Recruitment Fraud: How AI and Deepfakes Are Hijacking the Hiring Process
Clive Bourke
President, EMEA & APAC
Clive Bourke is President of EMEA and APAC for Daon and is a member of Daon’s Board of Directors. His team are responsible for all Daon’s business activities across Europe, the Middle East, Africa and Asia Pacific. They deliver and support biometric and identity solutions in banking, payment, public sector, aviation, telecommunication, gaming, online markets and fintech sectors.
Clive has been intimately involved in the development of Daon from start-up to an established global business with market leadership in biometrics and identity. With over 25 years of international technology experience, Clive brings a track record in taking multiple first-of-a-kind initiatives from concept to realization. He earned his Electronic Engineering degree from University College Dublin in Ireland.
In his free time, Clive enjoys going to the gym, running, hanging with family and socializing, reading and playing golf.
June 12, 2025
In the last five years, the modern hiring landscape has evolved rapidly. Gone are the days of in-person interviews and local talent pools. Recruitment has become a largely virtual process. Today’s candidates move through virtual pipelines, transmitting their voices across continents, their faces pixelated squares on screens, and their credentials now digital entries on databases that hiring managers access through dashboards rather than manila folders.
This transformation has unlocked extraordinary opportunities. Companies now recruit globally without geographical constraints. Candidates apply for positions they couldn’t access before. The labor market has expanded dramatically, creating new possibilities for diversity, innovation, and growth.
Unfortunately, alongside these benefits, a new shadow economy is lurking. The same digital infrastructure that enables legitimate remote work has created the perfect conditions for a new breed of recruitment fraud. With sophisticated AI tools and deepfake technology accessible to anyone with an internet connection, bad actors can now fabricate entire professional personas with alarming ease. What once required elaborate forgery skills now requires only a few clicks.
According to Gartner’s analysis, by 2028, one in four job candidates will be fake—not merely embellishing credentials, but presenting entirely fraudulent identities. Some seek to bypass screening processes for conventional financial gain. Others have more sinister objectives, including corporate espionage, intellectual property theft, or even state-sponsored financial diversion.
As organizations continue embracing remote hiring practices, defending against this growing threat has become essential. The traditional hiring safeguards like resume checks, reference calls, and video interviews no longer provide sufficient protection in a world where entire identities can be synthesized with alarming precision.
How High-Tech Hiring Scams Work
A Closer Look
Recruitment fraud has evolved far beyond embellished resumes or exaggerated job histories. Today, it involves using false or stolen identities, AI-generated credentials, and deepfake technology to pose as entirely fictional job candidates. These aren’t trivial white lies about proficiency in Excel or overstated language skills. They’re comprehensive deceptions designed to place individuals with fake identities into positions of trust and access.
The scale of this problem continues to grow. According to Resume Genius, 76% of hiring managers report that AI has made it significantly harder to detect imposter applicants. The democratization of advanced AI, while beneficial in many contexts, has created unprecedented challenges for organizations trying to verify who they’re actually hiring.
How It Works
Recruitment fraudsters employ an intricate playbook that exploits the digital nature of today’s hiring processes. Deepfake video interviews stand among the most concerning tactics. Using AI-powered face and voice synthesis, bad actors can create convincing video personas that respond naturally during interviews, complete with appropriate facial expressions, voice modulation, and even background settings that appear legitimate.
AI-generated resumes represent another common approach. These documents are crafted by algorithms to perfectly match job descriptions while remaining undetectable to automated screening systems. The resumes often include fabricated work experiences tailored to specific company requirements, complete with plausible responsibilities and achievements.
Proxy interviews, where someone other than the applicant handles the interview process, have also become common. Once hired, the actual worker who shows up is different from the person who interviewed. In other cases, fraudsters create synthetic identities using combinations of real and fabricated personal information, making background checks ineffective.
The barrier to entry for these deceptive practices continues to fall. According to experts, it takes less than a day for a researcher with no image manipulation experience to create a fake job candidate. The accessibility of deepfake tools has made this type of fraud plausible for individual scammers and organized criminal enterprises alike.
The North Korean IT Worker Scandal
The abstract threat of recruitment fraud became startlingly concrete in May 2024, when the Department of Justice revealed that more than 300 U.S. firms had unknowingly hired IT workers with direct ties to North Korea. These workers were government operatives hired under false identities, with a specific mandate to funnel earnings back to Pyongyang to support weapons development programs.
The scheme operated with remarkable complexity. North Korean operatives used a high-level web of tactics to mask their true identities and locations. They deployed VPNs and proxy servers to disguise their IP addresses, presented meticulously forged identity documents that could pass standard verification processes, and used deepfakes for video interviews. In some cases, the operatives enlisted third-party proxies to handle initial interviews before taking over remote positions themselves.
Once hired into legitimate technology roles, these workers gained access to sensitive corporate systems while simultaneously remitting the majority of their earnings to North Korean government accounts. Conservative estimates suggest these operatives collectively channeled over $100 million annually to support North Korea’s nuclear and conventional weapons programs.
A New Kind of Insider Threat
While North Korea’s operations garnered serious attention, recruitment fraud has evolved into a global enterprise spanning multiple countries with varying motivations. Intelligence agencies have identified similar operations originating from Russia, China, Malaysia, and South Korea, with different objectives. Some seek industrial espionage benefits, others focus on information warfare capabilities, and many prioritize financial gain above all else.
“A part of those operations have shifted to focus on gathering intelligence about the companies they’re working at, including intellectual property and any other company secrets,” said Greg Levesque, CEO of threat intelligence firm Strider.
He added that most companies still underestimate the breadth of the issue: “Right now, what we’re all realizing is that the scope and scale of that enterprise is far greater than people originally knew.”
What makes these operations particularly difficult to combat is that many of the fraudulent candidates possess genuine technical skills. Unlike the traditional notion of imposters as inherently incompetent, today’s recruitment fraudsters often deliver high-quality work. They meet deadlines, contribute meaningfully to projects, and in some cases even outperform legitimate team members.
Roger Grimes, a veteran security consultant with KnowBe4 who has helped multiple organizations address infiltration by fraudulent employees, notes this paradoxical challenge: “Sometimes they perform so well that, when their true identities are finally discovered, people are sorry they have to let them go.”
This perceived competence creates a troubling dynamic where organizations might hesitate to thoroughly investigate suspicious circumstances when an employee is delivering exceptional results. The fraudsters understand this psychology and deliberately cultivate reputations as invaluable team members to extend their tenure and access within targeted organizations.
The Role of AI and Deepfakes in Scaling Fraud
Outbreaks of recruitment fraud directly correlate with advancements in artificial intelligence and deepfake technology. What once required a team of skilled forgers and social engineers can now be accomplished with commercially available software tools. Widespread access to these tools has transformed recruitment fraud from a specialized craft into a scalable enterprise.
During video interviews, fraudsters deploy deepfakes to present convincing visual personas. These aren’t the obviously manipulated videos that went viral in the past. Modern deepfakes feature subtle eye movements, appropriate lighting reflections, and synchronized audio that can fool attentive observers. Voice-changing software complements these visual deceptions, allowing operators to maintain consistent vocal characteristics throughout multiple interactions with hiring managers and teams.
Behind every successful recruitment fraud operation lies a detailed AI toolkit. Natural language models generate personalized cover letters that respond precisely to job descriptions. Resume algorithms construct career histories optimized for applicant tracking systems. AI even helps fraudsters prepare for interviews by analyzing a company’s public-facing content to anticipate likely questions and cultural references.
The FBI has repeatedly warned organizations about this growing threat. In May 2025, the Bureau’s Cyber Division issued an advisory highlighting several cases where financial services companies had unwittingly hired individuals using completely fabricated identities supported by deepfake interviews.
According to research from Resume Genius, 17% of hiring managers reported encountering suspected deepfake interviews by the end of 2024, up from just 3% the previous year. A broader 2023 survey found that 35% of U.S. businesses had already experienced at least one security incident involving deepfake technology, with recruitment becoming the most common vector. Even more concerning, the quality gap between authentic and synthetic content continues to narrow. Detection technologies struggle to keep pace with innovations in AI-generated media.
Talent Acquisition Meets Threat Evasion
Despite the recent surge of recruitment fraud, many hiring teams remain ill-equipped to identify and counter these threats. Human resources departments have traditionally focused on finding and developing talent, not on detecting elaborate identity deception schemes. Few hiring managers have received formal training in digital forensics, document verification, or recognizing the subtle markers of deepfakes.
This capability gap creates a dangerous blind spot. Ben Sesser, CEO of interview intelligence platform BrightHire, has observed this phenomenon across organizations of various sizes. “They’re responsible for talent strategy and other important things, but being on the front lines of security has historically not been one of them,” Sesser explained to CNBC. “Folks think they’re not experiencing it, but I think it’s probably more likely that they’re just not realizing that it’s going on.”
The transition to remote hiring has exacerbated existing vulnerabilities. Many organizations still rely on verification processes designed for in-person interactions. These include reference checks that can be easily circumvented, document reviews that don’t account for advanced forgeries, and interview practices that haven’t adapted to the possibility of synthetic media. Even basic security measures like verifying that a candidate’s voice matches across multiple interactions are frequently overlooked in the rush to fill positions.
The distribution of hiring responsibilities across recruiters, managers, and team members further complicates the problem. Without centralized verification protocols, inconsistent standards emerge. A candidate might face rigorous scrutiny from one interviewer but cursory review from another, creating security gaps that fraudsters can identify and exploit.
Detecting and Preventing Candidate Fraud
As recruitment fraud grows more widespread, organizations need a multilayered defense strategy that combines technology, process changes, and human vigilance. The most effective approaches don’t rely on any single countermeasure but instead create multiple verification checkpoints throughout the hiring process.
Thorough verification has become non-negotiable in today’s hiring landscape. This means going beyond cursory background checks to validate educational credentials directly with institutions, confirming professional licenses with issuing authorities, and contacting past employers through official channels rather than provided references. Many organizations now implement live, proctored identification checks where candidates must present government-issued ID through secure verification platforms that can detect manipulated documents. Lili Infante, CEO of CAT Labs, revealed that her firm leans on identity verification companies to weed out fake candidates.
Video interview protocols have also evolved to counter deepfake technology. Forward-thinking companies now incorporate unpredictable real-time requests during interviews. Asking candidates to turn their profile to the camera, show their hands, or respond to spontaneous questions can reveal synthetic media. Some organizations have candidates sign in to interviews from multiple angles simultaneously, making it virtually impossible for deepfakes to maintain consistency across perspectives.
How Daon Is Leading the Charge
As recruitment fraud evolves into an intricate global shadow enterprise, organizations must respond with equally advanced defensive capabilities. Daon has emerged as a frontrunner in this space, developing a comprehensive suite of technologies specifically designed to address the challenges of remote hiring verification and deepfake detection.
Identity Verification
Daon’s identity verification solutions create a foundation for thwarting recruitment fraud by matching government-issued identification documents to the facial biometrics of the individual presenting them. This critical verification step creates an authoritative link between physical credentials and live persons, making it virtually impossible for fraudsters to use stolen identities or fabricated personas during the hiring process. The technology simultaneously scans identification documents and captures facial images, then employs sophisticated algorithms to confirm that the person standing in front of the camera is indeed the rightful owner of the presented credential.
Beyond establishing identity ownership, the verification process extracts and validates biographical data from scanned documents, cross-referencing this information against application data and authoritative databases. When candidates submit employment applications containing personal details, the system automatically compares names, addresses, birthdates, and other identifying information against data captured from their verified identification documents. Discrepancies between stated and documented information immediately flag potential fraud attempts. The extracted identity data also undergoes screening against global watchlists and sanctions databases, ensuring that organizations can identify individuals with histories of fraudulent activity or those subject to regulatory restrictions before extending employment offers.
Document Validation
Before any biometric matching can occur, validation processes must first confirm that the identification document itself is genuine and unaltered. Daon’s document validation technology examines hundreds of security features embedded within official credentials—including watermarks, holograms, foils, textures, and specialized inks—that fraudsters cannot easily replicate. The system performs complex tampering detection that identifies image replacement, color space manipulation, and alterations to printed data, so that only genuine, unmodified documents proceed through the hiring pipeline.
In addition to visual analysis, the technology validates document completion and verifies extracted data against embedded barcodes and NFC chips to confirm internal consistency. When processing documents from different jurisdictions, the system applies country-specific validation rules that account for unique security features and formatting standards across nearly 200 sovereign entities.
Liveness Detection Technology
Another solution at the core of Daon’s approach to combating recruitment fraud is a dual-layered liveness detection system that distinguishes between genuine users and synthetic media with high precision. Daon leverages both active and passive liveness detection across its identity verification and authentication solutions—including xFace, xAuth, xProof, and xVoice—to provide organizations with a robust defense against deepfake attacks, bots, and impersonation tactics.
Liveness detection operates through multiple sophisticated methods that can perceive authenticity markers invisible to the human eye. Active liveness detection engages users directly by asking them to complete simple prompts such as blinking or repeating a specific phrase, while passive liveness detection works silently in the background without requiring any user action. Both approaches use advanced neural networks to analyze biological and behavioral indicators, creating a tamper-resistant verification framework that prevents fraudulent attempts without compromising user experience.
AI-Powered Deepfake Detection
As deepfake technology advances, so too must detection capabilities. Daon’s AI-powered detection system flags the subtle inconsistencies that reveal synthetic media. The technology identifies unnatural facial movements, irregular blinking patterns, and audio-visual synchronization issues that indicate manipulation. When combined with injection attack detection that identifies digitally inserted content and presentation attack detection that recognizes physical spoofing attempts like masks or photos, the system creates a comprehensive defense against the full spectrum of deepfake approaches.
Seamless Integration
Daon’s digital identity solutions are designed for seamless integration into existing recruitment workflows. The technology can be layered directly into popular applicant tracking systems, HR platforms, and digital onboarding flows without disrupting established processes. This integration capability means organizations can implement advanced security measures without creating additional friction for genuine candidates or administrative burden for hiring teams.
TrustX, Daon’s cloud-native SaaS Identity Continuity platform, features open API capabilities that enable flexible deployment across various touchpoints in the hiring process. Organizations can implement verification at initial application, before interviews, or during final onboarding stages depending on their security requirements and candidate experience priorities. This adaptability ensures that security measures scale appropriately with risk, applying more rigorous verification to roles with greater access to sensitive systems or data.
Securing the Future of Work
Companies that implement multi-layered verification systems combining robust identity checks, AI-powered deepfake detection, and comprehensive employee education will be best positioned to protect themselves from recruitment fraud. By integrating these security measures seamlessly into existing workflows, organizations can maintain hiring efficiency while dramatically reducing their exposure. The stakes, from financial losses to data breaches and reputational damage, are simply too high for a reactive approach. Daon’s technology offers a path forward, securing the hiring process without sacrificing candidate experience or operational efficiency.
