“I interviewed nearly thirty candidates until I found the perfect one. Great CV, nailed the assessments, and blew everyone away at the video interviews. We were all so excited for him to start, until the guy who entered our doors on his first day was one we’d never seen before.”
Sounds like a recruiter’s nightmare, doesn’t it? But, in 2026, the nightmare is slowly becoming a reality.
To find out what’s happening in hiring right now, we went to the one place people are unafraid to spill the beans: Reddit.
One scroll on the r/recruiting thread is enough to tell you that a new and improved variant of candidate fraud is on the rise. Gartner predicts one in four candidate profiles will be fake by 2028. Safe to say, gone are the days of embellished grades and prettied-up CVs: bad actors in 2026 are fabricating full-scale digital personas.
What kind of candidate fraud are we talking about?
Candidate fraud isn’t new by any means, but the stakes have never been higher. What used to require an elaborate network of accomplices, forged credentials, and countless prayers to the universe can now be achieved with a few AI tools and a laptop. Here’s what recruitment teams are up against:
Diploma and alibi mills
If you thought AI-generated CVs and references are the worst it can get, think again.
Today candidates can buy verified-looking degrees from diploma mills, generate fake reference letters from fake companies, and set up spoofed email addresses that mimic legitimate organisations. These diploma and alibi mills then charge candidates portions of their new salaries for their services.
Don Gibson, Zinc’s Interim Head of InfoSec offered his comments on a Redditor who found themselves in a sticky situation with an alibi mill.
Deepfakes and proxy candidates
Have you ever sat through an interview and felt a nagging sense that your words weren't quite getting through? You might have just crossed paths with a deepfake candidate.
As crazy as it sounds, bad actors hijacking another individual's likeness, essentially masquerading under a stolen identity and face to breeze through the screening process on someone else's behalf has become all too common.
We invited Georgia Randall, our DBS Compliance Lead, to share her thoughts on a Reddit thread where a hiring manager was blindsided by a deepfake candidate. See what she has to say.
Multi-jobbing
Multi-jobbing is exactly what it sounds like: a candidate (or employee) holding multiple full-time roles simultaneously, often without disclosing any of them.
The implications of this vary. In some contexts employers see it as a performance issue; in others, particularly regulated industries, it's a serious compliance risk. The challenge is that candidates have become skilled at concealing it, and most standard hiring processes aren't designed to catch it.
Listen to what Don Gibson has to say about this Reddit post on multi-jobbing.
Why is it easier for candidates to commit fraud today?
The simple answer is AI. Tools that once required serious technical expertise — generating voice clones, animating faces in real time, or building fake personal histories — are now a few clicks away.
But access to this technology alone doesn’t explain it. It’s worth understanding what is pushing candidates to these tools in the first place.
The underlying problem
Tough job market
When jobs are scarce and competition is fierce, the pressure to stand out pushes some candidates past the point of embellishment and into fabrication.
Longer hiring processes make it worse — the more invested someone becomes in a process, the more tempting it is to paper over gaps rather than risk losing the opportunity.
Gig economy normalised
In the past few years, holding multiple jobs simultaneously has become culturally acceptable — even celebrated in some circles.
But this cultural shift provides the perfect smokescreen for candidates to hide conflicting commitments, exaggerate their capacity, or secretly juggle three positions while applying for another. The discourse on Reddit boils down to, "I'm hitting my targets, so why should my multiple roles be an issue?"
But for organisations operating within strict regulatory frameworks, this mindset exposes a massive compliance vulnerability.
Taking matters into their own hands
A theme that keeps resurfacing on r/recruiting is candidate revenge. The premise is always a variation of the same question: "If companies use AI to screen me out before a human ever reads my CV, why should I feel bad about using AI to get back in?"
The rationalisation isn't hard to understand. Years of long processes, unexplained rejections, outright ghosting, and other faux pas you can read about in our report, ‘How to Lose a Candidate in 10 Days’, have eroded a lot of candidates' goodwill towards hiring. When people feel the system is arbitrary or unfair, the moral case for playing by its rules weakens considerably.
This matters for recruiters because it means fraud isn't always coming from bad actors. Sometimes it's coming from frustrated, otherwise qualified people who've convinced themselves they're just levelling the playing field.
That doesn't make it acceptable, but it does mean the profile of a fraudulent candidate is broader than most hiring teams assume.
Is all candidate fraud created equal?
Candidate fraud exists on a spectrum. Where something sits on this spectrum determines how you respond to it, what your legal exposure looks like, and how much sympathy you should extend to that candidate.
At one end there are minor embellishments that have almost become background noise in hiring, such as:
- Listing a skill as proficient when intermediate would be more honest.
- Rounding up five months of experience to six.
While not ideal, these are less likely to be seen as fraud in the legal sense.
At the far end sits fraud that isn't really about getting a job at all. Things like:
- Identity theft
- Ghost candidates
- Data extraction
- Financial access
These aren't people stretching the truth to land a role they're unqualified for. These are targeted, intentional acts that can expose a business to serious harm.
The middle ground is where we're seeing more people act on the day-to-day, and this is where things get murky. We found several Reddit threads of candidates deliberating on whether they’d get caught if they “padded” their experience.
Take a look at what Georgia Randall, DBS Compliance Lead at Zinc had to say about this:
How can recruiters protect against this?
The good news is that while the tools to commit fraud have become more advanced, there are still ways you can protect your company from bad actors. Here are some avenues to focus on:
Verification starts before the interview
If you’re only thinking about fraud prevention at the final stage of interviews, you might want to reconsider your strategy. The earlier you build verification into your process, the less likely a fraudulent candidate is to get far enough to cause real damage.
Before anyone gets to interview, consider cross-referencing LinkedIn profiles and CV details for consistency.
💡Pro tip: While it doesn’t always mean something is up, a candidate with no traceable professional presence at all might be worth a second look.
Keep your eyes peeled for “signs”
It can be hard to know when you’re talking to a deepfake. But the lovely people on Reddit have highlighted some red flags worth watching for:
- Unusual lighting, blurring around the face or hairline, or slight delays between lip movement and audio
- A candidate who struggles with spontaneous or follow-up questions but handles prepared ones fluently
- Resistance to turning the camera on, or technical "issues" that conveniently prevent it
- Background, appearance, or mannerisms that don't match earlier interactions or profile photos
Asking candidates to turn their head, hold up an ID to camera, or respond to an unexpected prompt mid-call can quickly reveal AI overlays
Test reasoning over skill
If your process includes technical assessments or tasks, design them with rigging in mind. Timed assessments that require real-time problem solving, follow-up questions that dig into the reasoning behind answers, and live exercises are harder to rig than at-home assignments.
Don’t sleep on background screening and re-screening practices
It would be insane for us not to mention this: background checks are non-negotiable.
Baking background screening and re-screening into your processes — especially with a smart, safe, and savvy provider like Zinc — will save you significant time and trouble if you're dealing with a bad actor.
A good rule of thumb: when discrepancies (mismatched start dates, invalid reference emails) are flagged, create space for candidates to provide explanations. And then trust your judgement about those explanations.
Georgia said it best:
What’s the cost of getting this wrong?
Most conversations about candidate fraud focus on the most visible costs — the wasted time, the failed onboarding, or the awkward termination. And while that’s understandable, there are some bigger, long-term risks to consider:
Data breaches and security threats
Just so we’re all clear: a fraudulent hire with access to all your data is the single biggest threat to your organisation.
Once inside, a bad actor with legitimate system credentials is significantly harder to detect than an external attack. The data they're after could be client records, financial systems, internal pricing, or competitor intelligence. And by the time unusual behaviour is recognised, the damage is already done.
Reputational damage
If a candidate misrepresents their identity or capabilities and it affects a client, a project, or your team, the story doesn't end with the termination.
In industries built on trust, a single hiring failure can have lasting effects on your employer brand and your client relationships — damage that's genuinely hard to quantify and harder to recover from.
The candidates you miss out on instead
Every fraudulent candidate you hire takes the place of a legitimate one. That's a real cost to your team, your culture, and the person who deserved the role. Fraud doesn't just let bad people in. It keeps good people out.
Final thoughts
Here’s what you need to remember: most candidates are who they say they are. So lead with trust but keep those spidey senses on alert.
The candidates trying to game the system are counting on recruiters being too busy, too trusting, or too under-resourced to look closely. The answer to all three of those is the same: better process, better tools, and the confidence to slow down when something doesn't add up.
