A Flood of Phony Job Applicants Is Creating Hiring Havoc

He describes the fake employee as a “state-of-the-art Trojan horse.”

While access to systems or information is valuable for some criminals, others just want money. The United Nations, for example, estimates that North Korean IT workers sent abroad generate as much as $600 million a year for the authoritarian North Korean regime. 

“There are entire ‘call centers,’ we’ll call them, where people sit and do interviews using fake profiles to get a job,” Jurkiewicz says. “Your first 30 to 60 days as an employee anywhere in the world is typically spent in orientation and training. You can fake your way through all of that pretty easily and collect a paycheck until you’re caught, which might not be until day 90. In the meantime, you’re getting paid — maybe by five different companies that have hired you at the same time — and all that money is going into the criminal enterprise you work for.”

Last year the U.S. Department of Justice (DOJ) arrested a Nashville man who was allegedly creating fake personas to obtain jobs at American and British tech companies, which he then outsourced to North Koreans using an elaborate tech setup. The money was used to fund North Korea’s weapons program, including weapons of mass destruction (WMD), according to the DOJ. The arrest announcement notes that North Korea “has dispatched thousands of skilled IT workers to live abroad, primarily in China and Russia, with the aim of deceiving U.S. and other businesses worldwide into hiring them as freelance IT workers to generate revenue for its WMD programs.”

The effect on employers

The influx of fake candidates can be an administrative nightmare for employers — especially small businesses, says Al Pascual, founder and CEO of Scamnetic, a technology company specializing in scam protection.

“It used to be that if you had an open role and you got 20 applicants in a week, that was a good week,” Pascual explains. “Now, because AI has made it so easy for scammers to apply for these roles, you might post a job and get 500 to 1,000 applicants in a week, and there’s really no good way to sort through all of those, especially as a small business. That’s a huge problem, because it almost paralyzes you in your ability to hire.”

To separate the wheat from the chaff, employers must invest in sophisticated software or outsource hiring to third-party recruiters who have the resources and expertise to find legitimate candidates. “That creates a cost for businesses that they didn’t necessarily have to incur before,” Pascual says.

Wasted time and money are the best-case scenario. The worst-case scenario can be far more crippling, according to Vijay Balasubramaniyan, cofounder and CEO of Pindrop, a technology company specializing in deepfake detection and voice authentication. “If you hire a fake candidate, they have the keys to the kingdom.… And with that, they can install malware or steal [intellectual property],” he says.

That can cause not only financial losses, but also reputational losses. “It can hurt your ability to scale and grow into new markets, hire top talent, and market and promote your business,” Jurkiewicz says. “The net effect of that can be devastating. You could literally go out of business.”

The fakers hurt real applicants, too

There are implications for job seekers, as well. “It’s taking opportunity away from people who are legitimately looking for meaningful work to feed and take care of themselves and their family and be a productive part of their community,” Jurkiewicz notes.

Older adults may be particularly affected, suggests futurist Shawn DuBravac, the president and CEO of Avrio Institute, a consulting firm that helps companies understand the business implications of technology. To mitigate the problem of fake applicants, he says, companies will have to use new screening technologies and conduct more in-person interviews, even for remote positions.

“It can be more difficult and expensive for older adults to travel,” DuBravac says. “Also, there will be new technology tools that candidates will have to use to verify themselves, and that will be one more thing that older adults will have to learn and figure out for themselves compared to younger people, who might be more tech fluent.”

How employers can protect themselves

Consider a mix of high-tech tools and savvy screening techniques:

• Booby-trap your job postings: Stopping fake applicants starts with the job posting itself, according to Pascual, who says some employers have resorted to putting “Easter eggs” or “red herrings” in job postings. If you’re hiring a software engineer, for example, you might list “picking bananas” as one of the job responsibilities, knowing that fake applicants use generative AI to create perfect-looking résumés based on job descriptions. “What you’re looking for, then, is applications and résumés that … talk about their history of being really good at picking bananas,” Pascual explains. “Because a real human being is going to recognize that as irrelevant.”
• Fight tech with tech: If fake applicants are using technology to scam you, you can use it to detect them. Both Phenom and Pindrop, for example, offer agentic AI platforms — AI-based “bots,” essentially — that can detect deepfake audio and video in real time during online job interviews. There are also tools that can detect whether AI was used to generate a résumé or cover letter; validate identity documents like driver’s licenses; and confirm through biometrics, digital forensics and other means that the candidate is who they say they are.
• Outsmart AI interviews: If you can’t afford digital screening solutions, there are analog tricks worth trying. “If I were doing a virtual interview and I was worried that you were a synthetic person, I would have you do certain things with your hands that AI models aren’t really trained for,” DuBravac says. “For example, I might ask you to move your hand in front of your face or hold up three fingers, then flip your other hand and hold up three other fingers.”
  You also could ask candidates to share their favorite book, then hold it in front of their face; fake candidates might be able to answer the question, but probably won’t have the book, says McQuiggan, who also suggests asking questions about where candidates live or where they went to school. If a candidate claims to live in Dallas, for example, ask for their favorite restaurant; a long pause or typing in the background is suspicious.
• Incentivize referrals: Because real people know real people, referral-based hiring can be a smart strategy. “If you’re a small business and you’re looking to hire, one of the best places to start is with your existing employees,” says DuBravac, who suggests offering referral bonuses and incentives to employees who recommend friends and former colleagues for open positions.
• Limit access to sensitive data and systems: Once you hire someone, “consider applying zero-trust principles by avoiding broad access on day one and enforcing role-based controls that follow the principle of least privilege,” McQuiggan says, referring to the principle that employees should be given the minimum amount of access necessary to do their jobs. “Monitor for anomalous behavior; if a new hire begins accessing unusual systems or data, it should trigger an immediate investigation.”

How job seekers can protect themselves

Job seekers can’t stop fake applicants. But they can improve their own ability to compete with them by embracing a back-to-basics approach to job searching:

• Grow your network: Employers who are inundated with fake résumés from fake applicants are increasingly hiring through their personal networks, Pascual observes. “It’s tough advice for introverts, but networking is critical,” he says.
• Build your online presence: Although you should be careful about posting personal information online, employers who are worried about fake applicants are looking for evidence that candidates are authentic, according to McQuiggan, who says job seekers should beef up their online presence while job hunting. A personal website can help, for example, as can public-facing social media profiles that reflect your hobbies and interests, especially those mentioned on your résumé.
• Show, don’t tell: Fake applicants’ AI-generated résumés and interviews are typically very shallow, according to Jurkiewicz, who recommends going deeper by sharing concrete anecdotes, examples and results. “What measures of success do you have in your career?” he asks. “Be specific, down to the person, dollar and project … because AI is not very good at matching experience to skills.”
• Make it personal: Résumés, cover letters and interviews tailored not only to the job description, but to the company — reflecting its mission, values and strategy — will win the day. DuBravac suggests emphasizing “the personal connection you have to the company and why the job opportunity stood out to you. You need to express and convey that you’re not just treating the company like one of 1,500 that you sent [AI-generated] résumés to that day.”

He adds that a handwritten thank-you sent post-interview via snail mail is something fake applicants will never do: “Any way you can break the screen between you and the opportunity is a good way to differentiate yourself.”