Why catching fake candidates is different from detecting them

Detection is a flag. Catching is a confirmation. A detection signal (an email domain that looks thrown away, a phone number that resolves to a reshipper, a resume with AI pacing) tells you something is off. Catching means you have enough evidence to disqualify without guessing.

That distinction matters because most hiring processes are built around detection and then fall apart at the catching step. A recruiter flags the application, the candidate gives a plausible-sounding answer on the screen, the flag gets written off as a false positive, and the application moves forward. Three interviews later, the offer goes out to someone who was never the person on paper.

Catching fake candidates is about converting those flags into documented disqualifications rather than letting them soften on contact with a polite applicant. The sections below focus on what you do after a flag, not before it.

The five types of fake candidates

Fake candidates are not one thing. In practice, recruiting teams see five distinct shapes, and each shape has its own natural tells and its own best-fit catch tactic. Pattern-matching the application to one of these types early is the single biggest speedup in a fraud-aware hiring process.

  • Identity fraud. The person in the application is a real person, but the person on the call is someone else. Stolen or borrowed identity, often with a real work history stapled to a different face.
  • Proxy candidates. One person applies, interviews, and gets hired. A different person (or team) actually does the work. Common in offshore staffing schemes and, increasingly, in state-sponsored remote placements.
  • Resume fabricators. The person is real and present, but the work history is fiction. Fake employers, inflated titles, fabricated dates, invented credentials.
  • Ghost applicants. The application is a shell. No one is actually planning to show up. These are usually spam (keyword-stuffed auto-submitted applications) or reconnaissance for a downstream scam.
  • AI-assisted puppets. A real person is on the call, but an LLM or a deepfake overlay is doing most of the work. They read the LLM's answers, lip-sync to a face filter, or rely on a co-pilot feeding them responses in real time.

For a deeper taxonomy, including the operator economics behind each type, see how to detect fake candidates. This guide focuses on the catch step for each.

Catching identity fraud

Identity fraud is the easiest of the five to catch because it collapses under direct, live confirmation. The hard part is that most recruiting processes do not include any live confirmation step until after the offer.

Move identity confirmation earlier in the process

A thirty-second confirmation (a live video hello-call, camera on, no prep) before the first technical round filters out the majority of identity fraud. Real candidates understand. Identity-fraud applicants do not make it that far because their script depends on asynchronous communication.

Cross-reference the person on camera against the person on paper

If the candidate has a public LinkedIn headshot or a publicly-indexed conference photo, a twenty-second comparison between what you see on the call and what you can find with a name-plus-company search is usually conclusive. This is a legitimate identity check and is consistent with standard background-verification practice (see our primer on candidate identity verification for the full six-signal framework).

Ask to see a government ID before the offer letter goes out

Make this a normal, stated step in your process. Real candidates are used to it. The ones who are not real do not make it through.

Catching a proxy candidate

Proxy candidates are harder to catch than identity fraud because the person on camera is a real person, sometimes even a skilled one. What they cannot do is explain their own work in real time without help. Three tactics reliably break the scheme.

Run a live, interactive coding or work-sample segment

Ask the candidate to share their screen and work through a small problem from scratch, with the interviewer watching keystrokes. Proxy candidates often have a second channel open (chat, phone, a colleague in the same room). The bandwidth between them and the person feeding them answers narrows under screen share and they start producing visible delay.

Ask meta-questions about their own solution

After the candidate finishes a problem, ask them to explain the tradeoff they picked. Ask why they did not choose a plausible alternative. Proxy candidates can read a solution out loud but cannot usually reconstruct the reasoning under gentle pushback.

Compare written fluency to spoken fluency

Proxy schemes often separate the two. The resume reads as native English; the speaker's English is halting. Or vice versa. Any time the written artifact and the speaking voice feel like different people, they often are. For more on this pattern, see proxy interview detection.

Catching resume fabrication

Resume fabrication is the classic form of candidate fraud and the one most recruiters think they already catch. In reality, the detection rate is lower than people expect, mostly because the default reference-check process is easy to game.

Verify past employment through the company, not the reference

Ask a reference to be transferred through the company switchboard using a number you find on the company's own website. Fabricated employment often collapses here because the "reference" is a mobile number that does not connect to any corporate directory.

Ask specific, unscripted questions about the last role

Not "what did you do" (they have that memorized) but "what was the worst meeting you sat through last quarter" or "who owned deploys on your team." Fabricators hesitate on questions that depend on lived detail. Real candidates do not.

Check credential numbers where they exist

Degrees, PE licenses, CPA numbers, CISSP certifications, bar admissions. Most of these have public or semi-public verification endpoints. A two-minute lookup catches a surprising share of fabricated credentials. For the full framework, see resume fraud.

Catching ghost applicants

Ghost applicants are the easiest type to catch because they almost never survive the first real interaction. The catch step is usually just about routing: you want to avoid wasting a recruiter's time on an application that was never a real person to begin with.

Require a live response to a simple inbound question

A short email or SMS with a specific, time-bound question ("can you share a brief reason you applied") shakes out ghost applicants on contact. They were never intending to respond.

Rate-limit high-volume inbound sources

If a single referral link, ATS keyword, or job-board integration is producing an unusually high volume of matching applications, treat the incoming stream as suspect until proven otherwise. Ghost applicants usually arrive in clusters.

Catching AI-assisted puppets

This is the fastest-growing category. Consumer-grade face-swap overlays and real-time LLM co-pilots make it cheap to run a passably-competent candidate through an interview. The catch tactics are different from proxy candidates because the "proxy" is software, not a second human.

Ask unexpected, mildly-personal questions

LLM co-pilots are good at job questions and bad at questions that require human context about the candidate specifically. "What is the first project you ever got paid for" or "what is the thing you miss about your last job" force the candidate to answer on their own, without the co-pilot's help, because there is no predictable right answer for the model to retrieve.

Force sudden context switches

Interrupt a technical answer with a quick aside ("before we go on, what's the weather like where you are"), then pivot back. Puppets lose their place. Real candidates handle it without effort.

Watch for deepfake-overlay tells on video

Brief occlusions (hand across face, turning the head quickly) often break real-time face-swap overlays. Asking the candidate to wave at the camera for a "quick hello" is a low-friction way to stress-test the video. For the full walkthrough, see deepfake interview detection.

The catch-and-confirm workflow

Catching a fake candidate is only half the job. If you do not document what you found and route it correctly, the same operator can reapply under a small variation and re-enter your pipeline. Four steps close the loop.

  1. Capture the evidence. Timestamps, the specific inconsistency, any recordings you have rights to keep, and any screenshots of the inconsistency (resume page next to the LinkedIn page, interviewer notes with the direct quote). A one-paragraph summary in the ATS note field is a minimum.
  2. Disqualify with a neutral reason. Work with your employment counsel on the exact language, but the disqualification should be documented in the ATS in a way that does not expose your process to a future fraud operator who obtains it through discovery.
  3. Add identifiers to an internal blocklist. Email, phone, resume hash, known alias patterns. Most ATS platforms have a "do not hire" field. Use it.
  4. Share the signal with peers, carefully. Industry groups and security-focused Slack communities exchange non-personally-identifying operator patterns (email-naming conventions, resume phrasing, known shell companies). For state-sponsored placements, consider a report to IC3. See our deep dive on the North Korea IT worker scam for the current reporting pattern.

Five mistakes that let fake candidates slip through

Even teams that nominally have a fraud-aware process still miss cases because of a handful of recurring mistakes. Watch for these in your own workflow.

  1. Treating a flag as an accusation. If every flag forces an uncomfortable "are you real" conversation, recruiters will quietly stop raising flags. The fix is to make the confirmation step routine for all candidates, not special for flagged ones.
  2. Relying on asynchronous communication for identity. Email exchanges prove nothing. A sixty-second live video confirmation proves a lot. Move it earlier.
  3. Accepting candidate-supplied reference numbers on faith. The reference number should be verifiable through the company's public-facing directory, not just whatever the candidate emails you.
  4. Skipping ID verification for "obvious" hires. The strongest-looking candidates are sometimes the fake ones; their strength is that they are engineered to look strong. Make the identity step universal.
  5. Under-documenting disqualifications. Without notes, the same operator comes back under a new name in three weeks. With notes, you catch them in the first screen the second time.

Tooling that helps

Running every tactic above by hand on every application is not realistic for a team hiring at scale. The most leveraged step is the one at the front: an intake-stage identity check that runs in seconds and filters the majority of shell applications before a human sees them. That is what Verif_Hire is built to do: a one-click verification pass on the applicant's name, email, and phone against multiple sources, returning a clear verdict and a report ID.

For a comparison across the category (browser extensions, standalone services, ATS-integrated options, and traditional background-check vendors), see fake candidate detection tools and the broader map of alternatives to traditional background checks.

Shortcut. If you only do one thing differently after reading this, make the sixty-second live video identity confirmation a standard step in every recruiter screen. It is the single highest-leverage catch mechanism for the entire fake-candidate category.

FAQ

How do I identify fake candidates without insulting real ones?

Frame the verification as standard, not as a response to suspicion. A consistent, universal verification step ("we do a quick live identity confirmation with every candidate") removes the awkwardness entirely. Real candidates appreciate a process that takes fraud seriously; it tells them their future coworkers will also have been screened.

What is the single best way to catch fake candidates?

There is no single signal, because fake candidates come in different shapes. A stacked approach (lightweight identity checks at intake, pacing and consistency checks on the recruiter screen, live interactive work in technical interviews, and logged ID verification before the offer letter) is what drives the false-negative rate down reliably.

How common are fake candidates in 2026?

Public reporting from enterprise recruiting teams puts the rate of deliberately fake or misrepresented applications somewhere between 10 and 25 percent of inbound applications for remote technical roles. Entry-level, in-person roles skew lower. Remote, high-pay, fully asynchronous roles skew higher.

Is asking a candidate for a government ID legal?

In most jurisdictions, yes, provided the request happens after a conditional offer (in the United States) or is limited strictly to identity confirmation rather than inferring protected attributes. Work with your employment counsel on exact timing and retention policy.

What should I do if I catch a fake candidate?

Document what you observed, disqualify the application with a neutral reason, add the identifiers to your internal blocklist, and consider reporting state-sponsored placements to IC3. The goal is to close the door on the same operator coming back under a slight variation.

Do these tactics work for high-volume hiring?

Yes, and they matter more there, not less. High-volume roles are where fake candidates scale, because the oversight per application is lower. The practical fix is to push the verification work into an automated intake step that takes seconds per applicant and reserve human scrutiny for the smaller pool that passes the automated filter.