Deepfake Impersonation in Remote Hiring

Remote jobs unlocked the possibility of tricking companies into hiring fake candidates. Fraudulent job seekers, deepfake candidates, and synthetic identities are entering hiring funnels at a pace that would have been unthinkable even two years ago.

Recruitment and onboarding processes, designed to prioritize efficiency and candidate experience, often lack safeguards strong enough to handle this level of identity manipulation. As remote work expanded, many organizations moved interviews, onboarding, and document verification online. Without physical interaction, fraudsters can use AI to assemble convincing synthetic identities that slide through these steps unnoticed.

The result is a hiring environment where organizations can unknowingly let synthetic identities straight into their workforce. The the KnowBe4 hack, where the company accidentally hired a North Korean cybercriminal as a remote IT worker under a stolen identity, shows how easily deepfake applicants can move through screening controls built around virtual hiring.

Deepfake Candidates Are No Longer Rare

Deepfake identities are now flooding screening pipelines across industries, and the risks extend far beyond payroll fraud. A synthetic hire can misuse resources, access sensitive systems, or expose regulated data, creating financial loss, operational disruption, and reputational damage. In more serious cases, a false identity can extract intellectual property or customer information as part of a broader social engineering or espionage effort. And when a synthetic applicant is tied to a sanctioned nation, even routine payroll can become funding for illicit activity abroad, elevating the issue to a national security concern.

Real-world hiring data shows how quickly this problem is accelerating. In May 2024, the US Department of Justice revealed that more than 300 companies had unknowingly hired remote workers tied to North Korea who used stolen American identities, generating at least 6.8 million dollars in revenue for the regime while operating inside legitimate US businesses.

Many companies are also reporting large volumes of synthetic applicants created with off-the-shelf AI tools. As Reality Defender CTO Alex Lisle shared during our Deepfake and Synthetic Media Cyber Panel, one cybersecurity company conducted 10,000 interviews last year and discovered that 6,000 were deepfaked. More broadly, Gartner projects that by 2028 one in four job candidate profiles worldwide will be fake.

Modern AI makes it easy to create convincing digital personas with natural looking video and realistic speech. This affects every stage of hiring. During the application phase, attackers can fabricate credentials, references, and work histories that appear legitimate. During early screening, they can spoof email, messaging, or phone outreach while posing as the candidate or their references. By the interview stage, a fully constructed persona can appear live on camera, making it difficult for teams to distinguish a genuine applicant from an AI generated impostor.

This shift has fundamentally changed the risk landscape. Recruiters and hiring managers are no longer assessing only experience and skill. They must now determine whether the person on screen is a genuine applicant, or an AI constructed identity built to gain trusted access.

How Companies Can Strengthen Defenses

There is no single solution, but companies need a structured approach across hiring, identity, and security operations. Key actions include:

Train Recruiters and Hiring Staff to Spot Synthetic Behavior

Recruiters should be trained to recognize the signals that distinguish real applicants from AI-generated identities. Hiring teams need to understand how deepfake candidates present themselves, what warning signs to look for, and how to introduce simple verification steps that disrupt synthetic personas. Last year’s Ferrari CEO impersonation attempt showed how one well-chosen verification question from a prepared interviewer can expose a synthetic persona and remains one of the most effective defenses.

Require In-Person Interviews When Possible

While fully onsite interviews are not realistic for every organization, they remain the strongest defense against deepfake manipulation. At Dune Security, every position requires an in-person verification step, and we strongly recommend that organizations build similar safeguards into their process. Even a brief meeting or document check in person can block synthetic applicants who rely on remote anonymity.

Report Any Suspicious Activity to IT Immediately

Any irregularities during screening, unusual audio or video behavior, mismatched location details, or inconsistencies in a candidate’s digital presence should be reported to IT immediately. IT teams can investigate device fingerprints, network routes, metadata, and other technical signals that hiring staff cannot assess. They can also help verify identity elements across external sources such as LinkedIn and other public records. Early escalation prevents suspicious candidates from progressing without deeper review.

Use Advanced Detection Tools

Modern detection tools can help companies verify whether a candidate’s audio, video, or documents show signs of synthetic manipulation. These systems analyze media for artifacts and anomalies that are invisible to the human eye and can flag potential synthetic identities early in the process. Our partner Reality Defender adds a powerful layer of defense with award winning AI models that detect deepfake and AI-manipulated content with high accuracy.‍‍

Your candidates may be fake, but the risks to your organization are real. Any company concerned about deepfake infiltration or gaps in its hiring process should act now to reduce exposure and strengthen identity safeguards.