In my career, I’ve spent a lot of time thinking about risk — data breaches, external cyber threats, insider sabotage — but one of the most eye-opening moments for me as a head of HR came when the threat didn’t try to breach our network; it applied for a job.
I’m talking about Jo, a seemingly qualified applicant who applied for a remote role on our team. On paper, Jo checked all the boxes: strong credentials, impressive references and an extensive online presence. But over the course of the hiring process, subtle inconsistencies emerged. His responses felt scripted. References were evasive or self-referential. Technical assessments didn’t quite align with the resume.
It turns out Jo was not a malicious “insider” in the traditional sense, but a well-executed example of employment fraud, i.e., an applicant misrepresenting identity and skills to gain access to company resources. At Nisos, our experiences helping clients uncover fraud and human risk meant we quickly understood the situation and who Jo really was, but the experience served as a reminder of how easily fraud can go undetected at the start of the employee lifecycle.
7 Strategies for Beating Scam Job Applicants
- Enhanced pre-employment screening.
- Comprehensive reference checks.
- Open-source intelligence reviews.
- Cross-functional collaboration.
- Secure onboarding and access controls.
- Employee awareness and reporting.
- Community and government collaboration.
Understanding the New Face of Employment Fraud
Employment fraud is no longer limited to minor embellishments on a resume or fake work experience. Today, it spans a spectrum: identity theft, polywork fraud, proxy candidates and even nation-state-backed operations. With the massive expansion of remote work opportunities during the Covid-19 pandemic, opportunities were quickly created for fraudsters to exploit weaker verification processes and bypass in-person checks.
Some of the most serious cases involve individuals or groups seeking more than a paycheck. In the US, North Korean operatives have infiltrated organizations using stolen identities to secure remote employment. By falsely claiming to be legitimate applicants, they’ve taken jobs away from real job seekers, while funneling thousands of dollars in payroll back to North Korea to potentially fund weapons programs. In some cases, the damage to the hiring company has come with even higher stakes: access to sensitive systems, intellectual property theft, regulatory exposure and reputational damage.
While high-profile nation-state cases grab headlines, fraud occurs in many forms and at all organizational levels. Employees might hold multiple full-time jobs without disclosure, outsource tasks to gig workers or exploit access to company systems for personal gain. Each scenario erodes trust and productivity, often before any red flags formally arise.
A Real-World Lesson in Employment Fraud
Jo’s situation highlights the subtlety of modern employment fraud. Jo’s persona was carefully constructed. Online profiles, references and professional experience were largely consistent, yet small anomalies began to emerge.
In the interview, which began like any remote call, subtle but unmistakable issues appeared. The candidate’s responses were fragmented, and his eye movements suggested he was reading from a secondary device. We tested the Florida location he’d given us by asking about a fictitious hurricane; he confidently recounted weather damage that never happened.
Instead of simply rejecting the applicant, our leadership team made a deliberate choice: We would treat this as an investigation. We controlled the onboarding process, purposely moving slowly while we shipped a laptop to the address on file. The laptop contained tracking tools so we could watch it connect to their broader operation. Through this deliberate engagement, we began to map a network involving a series of personas, shared infrastructure and a group of suspected operatives collectively applying to hundreds of thousands of positions.
NBC News later covered our investigation into North Korea’s employment fraud operations in the US, revealing that Jo and others like him had applied to an estimated 160,000 roles across many companies. Many individuals in the network were seemingly employed by multiple U.S. firms simultaneously in high‑demand technology roles, working tirelessly to earn wages.
Ultimately, Jo never completed the onboarding process, and we never granted system access. But by choosing to follow the evidence instead of simply closing his file, we unmasked a portion of their well-coordinated employment fraud schemes. That experience reshaped how I think about hiring risk and how I believe HR leaders everywhere must approach validation, verification and curiosity in the recruiting workflow.
Here are some of the key lessons from Jo’s case.
Patterns Matter More Than Isolated Anomalies
A single discrepancy like a changed mailing address might seem trivial, but when combined with inconsistent interview performance and unverifiable references, it signals deeper risk.
Fraud Detection Is Cross-Functional
In Jo’s case, HR noticed minor red flags, but it was only through collaboration with IT and security teams that we fully understood and evaluated the inconsistencies. When you suspect fraud, collaboration is key.
Early Verification Saves Resources
Organizations hiring remote workers need to implement live video verification, more rigorous reference checks and OSINT (open-source intelligence) review for applicants. These processes will make it much harder for a fraudulent identity to go undetected. For example, live video could expose differences between photos and who’s on-screen. Reference checks and research of online personas will often bring other discrepancies to light as well.
Post-Onboarding Vigilance Is Critical
Even if a candidate passes pre-employment screening, monitoring early activity, such as access patterns, equipment usage and geolocation is essential to detect potential fraud. If activity is always done at odd hours and the location of the work being done doesn’t match where you expected the employee to physically be located, then you may have an issue.
Warning Signs of Employment Fraud
Employment fraud rarely announces itself with a warning label, but organizations can detect it early if they know what to look for. In the hiring process, some red flags may arise even before an applicant joins the company. One common indicator is inconsistencies in the information candidates provide. Multiple profiles featuring similar photos, discrepancies in employment history or bare-bones professional profiles with little to no personal content can all suggest a fabricated persona.
Similarly, suspicious references often point to trouble; references who evade video calls, give vague or generic feedback or appear overly rehearsed may be complicit in concealing fraud. In some cases, candidates have even served as their own references, recycling connections across multiple applications. A lack of professional social media presence or a very small, self-referential network of connections can further raise questions about the authenticity of the applicant.
Red flags can continue to appear after you’ve hired a candidate. One of the clearest signs is a mismatch between claimed skill sets and actual on-the-job performance. Employees who cannot demonstrate the technical abilities or knowledge they presented on their resumes often indicate identity or outsourcing fraud. Low engagement with corporate tools or systems, particularly when the usage contrasts sharply with peers’ activity, can be another warning sign. Frequent changes to contact information, especially last-minute updates to addresses for equipment delivery or payroll, may indicate that the employee is attempting to reroute company resources.
Technical anomalies also deserve attention: remote access software installed without approval, the use of foreign IP addresses or VPNs, irregular video appearances or difficulty appearing in live meetings can all point to potential fraudulent activity.
Recognizing these warning signs early requires a careful, multi-layered approach. Any one indicator may not signify fraud on its own, but when multiple warning signs appear together, organizations have a clear signal to investigate further.
How to Strengthen Defenses Against Job Scammers
Our experience with Jo and with other instances of fraud shows that combating employment fraud requires layered, proactive strategies.
Enhanced Pre-Employment Screening
Conduct live, on-camera interviews for remote candidates and verify identification documents, ideally in person or via secure digital verification.
Comprehensive Reference Checks
Speak directly with verified contacts about specific responsibilities and work performance. Avoid reliance on self-submitted references alone.
Open-Source Intelligence (OSINT) Reviews
Use publicly available tools to validate online presence and consistency in work history, education and affiliations. Detect anomalies like duplicate photos or implausible career trajectories.
Cross-Functional Collaboration
HR, IT, security and legal teams should share findings and red flags. Often, a single team alone may not see the full picture.
Secure Onboarding and Access Controls
Limit access to sensitive systems until identity and credentials are verified. Implement multi-factor authentication and monitor for unusual activity.
Employee Awareness and Reporting
Encourage employees to report anomalies without fear of retaliation. Training should be role-specific so everyone knows what constitutes a red flag.
Community and Government Collaboration
Sharing threat intelligence, such as confirmed fraudulent identities, IP addresses or techniques helps the broader industry defend against organized fraud campaigns.
In addition, it is important to remember that fraud doesn’t just affect operations. It affects culture. When employees discover insider fraud or anomalies in hiring, it can erode their trust in you. Employees may feel anxiety, stress or doubt about leadership and their peers. Encouraging open communication, clear reporting channels and visible follow-through on red flags helps maintain engagement and a sense of security.
Blocking Scams Is a Shared Responsibility
Employment fraud is not a distant threat; it is evolving and increasingly sophisticated. As remote work remains the norm and AI tools become more accessible, the potential for fraud will only grow. Organizations must adapt, integrating technology, cross-functional processes and vigilant human oversight into hiring and onboarding practices.
Jo’s case serves as a powerful reminder: The risks aren’t abstract. They can walk in through the front door as a resume in your applicant tracking system, regardless of what type of company you are. By recognizing the warning signs, implementing layered controls and fostering collaboration across teams, organizations can protect themselves from significant financial, operational and reputational harm.
The fact of the matter is that, while fraudulent applicants are becoming more capable, organizations can become smarter. With diligence, awareness and proactive defenses, it’s still possible to hire confidently and safely.
