How HR leaders can spot and stop fake job applicants
Some fake job applicants are attempting to gain access to an organization's internal systems. Learn how CHROs must work with other departments to guard against this threat.
Fake job applicants are becoming a serious security threat for many companies, not just a recruiting nuisance. As AI-generated identities become more pervasive, CHROs must work with IT, security, legal and other leaders to stop this security threat and protect their organizations' internal systems, data and reputation.
Fake job applications can include applications based on fabricated identities – sometimes created using AI -- and people who pretend to be someone else during an interview. The problem is escalating rapidly, according to Gartner, which estimated that by 2028, one in four job applicant profiles could be fake. Some people carry out this deception to gain access to an organization's internal systems and install malware or steal money.
Fake job applicants are a drain on resources for companies, as employees must spend time attempting to identify fake applications. Additionally, companies might tighten their screening process so much that qualified candidates are mistakenly set aside, and their reputation could be at risk if a fake applicant is hired and commits fraud.
Here's more about the types of fake job applicants and the governance associated with fake job application detection.
Types of fake job applicants
Here are some of the most frequently occurring types of fake job applicants:
- Synthetic identity. In this situation, the fake job applicant is a complete fabrication that's created with a blend of real and fake background information. For example, a synthetic identity might include an authentic Social Security number, a false name, an AI-generated applicant headshot, a real home address and a false work history.
- An all-AI identity. A synthetic identity can also be a complete AI creation, with even an applicant's voice being faked.
- A hijacked identity. Some fake job applicants steal the personal information and job history of a real person, potentially by using information from LinkedIn or other sources.
- Contract-to-hire switch. Fake job applicants might fool a staffing firm that has an established relationship with the target organization, allowing them to gain access to their target.
How to detect fake job applicants
Here are some common approaches for catching fake job applicants:
- Detecting facial alterations. Beware of video deepfakes. AI is good but is still a long way from perfect. A fake job applicant might make facial expressions that are out of sync with their speech, exhibit rigid head movements, or be unable to place their hand in front of their face.
- Paying attention to audio failures. An interviewer should be suspicious if an applicant's voice cadence is unnatural, if the audio quality changes suddenly, if every answer sounds scripted and the applicant is unable to respond to spontaneous conversation, such as "How was your weekend?"
- Adding unexpected questions. A fake job applicant can often be tripped up by questions about material that was not included in their resume or cover letter. For example, an interviewer might ask, “Who was your supervisor in that position? What was their title?”
Governance for fake job applicant detection
CHROs must work with other executive leaders to determine ownership of fake applicant detection.
An executive leader will likely oversee the effort, including setting mandates and establishing a budget for detection tools as well as rules for their use. They will ensure that the fake job applicant detection policies are legally compliant.
Meanwhile, HR will own detection processes, including overseeing identity verification as well as documentation of hiring decisions and audit processes.
IT and security will own the technical aspect of threat detection, including assessing the security risk of remote hires, integrating fake job applicant detection tools with any existing applicant tracking systems, and putting stringent identify verification in place for devices with in-house access.
Educating the workforce about fake job applicants
All employees must be made aware of the dangers of fake job applicants.
The C-suite should send out communications about the rise in fake job applicants, the possible consequences of hiring a fake job applicant, the new company policies and processes for detecting them, with the assurance that those policies and processes will be administered fairly.
Additionally, managers should be trained on the associated policies, briefed on the strategies and risks associated with fake applicants, and instructed on how to ensure compliance.
Executive takeaway
Acting now on fake job applicants is vital, as they can compromise an organization's data sources, sensitive information and reputation. Fake job applicants can also potentially expose a company to civil liability and regulatory action and negatively affect customer confidence in an organization.
Taking action against fake job applicants is not an option but is now a core component of cybersecurity.
Scott Robinson is an enterprise data architect at New Era Technology, a global digital transformation firm. He is an IT veteran with more than 25 years of experience, a social scientist and the author of Modern Data-Centric Architecture.
