Last year, cybersecurity firm KnowBe4 uncovered a North Korean operative posing as an IT employee, igniting global concern about fraudulent workers infiltrating companies. The issue has expanded worldwide, with security experts warning that these scams are now widespread and increasingly sophisticated. Fraudulent operatives not only siphon salaries to support hostile regimes, but are also engaging in extortion schemes, remarkably scaling their operations using generative AI and deepfake technology.

One notable case involved Pindrop, a company specializing in voice security and fraud detection, which received over 800 job applications for a single posting—over 100 of which were fabricated using AI-generated resumes, fake credentials, and deepfake technology for video interviews. Pindrop’s own deepfake detection system foiled a sophisticated scammer, 'Ivan X', who twice attempted to secure a role—ironically, on the deepfake detection team—by using manipulated video and audio. Their software flagged facial movement inconsistencies, audio lag, and unnatural pauses, exposing the deception.

Eight days after the first attempt, the scammer reapplied using a different recruiter, but with the same identity—showing improvements in deepfake execution but ultimately failing again. This incident showcased an ongoing, coordinated effort targeting the company and highlighted that deepfake job applicant scams are not isolated events. Pindrop now proactively sets 'honeypot' interviews to test and improve their detection technologies as these attacks continue.

Experts including Matt Moynahan, CEO of GetReal Security, stress the seriousness of the threat, warning that deepfake-enabled impersonation is outpacing current security measures. With predictions that by 2028, one in four job candidate profiles will be fake, organizations face an unprecedented scale of risk; millions of deepfake applications are anticipated yearly in the US alone.

The rise of remote and virtual hiring amplifies the threat, making it easier for fraudsters to bypass traditional checks. Both Balasubramaniyan of Pindrop and Moynahan agree that detection capabilities—and broader changes in hiring practices—are essential. That includes verifying identities more rigorously and being skeptical about everyone on a video call. They suggest a 'trusted applicant' screening model, similar to airport security's PreCheck, may help address future challenges.

Deepfake technology offers fraudsters a powerful tool to scale social engineering and candidate fraud, and security leaders are urged to remain vigilant, implement advanced detection systems, and rethink how identity is verified in digital hiring processes.