Hiring fraud is one of the fastest-growing identity threats facing enterprises today. What was once limited to resume padding has evolved into a state-sponsored operation, with operatives linked to North Korea using AI-generated deepfakes and stolen identities to gain access to enterprise system from day one.
Research from Cloudflare found state-sponsored actors are actively using deepfakes to infiltrate Western payrolls. The FBI and the US State Department have both flagged the trend as an accelerating threat, warning that North Korean IT workers are generating revenue for the regime and, in some cases, exfiltrating sensitive data from the companies that employ them.
Why Hiring Fraud Is On The Rise
Most hiring processes are designed to verify qualifications, not identity. Background checks confirms that the name on the resume matches a real person with a real work history. But they do not confirm that the person on the video call is that person.
AI has made it very easy for malicious actors to exploit this gap. Deepfake video is now good enough to pass a live interview. Voice cloning can replicate a candidate’s speech patterns from a few seconds of audio taken from a recording. Faked identity documents can also pass automated verification checks. The entire pre-hire process, from application to onboarding, can be gamed at very low cost for attackers.
Once a fake employee has the job, they get access to email, collaboration tools, code repositories, internal documentation, and often VPN or remote access credentials. These are some of the most sensitive and impactful information that an organization has to protect. If a fake employee is able to access these, they can cause havoc before they even get their first pay check.
“Many companies don’t actually know who they’re hiring or onboarding,” said Chris O’Rourke, Senior Manager, Cloudforce One told Expert Insights “Organizations that don’t make a concerted effort to strengthen their defenses against hiring fraud will feel the consequences.”
How To Stay Protected Against Fake Employees
Staying protected requires strong, coordinated internal processes across HR, IT, and security.
- Verify identity, not just credentials: Organizations should implement identity verification at the pre-hire stage that goes beyond document checks, including liveness detection and biometric matching during the interview process.
- Limit day-one access: New employees should not receive full system access. Apply least-privilege principles to onboarding the same way you would to any other zero trust access decision. Provision access incrementally as identity is confirmed through the probation period.
- Watch for anomalous behavior: Fraudulent employees often follow suspicious work patterns like unusual working hours, reluctance to appear on video after the initial interview, requests to reroute payroll to third-party accounts, or attempts to access systems outside their role. Security teams should monitor for these signals, particularly for remote workers.
- Train hiring managers on deepfakes: HR teams and hiring managers need to understand that a convincing video interview is no longer proof of identity. Provide training on spotting AI generated social engineering and consider requiring in-person verification for roles with access to sensitive systems or data.
- Coordinate across HR, IT, and security: Hiring fraud is not exclusively an HR problem or a security problem. The pre-hire process is owned by HR. System provisioning is owned by IT. Threat detection is owned by security. If these teams are not coordinating on identity verification, the gaps between them become the attack surface.
The Bottom Line
Hiring fraud is not a problem for HR to deal with. It is a serious cybersecurity threat that can go undetected for months. The organizations most at risk are those that treat identity verification as a one-time onboarding step, rather than a continuous process.
Staying secure does not have to be expensive or complicated, but it requires HR, IT, and security to work from the same playbook, rather than assuming someone else is handling it.