In Q3 2024, a US cybersecurity firm reviewed its applicant pipeline and discovered that more than 300 applications received in a single quarter were fraudulent. Some used stolen identities — real names, real credentials, real LinkedIn profiles belonging to people who had not applied. Others were entirely fabricated: synthetic identities built from fragments of real data, with AI-generated headshots and manufactured employment histories. A subset had progressed to video interviews, conducted by proxy — a different person attending on behalf of the fictitious candidate.
The firm caught them because it was in the business of detecting exactly this kind of threat. Most companies are not.
The UK recruitment market — increasingly remote, increasingly digital, and increasingly dependent on self-reported credentials — is facing a wave of candidate fraud that most employers are not equipped to identify, let alone prevent.
The types of recruitment fraud
Recruitment fraud is not a single problem. It encompasses a spectrum of deception, from embellished CVs to state-sponsored identity theft. Understanding the types is the first step toward building defences.
CV and credential fraud. The most common and least sophisticated form. Candidates fabricate or inflate qualifications, job titles, employment dates, or responsibilities. A 2023 survey by the Risk Advisory Group found that 71% of CVs contained discrepancies when checked against actual records. Most discrepancies are minor — a job title promoted by one level, a gap period shortened by a few months. But some are wholesale fabrications: degrees never awarded, companies never worked for, qualifications never obtained.
Identity theft. A more serious form in which the fraudster applies using another person's identity — their name, qualifications, employment history, and sometimes their supporting documents. The real person may be unaware that their identity is being used. The fraudster benefits from the victim's genuine credentials and references. When the employer checks references for "James Thornton," they reach people who genuinely worked with the real James Thornton and can confirm his competence. The person who starts the job is someone else entirely.
Ghost candidates. Entirely synthetic identities — people who do not exist. Built from assembled data fragments, AI-generated profile photos, and fabricated employment histories. Ghost candidates are harder to detect than identity theft because there is no real person whose records might conflict with the application. The LinkedIn profile was created six months ago. The references are accomplices or fictional. The qualifications are from institutions that do not verify by phone.
Proxy interviews. The candidate who is hired is not the candidate who was interviewed. Someone with the relevant skills attends the interview — either in person using the candidate's ID, or via video using deepfake or screen-sharing technology. The actual candidate starts work on day one. If the proxy was skilled at the interview, the substitution may not be noticed for weeks. Services openly advertising "interview assistance" charge as little as $50 per hour.
Organised schemes. The most damaging form. Networks of fraudsters systematically place candidates in target organisations, usually to access systems, data, or financial processes. The North Korean IT worker scheme exposed by the US Department of Justice involved hundreds of placements across major companies. Remote work made the scheme viable. The workers performed real work, but funnelled salaries to the regime and potentially accessed sensitive systems.
Why recruitment fraud is growing
Several converging trends have created ideal conditions for recruitment fraud.
Remote hiring. Before 2020, most hiring involved at least one in-person interaction. The candidate came to the office. They shook hands. They were physically present. Remote hiring removed this verification gate entirely. A candidate can apply, interview, accept an offer, and start work without anyone in the hiring organisation ever being in the same room as them.
Digital credentials are easy to fabricate. A convincing LinkedIn profile takes 30 minutes to create. A professional-looking CV can be generated by AI in seconds. A fake degree certificate from a plausible-sounding institution costs less than £50 from dark web marketplaces. Reference numbers for genuine institutions can be obtained from public sources. The barrier to creating a convincing fraudulent application is lower than it has ever been.
Reference checking has weakened. Many employers have reduced reference checking to a formality — a brief email exchange, a tick-box exercise. Some outsource it to automated services that verify employment dates but nothing else. A 2024 CIPD survey found that meaningful reference conversations — detailed discussions about performance, conduct, and capability — are declining, replaced by simple confirmations of employment.
AI enables scale. A single fraudster with access to AI tools can generate dozens of unique applications per day, each tailored to a specific job posting, with different names, backgrounds, and credentials. The manual effort that once limited the volume of fraudulent applications has been largely eliminated.
Skills shortages create pressure. In sectors with acute skills shortages — technology, healthcare, engineering, care — the pressure to hire quickly creates an environment where verification steps are compressed or skipped. When a role has been vacant for three months and a strong candidate appears, the temptation to accelerate the process is powerful. Fraudsters exploit this urgency.
The cost to businesses
The financial and operational consequences of hiring a fraudulent candidate extend far beyond the recruitment cost.
Productivity loss. A proxy candidate — where one person interviews and another person starts work — typically performs at a fraction of the level demonstrated in the interview. The gap between interview performance and job performance may take weeks to diagnose, during which the team's output suffers and other employees compensate.
Security exposure. A fraudulently placed employee with access to internal systems, customer data, intellectual property, or financial processes represents an acute security risk. If the placement was deliberate — part of an organised scheme — the risk escalates to potential espionage, data exfiltration, or financial fraud.
Compliance failure. If the person performing the work is not the person whose identity was verified during the right to work check, the employer has no statutory excuse. The right to work check was conducted on Person A. Person B is doing the work. The check is void. The same logic applies to DBS checks, professional registration verification, and qualification checks — all of which were conducted on the wrong person.
Re-hiring costs. Discovering a fraudulent hire typically means terminating employment, re-opening the recruitment process, and re-onboarding a replacement. The CIPD estimates the average cost of filling a vacancy at £3,000-£6,000 for most roles, and significantly more for senior positions. When the original hire was fraudulent, those costs are doubled plus the additional expense of any investigation or remediation.
Reputational damage. If a fraudulent employee is discovered in a client-facing role, the reputational consequences extend beyond the employer to the clients served. A consultancy firm that unknowingly places a fraudulent consultant with a client faces both commercial and legal exposure.
How to detect and prevent recruitment fraud
Prevention requires a multi-layered approach that addresses each type of fraud at the point where it is most detectable.
1. Verify identity at the point of application, not just at onboarding. The standard process — verify identity after an offer is made — means that a fraudulent candidate can progress through the entire pipeline before anyone confirms they are a real person. Early identity verification (after shortlisting but before interview) catches ghost candidates and identity theft before interview time is invested.
2. Conduct live credential verification. Do not accept scanned copies of certificates, degree transcripts, or professional registrations without independent verification. Contact the issuing institution directly. For professional registrations, check the relevant register (GMC, SRA, RICS, etc.) using the candidate's registration number, not just their name.
3. Make reference checking meaningful. Automated reference checking that confirms employment dates is necessary but not sufficient. At least one reference should be a phone conversation with a person whose identity you have verified independently — not a number provided by the candidate. Ask specific questions about the candidate's work that would be difficult for a fraudulent reference to answer convincingly.
4. Address the proxy interview risk. For remote interviews, implement identity verification at the point of interview — confirming that the person on the video call is the person whose identity has been checked. This is the specific failure point that deepfake and proxy interview fraud exploits. A 30-second verification step before the interview begins closes the gap.
5. Cross-reference across systems. Compare the information in the application, the interview, and the onboarding process. Does the person who starts work match the person who interviewed? Does the right to work documentation match the identity verified at application? Gaps between these data points are warning signs.
6. Monitor the early employment period. The first 90 days are when proxy candidates and identity theft are most likely to be detected. Performance that dramatically underperforms the interview, colleagues who notice behavioural inconsistencies, or IT login patterns that don't match the expected location are all red flags. Create channels for team members to raise concerns without stigma.
The structural fix
The underlying problem is that recruitment processes were designed for a world where candidates were physically present. The handshake, the in-person interview, the first day at the office — these were implicit identity checkpoints that worked without anyone thinking about them as verification.
Remote and hybrid work has removed those checkpoints. The replacement is not more interviews or more documents. It is a verification infrastructure that confirms identity at each critical juncture: application, interview, and onboarding.
The identity verification gap in recruitment is not a future risk. It is a current reality. The organisations that close it will not just prevent fraud. They will build a hiring process that candidates, clients, and regulators can trust.
Certifyd provides identity verification at each stage of the recruitment process — confirming the candidate is a real, unique individual at application, verifying the person in the interview is the verified candidate, and linking onboarding identity to the interview record. It works across any video platform and creates a continuous identity chain from first application to first day. Learn how it works for recruitment.