Transform your hiring process today

Share

Fake candidates are no longer rare, and they’re no longer easy to spot. 

As new AI tools make it easier to do both, candidate fraud is becoming a growing business risk, with Gartner projecting that 1 in 4 candidate profiles will be fake by 2028. Today, candidate fraud primarily falls into two buckets: candidates who aren’t who they say they are (think deepfakes and proxy interviewers), and candidates who misrepresent their experience and qualification through AI-assisted cheating and credential fabrication.

It’s a challenge that no single team can solve alone, which is why our recent webinar, The Rising Risk of Candidate Fraud and How Hiring Teams Are Responding, paired three views of it: talent, legal, and investigations. 

BrightHire co-founder and CEO Ben Sesser sat down with Josh Elmore, Global Head of Talent Acquisition and People Operations at Zoom; Joshua Fattal, a privacy, AI, and data security attorney at Morrison Foerster; and Meric Bloch, a workplace investigator and professor at Fordham Law, to dig into where fraud shows up across the hiring funnel and what to do about it.

Key takeaways

  • Candidate fraud has become a security risk, not just a recruiting headache, and a fraudulent hire can mean IP theft, data loss, or worse.
  • Most hiring teams have already faced it, but few are confident they could catch a sophisticated fake today.
  • No single checkpoint is enough, so detection has to be layered across the application, the screen, and the interview.
  • A red flag should trigger a human investigation, not an automated rejection, which carries its own legal risk.
  • The more fraud signals you collect, the more privacy and compliance obligations you take on.

The new reality of candidate fraud

Josh sees the shift from the front lines at Zoom, where suspicious application volume has more than doubled in the last six months alone.

“Two years ago, it was more of an edge case. You might see one or two suspicious applications a recruiter might flag anecdotally on a quarterly basis,” he says. “Today, this is a daily conversation.”

And the stakes go well beyond wasted recruiter time. Meric framed a hired fraudulent candidate as an insider threat with credentials and patience, exposing companies to IP theft, data loss, and even sanctions violations. 

In polls during the webinar, 83% of respondents said they’d encountered a suspected or confirmed fraudulent candidate in the past year, and 37% named security or ransomware as their top fraud concern, ahead of wasted time or the cost of a bad hire. But when asked on a scale from 1-5 how confident they were that their team would catch a sophisticated fake candidate today, the average answer was just 3 out of 5. Nearly everyone has faced this, and few trust their defenses.

83%
Have faced suspected or confirmed candidate fraud in the past year.
37%
rank security or ransomware as their top fraud concern.
3 / 5
average confidence in catching a sophisticated fake candidate today on a scale of 1-5.

How hiring teams can defend against candidate fraud 

The good news is that fighting candidate fraud doesn’t require reinventing your hiring process. The panel’s recommendations come down to five practices:

  1. Layer fraud detection across the entire hiring funnel
  2. Train your team on a short list of red flags
  3. Investigate flags before acting on them
  4. Ask interview questions that require in-depth answers
  5. Collect signal without creating legal exposure

Let’s dig into each of these.

Layer fraud detection across the entire hiring funnel

Candidate fraud shows up everywhere, which means detection has to as well. Josh walked through where it appears across Zoom’s funnel: AI mass-produced resumes and fabricated credentials at the application, location concealment and thin, recently created LinkedIn profiles at the recruiter screen, and proxy interviewing and deepfake-assisted impersonation in live interviews.

“Every touchpoint you have with a candidate is where fraud could show up.” — Josh Elmore, Global Head of Talent Acquisition and People Operations at Zoom

The takeaway is to stop treating fraud screening as a single gate. Application filters catch the highest volume but the least sophisticated attempts, which means recruiter screens, live interviews, identity verification, and background checks each need their own layer of detection. Anything with only one line of defense is where fraud will get through.

That’s the thinking behind BrightHire’s candidate fraud detection, which covers the layer where the context is richest: the interview itself. It surfaces signals across behavior, identity, device, and context, from deepfakes to AI-assisted answers, and brings them into one unified view of risk your team can act on.

Train your team on a short list of red flags

Meric calls talent acquisition “the first line of defense” against candidate fraud and both he and Josh landed on the same starting point: pick a handful of red flags, three to six, and train every recruiter and interviewer to spot them. 

What belongs on the list? Recently created LinkedIn profiles with stock photos and generic details. Resume links that go nowhere. Locations that shift between calls. And Meric’s favorite tell: the resume that’s too good to be true.

“If you look at somebody’s resume, there’s always gaps, there’s always rough spots. It’s just part of life. If it’s too perfect, that’s a red flag.” — Meric Bloch, Professor at Fordham University School of Law and Principal at Winter Investigations

Josh recommends monitoring the flags over time to make sure they still fit the threat, which will keep evolving.

Investigate flags before acting on them

If you see a red flag, Meric’s protocol is simple: slow down and treat the signal as a prompt for further diligence, not grounds for rejection.

“A red flag is a piece of information. You do not want to have the technology be the verdict on rejecting the candidate,” he says. “You definitely want to look into it.” 

Ask a follow-up question. Request additional proof. In Meric’s experience, a fraudulent candidate asked to substantiate a claim “folds like a cheap card table.” 

There’s a legal reason for the discipline too: rejecting candidates on an automated signal alone can create liability of its own. A flag should trigger an inquiry that produces a defensible record of what you checked and why, with AI surfacing the signal and a trained person making the call.

Ask interview questions that require in-depth answers

Sophisticated fraud that survives the application tends to surface in conversation, if interviewers know how to draw it out. The panel’s advice: move screens from phone to video where you can, since voice-only AI agents can now handle a phone screen convincingly, and design interview questions that require detailed responses. 

“Really go deep, ask situation-related, hard questions that you know a human would be able to respond to.” — Josh Elmore, Global Head of Talent Acquisition and People Operations at Zoom

Meric added the tell to listen for: candidates who give answers without explanations. Someone who knows their field can explain context and tradeoffs; someone reciting memorized or AI-fed material can’t. Build structured interview plans so every interviewer is probing for depth rather than improvising.

Fraud detection comes with a catch. Many of the best defenses work by collecting more candidate data, things like identity verification, video analysis, and location checks. And the more of that data you collect, the more privacy and employment laws apply to you.

“The more signal you collect, the more data you collect, the more you are putting yourself in the crosshairs of emerging and existing privacy and other employment laws,” says Joshua.

The good news, Joshua explained, is that almost none of this is prohibited. It just comes with obligations. In the US, the rules vary state by state, and biometric data like facial recognition carries specific consent, retention, and deletion requirements. In the EU, the AI Act treats hiring as a high-risk use of AI, with no special exemption for fraud detection.

His advice: build compliance in from the start rather than bolting it on. Get candidate consent, set limits on how long you keep the data, and give candidates a way to appeal. Keep your counsel in the loop as you add detection signals, and hold your vendors to the same compliance and security standards you hold yourself, because “we were using someone else’s hiring tool” won’t protect you if something goes wrong.

Final thoughts

The panel expects candidate fraud to get worse before it gets better, with consumer fraud tools currently outpacing enterprise defenses. But they agreed on the response: layered detection, trained people, and a defensible process, with humans making the decisions. As Meric put it in his closing advice, keep the human in the loop.

Watch the full conversation, including the live Q&A.

More ideas from BrightHire

Reduce risk. Hire with confidence.