Candidate Fraud Is Constantly Evolving - Your Strategy Should Be Too
The Growing Role Consulting Services Providers Can Play in the Battle Against Bad Actors
The hiring process has become the newest frontier for growing cyber threats. Scammers are becoming increasingly creative in their attempts to obtain valuable Personal Identifiable Information (PII), Intellectual Property (IP), and, of course, financial gain.
Yes, one unfortunate side effect of a more connected world and the advancement of technology is that these bad actors are more equipped than ever to put you and your organization at risk. As the parent company of multiple consulting and professional service providers specializing in IT and Compliance, we pride ourselves on being strong advocates for increased cybersecurity.
In addition to helping our clients mitigate the risk of these growing threats through our services, we also utilize our platform to raise awareness among the public of these tactics. Which is why we are breaking down the evolving threat of Candidate Fraud, from its definition to the typical red flags indicative of the scam, and how our recruiters can act as a first line of defense.
Understanding the Evolving Threat of Candidate Fraud
As an organization that conducts nearly 3,000 interviews per month, we are particularly familiar with the growing scam of Candidate Fraud.
The Traditional Definition of Candidate Fraud: A skilled employee acquiring multiple jobs and then outsourcing their work and responsibilities to a lower-level consultant. This skilled employee is then able to pay these accomplices a fraction of the salary and profit from the rest, all while their employer remains unaware of the arrangement.
However, with the increase in remote jobs, virtual interviews, and the introduction of AI, this scam is quickly evolving.
New Definition of Candidate Fraud: The intentional misrepresentation of one’s identity and/or qualifications by a job applicant to gain employment. Once employed, these bad actors will use their newly acquired access to steal classified documents or IP, install malicious malware or backdoors, and even engage in extortion.
Even worse, several government agencies and cybersecurity specialists have reported an increase in nation-state actors participating in these scams.
A New Breed of Candidate Fraudsters
Unlike a one-off individual, this new breed of fraudsters is often recruited and trained in dedicated universities, funded and protected by adversarial governments, and working in teams to increase their efficiency and effectiveness.
In fact, Candidate Fraud is getting so common that Gartner, a research agency, predicts that 25% of remote candidates may be bad actors by 2028.
Anyone Can Be Fooled
A jarring statistic, to say the least, but unfortunately, this type of fraud can happen to any organization. That includes leaders in the cybersecurity space, such as KnowBe4, the world’s largest Security Awareness Training and simulated phishing platform, which helps companies manage cybersecurity threats by creating a culture of awareness. In July 2024, KnowBe4 unknowingly hired a North Korean-sponsored bad actor for its internal IT AI team. Keep in mind, this bad actor made it through four (4) video interviews, a standard background check, and other pre-hiring screenings that all came back clear because the bad actor was using a stolen US-based identity. In the end, KnowBe4 was able to catch the threat and report it to the appropriate authorities before any actual harm was achieved. However, we and KnowBe4 still share this story to emphasize that these scams can happen to any organization, and they are only getting smarter.
Possible Early Indicators of Candidate Fraud
Lack of Eye Contact or Use of an Earpiece/Headset in the Interview
Technical Anomalies
No Camera/Refusal to Be on Camera
Utilizing a Blurred Background
AI-Modified Profile Pictures
Overly Scripted Responses
Resume Location Inconsistencies or Strange Wordings (e.g., Dallas, United States)
Unusual Urgency or Desperation
Gaps in Employment History Without a Valid Explanation or Timeline
Suspicious Online Accounts (LinkedIn, GitHub, etc.)
Stories From the Field: Trust Your Gut
Another excellent example of just how sophisticated this fraud and the tactics used to execute it have gotten can be seen in a video posted to LinkedIn by Dawid Moczadło, Co-Founder of VIDOC Security Lab. Dawid was in the middle of a technical interview (typically reserved for a later round after a candidate has passed an initial screening) when he noticed a few things were off.
Dawid’s alarm bells started to ring when he realized many of the candidate’s answers seemed to be in the same formatting style as ChatGPT’s typical responses. Then, when the candidate was asked to appear on camera, his face had an emotionless look, as if it were computer-generated.
As someone experienced in cybersecurity, Dawid had a good indication of what was occurring and began making some simple requests to confirm his suspicions. Most notably, Dawid instructed the interviewee to wave his hand in front of his face (a motion that would mess with the image tracking of most deepfake technology) and then promptly ended the call when the candidate refused to do so.
An Encounter with a Fraudster
This video is chilling, to say the least, especially when one considers that the bad actors and the technology they use will only improve and become harder to spot.
However, we still share Dawid’s video not only to raise awareness of the warning signs, but also because it’s a great example of the proper steps you should take to spot a potential threat.
Our Role & Response
Just like the organizations mentioned in this story, the Eight Eleven Family of Companies works closely with US law enforcement officials to combat the growing threat of Candidate Fraud.
Through this collaboration, we are better equipped to minimize this threat, more informed to catch the warning signs, and even prepared on how to properly deal with a suspected bad actor. Law enforcement officials always emphasize that you should never directly confront a fraudster. Doing so will only give them more time to cover their tracks and, unfortunately, make it harder for the proper authorities to capture them.
The Proper Way to Combat Candidate Fraud
Instead, it’s recommended that you end the call, just like Dawid did in his example video, and send all your evidence to the proper authorities. There are also several ways, as an organization, that you can minimize the risk of these threats.
Mandatory Encrypted Video Interviews: Zoom or Teams
Continual Market Training & Role-Playing
One-Pager Quick Reference Guide Given to All Recruiters
Enhanced Verification Process & Background Checks
Establishing an On-Camera Policy (Client Opt-In) & Device Management Addendum (HR Onboarding Package)
Walking-In Candidates on Their First Day (Virtually & In-Person)
Weekly Audits to Flag Suspicious Banking & Address Changes
Collaborating with Clients for Additional Education
Spreading General Awareness of the Threats
Collaborating with US Law Enforcement Agencies
The measures mentioned in this list are only a few ways we are keeping ourselves and our clients protected against Candidate Fraud. However, they are only a piece of the puzzle.
A Few Ways We’re Combating Candidate Fraud
If we revisit the insights shared by cybersecurity officials and the examples in this story, two key points should be clear.
No one is ever truly safe from the threat of bad actors.
Having recruiters and employees who are well-informed on these threats and their potential indicators is your best line of defense.
Hackers can spend all their money and time on innovative strategies and still be caught off guard by a simple question like “You said you’re located in Austin, TX. What’s your favorite local restaurant?”
This is why we put such an emphasis on not only education, but also training. Plus, the personal touch of our approach, like walking candidates in on their first day, or checking in throughout their engagements, naturally provides our employees more opportunities to vet potential bad actors.
Staying Informed Means Staying Secure
Even simple changes to your company policy, such as mandating that cameras be turned on during virtual meetings or interviews, can help minimize this threat. More importantly, these policies help create a secure culture at your organization. However, you’ll notice that we keep using the verbiage “minimize” instead of “stop” or “prevent”, and this is a deliberate word choice.
As we mentioned, there is no universal remedy that can guarantee 100% protection.
Additionally, even if there were, it would only be a matter of time before these persistent bad actors devise new ways to subvert or circumvent them. Yes, the sad truth is that cybersecurity seems to be a permanent risk in the modern world. Thankfully, federal authorities and organizations like ours are equally dedicated to our efforts in mitigating risk!