their first day or first week onboarding in person provides a final verification checkpoint. This allows you to confirm identity documents in person, ensure the person who shows up matches the person who was interviewed, and establish a foundation of trust before they begin working remotely. 

For companies hiring internationally or across large distances, consider regional onboarding hubs or a partnership with co-working spaces that can facilitate identity verification. The upfront investment in bringing someone on-site pays off by catching fraud before it impacts your business operations or compromises sensitive data.

The big picture

Fraud isn't going away. However, with the right systems and training, you can protect your organization without disrupting the experience for the 99% of candidates who are exactly who they claim to be.

The companies that address this problem now will protect themselves from security threats, compliance risks, and countless wasted hours.

How Gem is combating candidate fraud

Gem is taking a comprehensive approach to helping our customers tackle candidate fraud. 

We recently announced more details of what we’re building and are inviting teams to sign-up for our waitlist. They will be the first ones to know when Gem’s Fraud Detection agent is available. 

What we're building: 

There are several ways to combat candidate fraud, but we believe the most effective approach is to stop fraudulent applications before you even begin engaging with candidates (i.e., at the application stage). This approach also preserves a smooth, uninterrupted candidate experience, saves recruiters time, and prevents teams from wasting time interviewing the wrong candidates. 

Gem's Fraud Detection Agent will catch fraudulent applications before they waste your team's time or become security threats.

1. Automatic fraud detection: The agent scans every application as soon as it's submitted, evaluating risk without any manual recruiter intervention.

2. Evaluates fraud risk, not just signals: Most solutions just flag suspicious signals and leave you to figure out what they mean. Gem provides complete risk assessments with clear levels (high, medium, low) and 90%+ accuracy.

3. Zero added friction: Fraud detection runs automatically where you already review applications. No new tools for recruiters to learn. No ID uploads or biometric verification for candidates. 

4. Full recruiter control - Recruiters make the final decision on every candidate with full transparency. The agent flags suspicious applications and explains exactly why, but you make the final decision on whether to advance or reject.

5. Flexible deployment - Enable fraud detection per job, allowing you to control which roles require it based on risk level and application volume.