I spent two days this week in conversations that genuinely shifted my thinking and at this point in my career, that doesn’t happen as often as I’d like.
It started with watching Jason Roberts and Andrew Gadomski on JobSync. Andrew framed candidate fraud in a way I hadn’t encountered before, and I’ve been sitting with it since. He used three distinct categories - Misinformation, Disinformation, and Mal-Information - as the scaffolding for the problem. I won’t do justice to his full argument here, but the distinction matters more than most of us have been willing to admit. Misinformation is inaccurate but not necessarily intentional. Disinformation is deliberate. Mal-Information uses real facts to cause harm. All three show up in a modern recruiting pipeline. We’ve been calling it all “candidate fraud” and moving on.
The day after, Chris Hoyt and I sat down with Taylor Liggett, Chief Growth Officer at ID.me. The conversation changed the frame again.
Let me give you some numbers first, because I’ve learned the hard way, and over a long time, that opinion without data is just noise.
- A 2024 survey of more than 2,100 U.S. adults found that 64% had misrepresented something on an application... prior salary, skills, work experience. The majority of your applicant pool has introduced some form of inaccuracy into the screening process.
- Deepfake attempts in hiring contexts reached one every five minutes in 2024.
- Synthetic identity fraud, where real and fabricated data are blended to create a persona that never actually existed, hit $3.3 billion in exposure across industries last year.
- The FTC reported job-related scam reports tripled from 2020 to 2024, and the amount consumers reported losing to these scams jumped from $90 million to $501 million in that time.
- Federal authorities seized $1.5 million and 17 domain names in 2023 as part of an investigation into North Korean IT workers using false identities to hold remote positions at U.S. companies. The FBI has issued a formal advisory.
I’m not raising this to induce panic. I’m raising it because “candidate fraud” is no longer a monolithic problem. It is a spectrum - from the assistant who padded their resume with a credential they’re still working toward, all the way to a state-sponsored actor sitting in your remote IT environment.
Here is where my thinking shifted this week.
I’ve been skeptical of the breathless vendor claims about the scale of fraud and I remain so. “As large as some would have us believe” is not the same as “confirmed at that scale.” But the conversation with Taylor, and what the data above actually supports, is that authentication has moved from a nice-to-have to a first-order priority. Not background screening as we’ve traditionally practiced it - verification that happens after the offer - but authentication that begins at the top of the funnel and recurs at meaningful stages of the candidate journey.
The math isn’t complicated. A company hiring 200 people a year at an average salary of $80,000, applying a conservative 4% material fraud rate and a 15% detection failure rate, faces close to a million dollars in expected annual bad-hire costs... and that’s before legal exposure, regulatory penalties, or reputation damage. The Association of Certified Fraud Examiners has found that structured screening programs reduce occupational fraud incidents by roughly 28%. The U.S. Small Business Administration estimates a return of $5 to $16 per dollar spent on employment screening.
The ROI isn’t the argument anymore. The argument is whether we’re treating authentication as a cost center or a control.
There is a meaningful difference between a candidate who exaggerated a job title by one level and a candidate who fabricated an identity wholesale. Both represent a failure of the hiring system but they require different responses. The former is a verification problem. The latter is an authentication problem. We have spent decades building infrastructure to address the first. We are in the early innings of building infrastructure for the second.
The immediate practical implication is this: TA leaders should be considerably more rigorous about accepting submissions from independent job-seeking agents who apply on a candidate’s behalf without confirmed, documented candidate authorization. An agent submission the applicant doesn’t know about isn’t representation… it’s noise with liability attached. Filtering that noise early has real value. Some employers should also consider pulling down job postings earlier in the process as a structural response as it reduces the window for bad actors to exploit open requisitions and is a change that can be made now, without waiting for new tooling.
But that’s a short-term frame. The longer-term question, and the one Taylor and I spent the most time on, is how we build a trusted layer for what will eventually be necessary: a validated, candidate-authorized agent who can engage our recruiting systems on behalf of a real person, with confirmed identity and confirmed intent. That’s not science fiction. It is, at this point, an engineering problem. And the recruiting industry is going to need to be ready for it.
Context is everything. I’ve said it before and I’ll keep saying it.
The recruiting profession has spent decades building practices that are fair, documented, and defensible. We have standards - ISO 68220, SIOP guidance, established jurisprudence on adverse impact - that represent real intellectual and ethical work. The current fraud environment doesn’t invalidate those practices. It adds a layer of complexity they weren’t designed to address.
The cost of failure to move on authentication in 2026 is not hypothetical. It is accumulating, quietly, in bad hires, in compromised systems, and in the erosion of trust that makes the whole enterprise of matching people to meaningful work harder than it needs to be.
This is a signal worth tracking. More to come.
#CandidateFraud #Talent-Acquisition #Authentification #TAStrategy