Executive Director,
Identity Defined Security Alliance

How would you feel if you hired a new employee and discovered that person did not exist; your new staff member was artificial and generated by artificial intelligence (AI) tools? It’s not a far-fetched scenario employers will find themselves in as more businesses digitally transform their employment models to embrace remote and hybrid work. New advances in AI, including DALL-E2, ChatGPT, and Bard AI (among many others), are making it simple to create seemingly trustworthy and authentic profiles on LinkedIn, Indeed, and other job sites. This is not only a burden for human resources departments either. Job seekers must also be vigilant when it comes to discerning legitimate opportunities from scams. In the past few years, the world shifted from layoffs to historically low unemployment rates and back to layoffs. Now, both human resources departments and job seekers must also consider the possibility of artificial identities infiltrating the hiring process.

Is the Applicant Real?

Remote work during the pandemic allowed some (likely quite a few) workers to bring home two paychecks by working two full-time jobs, leveraging LinkedIn privacy settings, personal assistants and AI tools to get the work done. Some of the pointers for juggling multiple secret jobs may help scammers create artificial identities that get hired and possibly evade detection longer term.

Research in psychological and cognitive sciences shows that headshots synthesized by AI are indistinguishable from real faces and even considered more trustworthy. Creating or copying a detailed career history is easily done – just ask ChatGPT. This prompt, “Write a LinkedIn profile with detailed job history for the last twenty years, relevant degrees and certifications, in the identity security space,” produces a detailed response with appropriate certifications in less than a minute. Create a headshot, tweak a few company names and dates, and that fake LinkedIn profile is ready to go, joining swarms of other fake accounts.

So, what can you do? If you are an employer or in talent acquisition, here are a few things to look for as you wade through applicant tracking systems filled with newly laid off employees and possible artificial identities:

  1. Check outside of LinkedIn. Search the name and image using Google, Bing or DuckDuckGo. You may discover multiple profiles associated with the photo or name.
  2. Look at the number of connections they have. Unless they are right out of college, most people have a hundred or more connections, and they tend to cluster around companies, industries and topics. A small number of random connections for an experienced profile is fairly unlikely, although some fields use LinkedIn less heavily than others.
  3. Is the profile active? If an applicant uses a LinkedIn profile as part of their outreach, they should have an active profile that engages on the platform. The lack of reactions, reposts, posts and other activities can help you identify a fake.

If you’re ready to move forward with an applicant, make the most of your reference checking skills to remain compliant while still gathering the data you need. And when you do hire, consider putting employment contracts in place that cover any concerns you have related to the quality of work and who owns the copyright on any products or ideas. And make sure you carefully verify identity for insurance and payroll purposes.

Is That Job Opportunity Legit?

It is a challenging time for job seekers as well. Unsurprisingly, scammers are leveraging job platforms to carry out attacks on individuals, so you need to be wary during the hiring process. Look carefully at LinkedIn job postings; stealing company names and logos is easy, so look beyond the logo and email signature. Verify that it is a valid company email address and double check the domain name to be sure that it matches the company name. It is not hard to buy a domain name similar to a legitimate business and scrape content to fake a website, so pay attention and cross check. Check the LinkedIn profile for anyone you speak to at the company and examine their connections to see if they match what you expect based on their employment history. Take the same steps outlined above to identify fake job seeker profiles.

You may be able to weed out some scammers if you only use online employment resource sites like Glassdoor, Indeed and LinkedIn, particularly if you avoid those who contact you directly via email. But make sure that you are also verifying that the hiring manager and company you are looking to join are who you think they are. Here are five red flags to look for when you are considering a new job opportunity:

  1. Job postings that offer unlikely salaries and benefits. Research similar positions and compare. If it seems too good to be true, be skeptical.
  2. Job interviews that take place over the phone or chat instead of in person or via video. Phone and chat offer more anonymity.
  3. Interviewers who ask for money or expect you to buy or download software to conduct the interview.
  4. Interviewers who ask for confidential information. Never disclose personal information, particularly credit card numbers, your social security number and home address in an interview.
  5. Interviewers who cannot or will not answer your questions about the job or company. Use the company website to reach out to other contacts there to verify the authenticity of the position and company.

Verify Identity First

It is time to shift your mindset when it comes to identity in the hiring and job hunting process. In this digital transformation age, scammers and identity thieves can easily leverage AI and an inclination to trust others, so you need to be careful. The best way to verify identity in these situations is to be cautious and to use your personal network. Do you know someone who knows the candidate and has actually met them? Do you know someone at the company who can verify that the company and job opening are both real? Those connections can help in your efforts to apply identity management and identity security practices in the employment ecosystem by trusting less and verifying more.