From candidate deepfakes increasing opportunities for fraud to remote polywork making employment verification difficult, the proliferation of advanced technologies in the workplace require today’s HR leaders to redefine best practices and mitigate security risks.
By Magen Gicinto
The employment landscape is evolving rapidly with significant changes in hiring practices over the past decade. The rise of remote work has redefined how companies recruit, onboard, and manage employees. While this shift has provided increased flexibility and access to a wide range of talent from across the globe, it has also introduced serious security risks with which HR professionals must now contend. Today’s HR leaders are having to tread new ground, facing threats such as employment fraud, identity deception, and insider threats that previous generations of HR practitioners were never trained to handle—either in their schooling or real-life experiences.
As those in the HR profession are forced to think differently and redefine best practices on the fly, it is important to ensure there is a focus on securing the hiring process, mitigating the risks associated with digital recruitment, and establishing what modern workplace security protocols should be.
Remote Work Has Increased Opportunities for Fraud
The transition to remote work that began in the early days of the pandemic has transformed hiring practices and the workplace forever. However, at the same time, it has created increased opportunities to exploit vulnerabilities in the system. With many companies’ hiring processes now conducted virtually, it has become easier for applicants to misrepresent their backgrounds, their skill sets, and their identities. Unlike in-person interviews, where non-verbal cues and physical verification help an organization confirm an applicant’s identity, remote work—and hiring for those positions—relies heavily on digital interactions, which can be easily manipulated.
Cases of employment fraud have already surfaced, with reports of North Korean operatives securing remote positions in U.S. companies using fabricated identities. Furthermore, the U.S. Department of Justice and the FBI have warned that AI-generated deepfakes are being used to apply for jobs, allowing fraudulent applicants to pass video interviews with synthetic facial and voice features.
HR leaders must acknowledge that traditional vetting methods, such as reference checks, background screening, and behavioral interviews, are no longer sufficient to combat these threats. The industry needs to adopt more sophisticated verification techniques to ensure that the person behind the screen is as advertised.
The Rise of Polywork
Actions by foreign adversaries aren’t the only form of employment fraud that today’s HR leaders need to understand and be able to identify. Remote work has also enabled employees to embrace polywork.
In either scenario, the goal of the employee is to maximize their earning potential by working multiple full-time jobs in parallel without their employers knowing. In polywork situations, employees secure roles, sometimes under different aliases, collecting multiple paychecks without fulfilling their responsibilities. Employees have even been found to outsource their work to third parties, sometimes even internationally, creating security and confidentiality risks for organizations.
From a corporate standpoint, these activities can lead to productivity losses, data breaches, and compliance violations. HR leaders should implement robust policies to detect and prevent unauthorized outsourcing and polywork, safeguarding both business operations and sensitive company information.
What Should HR Do?
While the initial concerns of a shift to remote working are still very relevant, such as building culture and engagement in a remote setting and provisioning the right tools and equipment to empower a productive workforce, HR leaders also need to understand who is on the other side of the screen. Proactive steps should be taken to protect their organization from bots, polywork, outsourcing, and other nefarious actors.
The real questions are: How can HR practitioners identify potential threats before it’s too late—and how can it be done without hurting a carefully cultivated culture of trust between the organization and its employees? With that in mind, what resources should be used to educate HR’s next generation on these situations? What are the best practices that should be followed?
Unfortunately, the HR leaders of today don’t have the luxury of time to wait for new training or best practice examples to bubble to the surface naturally. The truth is that the answer must go beyond the traditional background check and belief that the organization already has a thorough vetting program.
Today’s HR leaders are having to tread new ground, facing threats such as employment fraud, identity deception, and insider threats that previous generations of HR practitioners were never trained to handle—either in their schooling or real-life experiences.
Identifying Potential Fraud
One of the first things today’s HR teams need to learn is how to identify potential fraud. HR professionals have been taught not to jump to conclusions, especially as the world has embraced a variety of working styles these past five years. That said, HR is also one of the first lines of defense against fraud, so it pays to know what some of the signs are so further investigations can happen.
One of the earliest signs of fraud can be mismatched skill sets. Employees often claim expertise in various different areas—especially in specific technologies—and then, once hired, cannot accomplish any of the tasks described.
Information inconsistencies are also a red flag that an HR professional should catch. If a new hire changes their mailing address shortly after accepting the job—but before receiving company-issued equipment, for example, the identity used during the hiring process may not be legitimate.
Another suspicious pattern can be an employee with multiple social media accounts using the same name and profile picture. These are often tied to different physical locations, many of which may be overseas. In some cases, fraudsters create multiple distinct personas using different names but the same photograph. Pair this with the lack of a genuine social media presence and it may be time to dig deeper.
Enhancing Identity Verification Procedures
Spotting some of the above red flags early is key to combatting employment and identity fraud in the workplace, but that requires a multi-layered approach. No longer can a search and a reference check be enough. There are more advanced methods that can be utilized as a part of the employment process, without seeming overly intrusive. These include the following.
Conducting multiple live interviews with different stakeholders can increase the chances of identifying inconsistencies in a potential employee’s responses or behavior (or in the candidate themselves).
Advanced tools can scan deeper than manual efforts, using biometrics such as fingerprints to verify identity, examining digital footprints, and analyzing inconsistencies in public social media presence, work history, and other data points.
In times of heavy recruitment, many companies don’t take the time to actually call and discuss the potential employee with references. This is important to do. Many fraudulent applications list fake references, or have the same individual act as the reference for any calls. Probe about the potential employee’s work history, qualifications and past successes to be sure there are no red flags missed.
Requiring new hires to verify their identities through multiple authentication steps can reduce the likelihood of fraudulent hires.
Collaboration is Key
Modern fraud touches several parts of the organization—security, legal, and HR, for example. That means that collaboration between all three departments is essential.
It also means that HR professionals must become well-versed in cybersecurity and legal requirements. For example, all HR team members should be trained by the security team on what digital threats are and how to detect them. A discussion on deepfake detection, common fraud tactics, and social engineering threats can help HR recognize even more potential red flags during the hiring process.
Setting up a regular audit schedule is also important, so that the hiring and onboarding processes are reviewed for potential vulnerabilities and can be improved if needed.
HR departments should partner with the security team to create and enforce policies that can help protect the organization from some of the common security risks associated with remote work. Some of these to consider include the following.
- Employees should be required to sign agreements that explicitly prohibit outsourcing tasks to unauthorized third parties.
- Conducting periodic check-ins and evaluations can help ensure that employees are actively engaged in their roles.
- Ensure employees are only using company-issued devices to access the company’s network.
- Restricting access to sensitive information (based on role and responsibility) and implementing tracking measures can help mitigate the risk of data leaks.
Preparing the Next Generation of HR Leaders
The next generation of HR leaders must be equipped with the knowledge and tools to address these evolving security concerns. Traditional HR education has focused primarily on compliance, employee relations, and workplace culture. These will remain extra important—especially in today’s hybrid working environment that many companies are likely to continue to embrace. However, emerging HR leaders must now incorporate digital security as well as fraud identification and prevention into their core skills.
HR professionals should be trained in digital security concepts, such as phishing attacks, data privacy regulations, and access control measures. This knowledge will help them to identify red flags early and bring their concerns to the larger team. The global labor laws and compliance risks related to digital hiring are constantly evolving—and proper training in them is essential in the age of remote work.
The use of AI and the ethics surrounding it is another critical consideration for the HR professionals of tomorrow. AI use will continue to grow, both inside and outside of the company. How are nefarious actors using it? How can it be used to respond? HR professionals must not only know how to spot a deepfake or AI-created voice, but also understand the implications and potential biases associated with the use of AI in the hiring process, or in the service of fraud detection.
At the end of the day, threats or fraud sometimes get through even the best defenses. Nefarious actors will always find a way to evolve their methods and use the latest tools and technologies available to overcome any roadblocks. Hackers have the time and motivation to do so, and always will. That’s why it’s important to train for crisis management and response—and to have a well-developed and regularly updated crisis plan on hand and ready to enact at a moment’s notice. Security breaches, employment fraud incidents, insider threats, and digital threats don’t happen on a schedule and every old adage about preparation is never more true than when staring down a crisis.
By investing in the education of future HR professionals and equipping them with the necessary tools to recognize and combat employment fraud, the industry can safeguard its workforce and maintain trust in the hiring process. The future of HR depends on its ability to adapt, innovate, and stay ahead of these emerging threats.
Magen Gicinto is SVP, people strategy and culture at Nisos.
