AI CV Applicant Fraud

AI CV applicant fraud involves the use of generative AI tools to fabricate credentials, work histories, reference letters, and portfolio materials at scale, combined in more sophisticated variants with real-time deepfake video technology used during job interviews. The goal may be to obtain employment and a salary under a false identity, to gain access to an organisation's internal systems and data, or to pass an initial screening process that is then handed off to a different person for the actual role.

For employers, the harm ranges from wasted recruitment resources through to significant security breaches when fraudulent employees gain access to client data, proprietary systems, intellectual property, or financial accounts. Regulated industries — financial services, healthcare, legal, defence — face particularly acute risks when a fake employee bypasses standard vetting. For legitimate job candidates, the scam distorts hiring pipelines, makes screening harder for everyone, and may result in false references polluting recommendation ecosystems.

For a distinct set of victims — typically small businesses or individual hirers who believe they have hired a remote worker — the fraud extends to continued fraudulent salary payments for work that may be performed by a large language model or not performed at all, while the 'employee' is simultaneously 'working' for dozens of other employers using the same method.

AI tools generate a complete, internally consistent professional identity: a CV tailored to the specific job description, a LinkedIn profile with a realistic career arc, a portfolio of work samples or case studies, and reference letters in appropriate professional voices. The generated documents are calibrated to contain the keywords and skills listed in the job advertisement, passing automated CV screening systems with high scores.

Screening calls may be handled by text or with a human or AI voice, equipped with scripted answers that anticipate common interview questions for the stated role. Where a video interview is required, some variants employ real-time deepfake software to present a fabricated face — typically constructed from a composite of stock images or AI-generated portraits — over the operator's own camera feed. The persona maintains consistency across multiple interactions through detailed backstory notes and AI chat assistance.

Once placed, a fraudulent employee operating for financial gain will target whatever is most valuable in the role: access to client records, credentials for internal systems, proprietary code or designs, or simply continued salary receipt for minimal actual output. In data-theft variants, the placed individual systematically downloads and exfiltrates material before discovery. In salary-farming variants, the 'employee' uses AI to handle email and produce minimum viable outputs while simultaneously running the same operation with other employers.

Remote work normalisation has created a hiring environment where many roles are filled without the candidate ever attending a physical location, making physical identity verification obsolete for large portions of the job market. Background checks that would catch a fabricated identity in a face-to-face hire are often either skipped in remote hiring or relied upon through third-party services that can themselves be spoofed with AI-generated documentation.

Automated CV screening systems are optimised for keyword matching and formatting rather than authenticity detection. An AI-generated CV calibrated against the job description will typically score higher than a genuine but imperfectly formatted CV from a real candidate, passing filters that were designed to reduce recruiter workload rather than to authenticate applications.

The video interview, which is widely understood as a strong identity-verification step, has been undermined by the availability of real-time deepfake technology. The cultural assumption that 'we saw them on video' as confirmation of identity is being exploited in exactly the same way it is in executive impersonation video call fraud.

A small technology firm hires a remote developer after a CV screening, a video interview that passed without issues, and two reference checks by email. Several months into the role, the developer consistently delivers output that seems to meet minimum requirements but never exceeds them. An internal security review reveals that a large volume of codebase files and client data were downloaded in bulk on several occasions. The developer's listed previous employer confirms no record of employment. The LinkedIn profile associated with the candidate disappears shortly after the firm raises questions. The identity used for employment was entirely fabricated.

Please find my CV attached — I have tailored my application specifically to your requirements at [company].

I'm happy to proceed with a video interview at your convenience. I have strong experience in [every listed skill].

My references at [company] can be reached at [email address provided by candidate].

I may have some connectivity issues during the video call — please bear with any video quality issues.

I can start immediately and am comfortable working fully remote with minimal supervision.

I would need brief access to [sensitive system] to complete the onboarding tasks you described.

For remote hiring, require candidates to perform an in-call identity check that includes showing a physical government-issued document alongside their face in real time, or use a regulated identity verification service that cross-references documents against official databases. Do not rely on the video call itself as confirmation of identity.

Verify references by calling the named referee on a number independently sourced from the organisation's official website — not a number or email address provided by the candidate. Genuine referees are contactable through routes that do not pass through the candidate's control.

For roles with access to sensitive systems, data, or finances, conduct formal background screening through an accredited third-party provider and verify academic and professional qualifications directly with the issuing institution, not through documents provided by the candidate.

During interviews, ask questions that require specific, idiosyncratic recall: details about a project mentioned on the CV, the names of specific tools, people, or processes encountered in previous roles. Real experience generates specific, consistent answers that are difficult to fake even with AI assistance. Ask follow-up questions that were not answerable from the CV or public sources.