How To Unveil Deception and Identify Fake Job Candidates in Real Time
July 15, 2026
AI has transformed hiring fraud, making it easier than ever for fake candidates to infiltrate engineering and AI roles using deepfakes, proxy interviews, and stolen identities. Learn the warning signs, interview techniques, and verification steps that help recruiters separate genuine talent from sophisticated fraudsters.
Since I first wrote about the growing challenge of fake candidates a few years ago, advances in AI and remote hiring have made it dramatically easier for bad actors to impersonate qualified candidates. The fake candidate problem didn’t go away. It got smarter.
Today, hiring fraud in technical roles has become one of the most pressing risks in engineering hiring. The scale has grown, the tools are more convincing than ever, and the motivations range from individual financial fraud to state-sponsored infiltration.
In my strategic talent partner firm, we have had clients come to us because their highly experienced internal recruiters are struggling to fill AI and machine learning engineering roles. After taking over candidate pipelines that included fraudulent candidates the company did not know about, we have developed a sharp eye for the “tells” that can help you spot fraudulent candidates.
Since good recruiters, even very experienced ones, are getting fooled, we want to share what we know so you can avoid the costly missteps we have seen happen in real time.
Why Engineering Roles, and Why Now
You are unlikely to encounter this challenge when hiring a project manager or sales rep. Fraudulent candidates focus almost entirely on software engineering, particularly roles involving AI, machine learning, and cloud infrastructure. The reasons are straightforward: these positions are typically remote, removing the friction of in-person interactions that would quickly expose fraud; they offer access to sensitive systems, source code, and proprietary data; the pay is high, making even a brief engagement financially worthwhile; and a new laptop or equipment issued for a few interview sessions has its own value.
The motivations split into two categories. Some fraudsters want to get hired, collect a paycheck, and disappear. Others are far more serious: gaining a foothold to steal intellectual property or sensitive customer data.
In documented cases, the threat is geopolitical. U.S. authorities have prosecuted hundreds of cases involving North Korean state-sponsored workers using stolen American identities to infiltrate tech companies. According to CrowdStrike’s 2025 Threat Hunting Report, the number of companies unknowingly caught up in one such scheme grew 220% in a single year. Mandiant’s CTO has stated publicly that virtually every Fortune 500 company has received applications from these actors, and most CISOs have admitted to hiring at least one.
This is not just a Fortune 500 problem. It is happening at far smaller companies.
What to Look for Before the Interview
Fraud usually begins at the application stage, though fabricated profiles also appear in proactive sourcing. A few things worth scrutinizing:
- A resume that hits every qualification in your job description without a single imperfection. AI tools now generate and optimize resumes against job descriptions and applicant tracking systems.
- Suspiciously clean employment history through unusual periods, like the COVID era when most professionals had gaps or pivots, is another tell.
- A thin or inconsistent LinkedIn presence. A senior engineer with a decade of experience and no profile, or one with 500+ connections but no endorsements, no comments, and no mutual connections from companies where they claim to have worked, is missing the footprint real professionals leave behind.
- GitHub activity that does not hold up. Look at contribution history over time. A burst of recent commits on a years-old account often signals a purchased or borrowed profile. Pick a specific commit from six months ago and ask the candidate to walk through it in the interview. A fraudster cannot navigate a codebase they did not write.
- Reused AI-generated photos. A reverse image search on a profile picture sometimes turns up the same face across multiple fake identities. Always confirm that the LinkedIn photo matches the person on your video screen.
- Geographic inconsistencies. When one of our recruiters noticed a candidate’s listed address in Santa Fe Springs, California, a simple question — “Is that northern or southern California?” — exposed the fraud instantly. The candidate had no idea.
Three Types of Interview Fraud
An eagle eye when screening candidates is one thing. The larger challenge is the video interview, where you need to be aware of three distinct types of fraud.
These fall under the realm of deepfake videos. Using inexpensive, widely available software, a fraudster can superimpose an AI-generated face over their own in real time, complete with lip-syncing and voice cloning. Detection is imperfect, but you can learn some of the tells:
- Blurring or pixel distortion around the hairline, eyes that slide rather than move organically, or anything that feels visually off. Ask every candidate to wave a hand in front of their face and turn their head side to side. Real-time face mapping frequently glitches when the face moves in profile or something passes in front of it. Frame it as routine: “We do a quick security check at the start of all our video interviews.” If the candidate suddenly experiences technical difficulties, pay attention.
- Proxy interviews. The person on screen is real, but someone else is supplying the answers, off-camera or through an earpiece. Watch for audio that is perfectly clear while mouth movements lag slightly, excessive coughing or hand-covering to mask lip-sync gaps, or the sound of typing that does not match what the candidate’s hands are doing. A consistent pause of three to five seconds before every answer, including simple icebreakers, is a strong signal someone is waiting on a prompt.
- AI-assisted responses are the most common, yet hardest to catch. Software listens to the questions and generates answers fast enough for the candidate to read back. Their gaze drifts above or past the camera rather than toward it. Answers sound fluent but hollow, perfect jargon and clean structure but no human messiness. Interrupt their flow and you may see things fall apart.
How to Break the Pattern in Real Time
If something feels off, disruption is more effective than confrontation. Cut into a polished, long-winded answer with something unscripted: “Sorry to jump in, but on that project, who pushed back hardest on the idea, and what exactly did you say to them?” A real candidate pivots. A fraudulent one loses their place.
Ask for the messy version. AI handles “what” and “how” reasonably well. It struggles with the texture of actual experience. “Tell me about a day when everything went wrong. What was the very first thing you did?” or “What feedback from your manager did you disagree with?” Genuine candidates remember the specifics. Fraudulent candidates retreat to high-level language.
Request a live screen share. Ask the candidate to open a blank document and sketch an architecture or pull up a repo they mentioned and walk through a specific function. This is where proxy and AI-assisted fraud is hardest to sustain. Sudden permissions issues or internet lag the moment you ask to see their screen is a red flag.
If you suspect fraud, do not tip your hand during the call. Document what you observe and confirm afterward.
Build Layers of Protection
No single step catches everything. The goal is to make fraud progressively harder to sustain by deploying the following steps:
- Tell candidates before the interview that cameras are required throughout and that a brief security check happens at the start. Fraudsters sometimes withdraw before you even meet them.
- Require government-issued ID through a secure channel before late-stage interviews, and compare it to the live video. This step alone stops a significant portion of fraud.
- Use live technical assessments with screen sharing rather than take-home work. Watching someone think and troubleshoot in real time is extremely difficult to fake.
- Verify references by finding the company’s main number independently rather than using contact information the candidate provides. Ask questions only someone who worked with them could answer.
- Pay attention to digital backgrounds. A virtual background on its own is not suspicious. Combined with other flags, it is worth noting.
- Require at least one in-person touchpoint. Simply stating that your process includes an in-person step causes many fake candidates to withdraw on their own.
- Trust the discomfort. Experienced recruiters consistently describe a specific feeling when something is off: answers that are stiff, a resume that seems too perfect, a reluctance to go deeper on any topic. That instinct is real. An extra verification step costs far less than a bad hire, or a security breach.
Why a Recruiting Partner Changes This
Even skilled internal recruiters are struggling with fraudsters, and not because they lack ability. Catching fraud requires pattern recognition built across hundreds of candidate interactions. When you only hire a handful of engineers a year, you don’t see enough to calibrate those instincts.
At my company, our team has been building and refining fraud-detection protocols for high-risk technical roles, including the field playbook that informed much of this article. When clients have come to us mid-search, unsure about candidates already in their pipeline, we have been able to identify what they could not quite name.
In the age of AI, the human judgment at the center of great recruiting has never mattered more.
Contributed by Peggy Shell, an EO Colorado member who is the founder and CEO of Creative Alignments, a strategic talent partner firm that helps purpose-led businesses build high-performing teams.