When Pindrop Security interviewed "Ivan" for a senior engineering role, something felt off immediately. His facial expressions lagged behind his words. When an unexpected technical question landed, he paused for exactly the right amount of time — not to think, but to process and play back a generated response.
Ivan was a deepfake.
Fortunately, fraud detection is Pindrop's core business. Most companies aren't so lucky.
The problem is bigger than you think
This isn't a rare edge case. According to a 2025 GetReal Security report, 41% of IT and security leaders say their company has already hired a fraudulent candidate. Gartner projects that by 2028, one in four candidate profiles worldwide will be fake.
Even the savviest organizations get burned. KnowBe4 — a cybersecurity firm that literally teaches people to spot deception — ran four video interviews, background checks, and reference verifications before hiring a North Korean operative as a principal software engineer. The moment his laptop arrived, he started loading it with malware.
What's driving this? Remote work. Before 2020, about 4% of U.S. jobs were remote. Today, it's over a third of all new postings. Workers can be recruited, hired, and onboarded without a single in-person interaction — and deepfake technology has made that opening exploitable in ways no one anticipated.
What you can actually do about it
First, get candidates on camera — unfiltered. No virtual backgrounds. No blurring. Require live video and watch for the telltale lag of deepfake software.
Second, go off-script. Fake candidates handle rehearsed questions smoothly. They stumble when the conversation turns casual and unexpected. Ask something they couldn't have prepared for.
Third, delay system access. KnowBe4 contained the damage not because they caught the fraud before hiring — they didn't — but because their onboarding permissions were limited. The operative had the job and the laptop. He just couldn't do much with either.
Remote hiring isn't going away. But the implicit trust it was built on needs to be replaced with something more deliberate. The companies that haven't rethought their processes aren't just behind — they're exposed.