Table of Contents
If you're running a recruiting team right now, you’ve probably noticed applications are pouring in faster than ever, but half the pipeline feels wrong - candidates with perfect resumes who can't answer basic questions on a call, LinkedIn profiles that look polished but were created three weeks ago or people who ace a technical screen and then can't do the job on day one. If any of this sounds familiar, it's time to talk about fraud detection.
Applicant fraud is not a niche problem anymore, it's everywhere. We talk to hundreds of recruiting and talent leaders every year, and the conversation has shifted dramatically. A year ago, people were curious about fraud, but now they're dealing with it daily.
This guide is meant to be the resource we wish existed when the problem started accelerating - a simple breakdown of what applicant fraud actually is, how people pull it off, what it costs when they succeed, and how you can leverage fraud detection tools to catch them. Whether you’re looking for a fake resume checker or a full AI hiring fraud solution, this is your starting point
The AI hiring fraud landscape right now
Applicant fraud has roughly doubled in the last year and shows no signs of slowing down. The traditional research on resume fraud statistics show that by 2028 one in four candidate profiles worldwide will be fake (Gartner, 2026). Our data says we're far past that... 56%+ resume in a single technical remote pipeline are fake.
A few things happened at once to get here. Remote hiring became the default, which removed the natural identity verification of meeting someone face to face. Generative AI made it trivially easy to fabricate a convincing resume, cover letter, or code sample. Application volumes exploded, partly from real candidates, partly from bots and mass-apply tools flooding ATS systems with junk.
The result is a hiring funnel where a significant chunk of inbound applicants aren't who they say they are. We're not talking about someone rounding up their years of experience. We're talking about fabricated identities, fake work histories, proxy interviewers, and in some cases, organized operations backed by nation-state actors.
It used to hit engineering and IT roles the hardest - those functions sit closest to sensitive infrastructure and data. But now GTM roles, customer support, solutions architects or anything remote that touches customer data is a target. The barrier to faking an application is basically zero, and the payoff for getting hired (access to systems, data, or just a paycheck) makes it worth the effort for bad actors.
Most ATS platforms and traditional background check processes were never designed for fraud detection specifically. They were built to manage workflow and verify past employment after an offer, not to question whether a candidate is a real person at the top of the funnel. That gap between how sophisticated the attacks have gotten and how most teams are set up to catch them is the problem.
How people actually commit applicant fraud
There are a handful of tactics that show up over and over when it comes to applicant fraud. Here are the big ones -
Type 1: State-sponsored IT worker fraud: Foreign threat actors use stolen identities, VPNs, and proxies to infiltrate remote technical roles. North Korean IT worker fraud rings - flagged by the FBI, OFAC, and other agencies — are a growing and well-documented threat. Tofu's FraudAgent and Fraudbase detect the applicant fraud patterns, identity theft tactics, location anomalies, and profile inconsistencies these state-sponsored fraud rings rely on.
Type 2: Synthetic identity fraud: Fraudsters combine real and fabricated data - such as legit employment histories, credentials, and false contact details - to create synthetic identities that bypass standard screening. Tofu detects synthetic identity hiring fraud by cross-referencing billions of data points across the internet and its fraud network to surface inconsistencies invisible to human review.
Type 3: Proxy interviewer fraud: Some candidates hire stand-ins to complete technical interviews or live screens on their behalf - then show up on day one as a completely different person. Tofu's proxy interviewer detection flags identity mismatches, application patterns, and behavioral signals that indicate someone else took the interview.
Type 4: Location spoofing: Fraudulent applicants use VPNs, proxies, and GPS spoofing tools to fake their geographic location - hiding the fact that they're applying from a sanctioned country or misrepresenting their eligibility to work remotely. Tofu detects location spoofing in hiring by analyzing IP addresses, devices, document metadata, and location consistency across the application lifecycle.
Type 5: Deepfake video interviews: Real-time deepfake tech now lets someone alter their appearance and voice during a live video call. The person on screen looks and sounds like the headshot on the resume, but it's a completely different human. This is often combined with proxy interviewing: the proxy uses deepfake software to visually match the real applicant's photo, so even if someone checks recordings against the candidate's profile picture, everything appears to line up.
This technology is improving especially fast and detection is not keeping up.
What this actually costs you
The obvious cost is a bad hire, but the damage goes deeper than that.
Your team's time gets burned
Every fake application a recruiter reviews, every fraudulent candidate who makes it to a phone screen, that's time pulled away from real people.
Here's a simple way to think about it: say you have 1,000 applications for an engineering role and 40% are fraudulent. Even at 25 seconds per application for a quick review and LinkedIn check, that's 2-3 hours of recruiter time gone…on a single role. Multiply by the number of open reqs and it gets overwhelming fast. Over weeks and months, that means slower hires, missed candidates, and burned-out recruiters.
The financial hit compounds
A fraudulent hire that makes it to onboarding costs you investigation time, severance risk, re-hiring, lost productivity during the gap, and potentially the salary you already paid. For senior or technical roles, you're talking tens of thousands of dollars per incident.
Security risk
A fraudulent hire in an engineering or IT role has access to your codebase, internal tools, customer data, communication channels. We've seen cases where fraudulent insiders installed malware, exfiltrated source code, or created backdoors. One bad hire can become a company-wide security event.
Your pipeline data stops being trustworthy
When fraud pollutes the funnel, your metrics lie. Interview pass rates, source quality, time-to-hire, none of it means what you think it means when a chunk of the data is based on fake candidates. Hiring managers lose confidence, start second-guessing good candidates, and the whole operation slows down.
Real candidates pay the price
When teams are overwhelmed by fake apps, they add friction - more screening steps, longer timelines, more skepticism. The people who suffer most from that are your real, qualified candidates who are now jumping through extra hoops because the pipeline is full of noise.
How to solve this
Most hiring processes weren't built for this problem.
Background checks happen too late or ATS platforms were designed to manage stages, not verify identity..
What actually works is catching fraud at the point of application, before your team spends a single minute on a fake candidate. That's the highest-leverage move you can make.
This is where recruitment fraud detection software comes in. The right tool sits inside your ATS, scans every applicant automatically, and flags fraud before a recruiter ever opens the profile.
But not all tools are created equal. Here's what separates a real solution from a surface-level check.
It has to live in your ATS - If the fraud detection tool lives in a separate tab or requires manual lookups, adoption drops and fraud slips through. Detection needs to happen in-workflow automatically, on every application, with results showing up right where your recruiters already work.
It needs deep data, not just a LinkedIn check - Checking whether an email is deliverable or a LinkedIn profile exists is not fraud detection. Real detection cross-references applicant data against billions of data points - employment records, contact databases, device and behavioral signals, and known fraud networks. Surface-level signals catch surface-level fraud. The sophisticated stuff walks right through.
It needs to be fast - If results take days, your recruiter has already reviewed the application and scheduled a screen. Detection needs to happen at the moment of application, real time or close to it.
It should tell you why - A binary "fraud / not fraud" label doesn't help. Recruiters need to see what specific signals triggered a flag - unverifiable employer, mismatched contact info, patterns linked to known fraud networks, so they can make a call with full context.
It should get smarter over time - Fraud tactics evolve constantly and the tool (i.e. fraud detection software) needs to learn from new patterns, incorporate emerging signals, and adapt to the specific fraud types hitting your industry and roles.
How Tofu solves hiring fraud
Tofu was built from the ground up for this exact problem - applicant fraud detection for recruiting teams, embedded directly in your ATS.
Here's what that means in practice:
Every applicant gets scanned the moment they apply - Tofu's Fraud Detection Agent runs automatically on every application that hits your ATS. No manual triggers, no batch jobs. By the time a recruiter opens a candidate profile, the fraud assessment is already there.
Validation against 4+ billion data points - Tofu checks applicant information across dozens of open and closed-source databases - contact data, employment records, identity markers, behavioral patterns.
A proprietary fraud database built from 5M+ analyzed profiles - This is the part that's hard to replicate. Tofu has analyzed millions of applicant profiles across hundreds of companies, building a Fraudbase that captures the specific patterns and signatures that show up in fake applications. That means it catches things generic data lookups miss because it's been trained on what real applicant fraud actually looks like at scale.
Both deterministic and probabilistic scoring - Tofu uses hard signals (an IP on a known blacklist, a phone number tied to compromised credentials) to instantly block obvious threats, and layered probabilistic models (behavioral anomalies, device patterns, cross-application signals) to catch the more sophisticated stuff. You need both.
Results show up directly in your ATS - No extra tab or separate needed. Tofu integrates with 32+ ATS platforms — Greenhouse, Lever, Ashby, Workday, Gem, and more and labels every applicant right inside the workflow your team already uses. Fraud details get added to application notes and suspicious candidates can be rejected with one click.
Customizable to your patterns - Every company sees different fraud depending on their industry, role types, and geography. Tofu lets you integrate your own signals and adjust thresholds so the system catches what's actually hitting your pipeline, not just generic fraud patterns.
The result:
Your recruiters spend their time on real candidates
Your pipeline data is clean
You're not paying to interview people who don't exist
Your security team can sleep a little better knowing fraud isn't walking through the front door.
Where to go from here
Applicant fraud isn't going away, but you don't need to rebuild your hiring process to deal with it. The single highest-impact move is automated fraud detection at the top of the funnel, where it saves the most time and catches problems before they compound.
If you want to see what that looks like inside your ATS — book a demo with Tofu.
Your team has better things to do than sort through fakes.
FAQs
What is applicant fraud detection?
Applicant fraud detection is the process of identifying job candidates who are misrepresenting their identity, qualifications, or intent during the hiring process. This includes catching fabricated resumes, stolen identities, proxy interviewers, deepfake video calls, and AI-assisted cheating. Modern fraud detection tools automate this at the top of the funnel by scanning applications the moment they hit your ATS, cross-referencing applicant data against large-scale databases and known fraud patterns.
What's the difference between resume fraud and identity fraud in hiring?
Resume fraud is when a candidate exaggerates or fabricates their own qualifications - fake job titles, invented employers, inflated experience. Identity fraud goes a step further: the person applying isn't who they claim to be at all. They may be using a stolen identity, an impersonated LinkedIn profile, or a completely synthetic persona. Identity fraud is harder to catch because the credentials being used often belong to a real person with a real career history.
Can my ATS catch applicant fraud on its own?
Probably not. Most ATS platforms were built to manage recruiting workflows like tracking candidates through stages, scheduling interviews, collecting feedback. They weren't designed to verify whether an applicant is a real person. That's why dedicated fraud detection tools that integrate directly with your ATS are becoming essential. They add a verification layer at the point of application without requiring your team to change their workflow.
What should I look for in a fraud detection tool for recruiting?
The biggest things: direct ATS integration so it works in your existing workflow, deep data validation (billions of data points, not just a LinkedIn check), real-time or near-real-time scanning, transparent risk scoring that shows you why a candidate was flagged, and the ability to customize signals for your specific industry and role types. Avoid tools that only check surface-level signals like email deliverability, that's not going to catch the sophisticated fraud hitting pipelines today.
