Companies across every industry are now facing a new kind of fraud: fake job applications powered by AI. Fake job applications have surged in recent years, and what started as an isolated hiring headache has become a serious security risk.
Using off-the-shelf AI tools, anyone can now create extremely realistic fake resumes, professional headshots, online portfolios, and LinkedIn profiles in seconds. The result: a fake job seeker who looks like your ideal candidate.
We experienced this firsthand recently. A candidate passed our screening process and even aced a few interviews to get to the final stage of our interview process. But something felt off, so I suggested meeting the candidate in person. That's when the candidate immediately declined and deleted their LinkedIn profile. It wasn't a random job application gone wrong. It was a deliberate fake.
Gartner predicts that about 1 in 4 job applicants will be fake by 2028. Based on our internal data and recent conversations with customers, those numbers are already conservative. Companies are seeing hundreds of fake job applications and suspicious candidates each week, and fake job seekers are flooding hiring pipelines faster than most teams can keep up. Considering the speed at which AI has been evolving, these numbers are only going to continue to grow.
What started as a hiring problem is quickly becoming a security issue. CISOs are increasingly flagging fake job applicant fraud as a new attack vector into the enterprise. Unlike traditional cyberattacks that target systems from the outside, fake hires attempt to bypass controls by entering through trusted internal access.
Why are fraudsters targeting job applications?
Most large companies have robust systems to detect financial fraud and cybersecurity attacks. But their hiring processes have been optimized to filter out candidates who aren’t a good fit for a role, not to identify fraudulent candidates. That gap makes the application process an easy target.
If a fraudster gets hired, they can steal your data and IP, defraud your business and customers, enable fraudulent operations using employee credentials, or engage in salary arbitrage by falsely claiming to live in high-cost areas.
The most concerning threats come from organized rings targeting courier and delivery roles to steal valuable goods, and nation-state actors attempting to infiltrate software engineering roles for IP theft and system exploitation.
It's not just traditional fraudsters either. People in the "overemployed" movement are using these same tactics to land multiple remote jobs simultaneously, maximizing their earning potential while deceiving employers about their availability and commitment.
How to detect a fake job application
While these scams are getting more sophisticated, there are still signals that can help you spot fake or high-risk candidates during your hiring process.
Watch for fraudulent resume inconsistencies
Real candidates often have small discrepancies as they update profiles at different times, but fake profiles tend to be either perfectly consistent (because they were created all at once) or have mismatches between their LinkedIn profile and employment dates, job titles, and resume gaps. Knowing how to evaluate fraudulent resumes is the first step to catching fake applicants early.
Look for AI-generated content
Resumes created by AI usually have a formulaic structure, overuse certain phrases like "results-driven" or "detail-oriented," and contain an unusual number of em dashes (—). Tools like QuillBot can tell you the likelihood that a resume or cover letter has been written by AI. But be careful not to automatically disqualify these candidates, as many legitimate job seekers use AI tools to improve their resumes. The key is differentiating between using AI and AI-generated content that doesn’t match identity or behavior signals.
Pay attention during video interviews
Poor video quality isn't always a red flag, but unnatural lighting, lip-syncing issues, or candidates who avoid turning their head can be signs of potential deepfake use. However, these tools are getting a lot harder to detect. We’ve seen recent cases where the user can wave a hand in front of their face, change lighting, and make quick movements without any glitching.
Notice behavioral red flags
Be cautious with candidates who are unusually eager to start immediately, accept offers without any negotiation, or act suspiciously when you suggest meeting in person or changing interview formats. Genuine candidates typically have questions about the role, company culture, or growth opportunities.
Why human review isn’t enough
Skilled fraudsters know how to bypass individual checks. But the real challenge isn’t in spotting a single red flag in isolation, but in correlating signals across identity, device, network, and behavior to detect large-scale or coordinated abuse.
This means validating whether a candidate’s claimed location aligns with their IP address, device characteristics, and network behavior. It requires detecting candidates using VPNs, location spoofing techniques, or virtual machine environments designed to mask true origin. It should also include identifying signs of automation, such as scripted keyboard and mouse patterns, as well as recognizing when the same device or environment is being used to submit more than one application.
Finally, effective detection requires validating that core identity signals, such as phone numbers, email addresses, and supporting identity data, consistently point to the same real person, rather than a stitched-together or fabricated identity.
How Sardine can help you detect fake job applicants
Sardine helps companies detect fake job applicants by embedding fraud and identity signals directly into the hiring process, without disrupting legitimate candidates or your existing workflows.
During job applications
Sardine integrates seamlessly into applicant tracking systems and hiring platforms to assess risk the moment while an application is being submitted, and continuously throughout the hiring lifecycle. At this stage, the focus is on validating the information candidates provide and identifying inconsistencies early, before they progress further.
Sardine evaluates signals like:
- Identity consistency: Do the applicant’s email address and phone number belong to a verifiable individual? Have these identifiers been consistently used together before? Do they align with trusted external records?
- Email risk signals: Is the email address newly created? Is the domain reputable? Has the email been associated with prior abuse?
- Device environment: Is the same device submitting multiple applications? Is the candidate using a setup designed to hide their identity?
- Bot and automation detection: Was the application completed too fast for a human? Was information entered automatically rather than typed or selected manually?
- Location integrity: Are the IP address, device signals, and network data consistent with the applicant’s stated location? Are there signs of IP masking, proxy usage, or location spoofing?
During job interviews
Once an application has passed your screening process, Sardine continues to assess risk during live interviews. At this stage, the focus is on confirming that the person on the screen is the same individual who applied, and that they’re not misrepresenting their identity or location.
Sardine checks for candidates that may be:
- Masking their true location with a proxy or VPN: Whether the candidate is masking their location using a proxy or VPN. Sardine can pierce these tools to reveal a user’s true location and IP address, so you can confirm it matches what they claim.
- Using video manipulation and deepfakes: If the webcam feed is being altered using deepfake tools, or there’s a virtual camera being used to insert a pre-recorded or fabricated video feed.
- Exhibiting odd or suspicious behavior patterns: Maybe the candidate is frequently switching between windows, minimizing the interview, or interacting with off-screen applications in ways that suggest scripted assistance, prompt injection, or real-time coaching.
In this demo, you can see the signals that Sardine used to flag this fake candidate. Though the candidate was able to create a convincing surface-level profile, they can’t fake the underlying technical fingerprints.
Automate checks using your own hiring logic
You can also create custom rules within Sardine that automatically run the checks your hiring team would otherwise have to perform manually.
Using Sardine’s data, you can flag when a candidate’s location, device, browser, or operating system changes between application and interview, detect reuse of the same identity or device across multiple applications, or escalate interviews when suspicious behavior appears.
This automates review, reduces manual effort, and ensures every candidate is evaluated consistently using the same criteria.
The cost of getting it wrong
For CISOs and hiring teams, the risk is clear: a single fraudulent hire can bypass months of security hardening and walk straight into privileged internal access. But with the right detection in place, you'll never have to wonder if your next great hire is actually a sophisticated fraudster.
If you’d like to learn more about protecting your hiring process, reach out to us at sardine.ai/contact.
FAQs
What is a fake job applicant?
A fake job applicant is a candidate who uses AI-generated resumes, synthetic identity documents, or deepfake video to misrepresent who they are during a hiring process. They are typically motivated by access to corporate data, payroll fraud, or insider placement by a fraud ring or state actor.
How do you detect a fake job applicant?
Detection works by correlating identity signals (email, phone, document), device signals (IP, browser, geolocation), and behavior signals (typing cadence, video authenticity) across application and interview stages. No single check is enough; the combination is what separates legitimate candidates from fraudsters.
What is the difference between candidate identity fraud and fake job application fraud?
Candidate identity fraud is the impersonation of one specific real person. Fake job application fraud includes that plus fully synthetic identities and deepfake-assisted interviews. The synthetic-identity case is harder because there is no real victim record to match against.
Can ATS systems alone catch fake job applicants?
Most applicant tracking systems are optimized for funnel speed, not fraud detection. They lack the device-intelligence, behavioral-biometrics, and email-risk signals needed to spot AI-assisted applications. A layered approach (ATS plus fraud-and-identity layer) is the working pattern for regulated industries.
Is fake job applicant fraud regulated?
Yes, indirectly. Misrepresentation in hiring touches SEC disclosure, GLBA, HIPAA, and SOC 2 frameworks once a fraudulent hire has access to regulated data. CISA and the FBI have both issued advisories on North-Korea-linked IT-worker schemes infiltrating US companies through fake job applications.