Unfortunately, you can add fake remote candidates to the scams targeting employers. The results are varied: You might be confused that the person you interviewed doesn’t seem to be the same person you hired, or your company laptop or equipment goes missing—as does the new employee—not long after they start. Worse yet, the fake remote candidate may have accessed sensitive data or funds.
Scams targeting job seekers are a dime a dozen. It’s nearly impossible these days to find a candidate who hasn’t been targeted, particularly when it comes to remote jobs. But employers are being scammed, too. It’s become a significant risk when hiring remote workers.
The FBI sounded the alarm about fake remote candidates with a 2022 alert about deepfakes and stolen Personally Identifiable Information (PII) used to apply for various remote work and work-at-home positions. The scam, which we’ve covered on our blog, is quite sophisticated and uses AI-dependent deepfake technology to spoof candidates’ voices or even live video images.
But other scams involving fake remote candidates don’t rely on sophisticated AI. One, for instance, is simply a matter of bait and switch.
“Many employers have complained about not getting the very capable employees they interviewed,” explains computer security expert Roger A. Grimes. “In some of the cases, the fake candidate is truly a very knowledgeable and capable potential employee, but they are just involved in the hiring process to get the job (make it through the interview and technical questions), and then they hand off the job to a far less capable employee (for a cut of the salary).”
The scam isn’t just annoying; it can be a significant security concern. Not long ago, it was discovered that thousands of remote information technology workers contracting with U.S. companies secretly sent millions of dollars of their wages to North Korea for use in its ballistic missile program.
And then there’s a scam involving fake remote candidates we’re witnessing locally. It involves stolen laptops and equipment.
Here’s a sample scenario shared to the Sysadmin thread on Reddit:
“I received an alert by Computrace/Absolute that a device had been tampered with. By company policy, I froze the device and made a report. I come to find out that our newly hired Developer (3 weeks into the job) had attempted to deactivate our encryption software and was looking to steal our device…he quit almost immediately after his device was frozen and is refusing to return the device.”
Unfortunately, there’s no silver bullet for preventing fake remote candidates from taking advantage of you. But you can help reduce risk by:
- Ensuring your hiring, IT, and legal teams are on the same page and are aware of potential threats.
- Staying current on trends, alerts, regulations, and best practices regarding security risks, background, screening and identification checks, and more. (Here’s an example.)
- Using a reputable recruiting partner that understands best practices and potential risks.
- Conducting in-person interviews. Find a way to meet in person at some point during the hiring process.
- Heeding red flags. Pay attention to things like the candidate claiming they can’t use their camera during a video interview, not having a social media presence, or providing assessment results that don’t match the skills they claim to have.
Hiring fake remote candidates has repercussions that can echo far and wide throughout an organization. Like all too many scams, they’re nearly impossible to eradicate, but awareness and best practices can help you avoid some sticky situations.
Don’t miss out! Click the link above & subscribe to our monthly email featuring these valuable insights.
