A plague of tailored, highly credible fake candidates besets companies hiring for remote engineering roles. According to reports from LeadDev members, a significant portion of resumes submitted for remote-only roles show signs of being part of a sophisticated fraud, where candidates aren’t who they say they are. While it is hard to quantify the true scale of the issue, it is significant enough that engineering managers need to be vigilant when vetting candidates. 

Derek Binkley, an engineering manager at the no-code software company Localize flagged the issue for the LeadDev Slack community on August 2. “I am seeing a lot of resumes from people who aren’t who they say they are,” he posted. “The first one got to a final interview before we figured it out. Now, we’re able to see the patterns and I’d say at least a third of the resumes we’re getting are fake.”

Localize isn’t the only company being targeted by fake candidates. Peter Berg, CEO of the hiring service Forward also believes that “about a third of the candidates” they are seeing are bad actors. “This is a pretty huge issue for us,” he said. He estimates that it costs Forward five hours a week to weed out all the fraudulent applicants.

It seems this is more than a passing trend. Last year, Computerworld reported on a situation where the person a company interviewed and (presumed) they hired wasn’t the person who showed up to work. “He didn’t look the same, didn’t talk the same, and most important of all, he didn’t have the job skills they needed.”

The FBI has even issued a warning about AI-generated “deep fakes” being used to apply for remote work positions. The use of this technology might be unnecessary in the majority of cases, where a fake profile picture and refusing to turn on your camera is more than enough to create a credible-seeming application. Far more worryingly, the FBI also warned that some applicants were using stolen personal identifiable information (PII) to try and pass pre-employment background checks.

What’s going on here? Let’s dig into one of these fake candidates.

Anatomy of a fake candidate

Over a Zoom call, Binkley explained what happened with that first almost-hire.

Since great developers are so hard to find, Localize always has an open full-stack developer position listed on its website, just in case someone submits a really good resume. Normally, nothing comes of it, but sometimes they get a candidate that seems so promising that they follow it up. “In retrospect,” said Binkley, “the resume was too good for what our positions were – they seemed to meet everything.”

In the first interview, the candidate didn’t turn their video on, but seemed to “really know his stuff”, so they moved on to the second interview and a coding challenge – despite a few initial red flags. 

The candidate wanted to be hired as a 1099 contractor instead of a full-time employee – an unusual, but not necessarily problematic request – and claimed to be based in Chicago, despite seeming to be unfamiliar with the city. He was also very reluctant to talk about anything except the tech. “I usually get a good banter going with people,” Binkley said, because he has to make sure any new hire is a cultural fit for the company. “They normally share some information, or at least talk about their interests. Any time we talked about that, he just shut it down. He would only talk about technology.”

The code challenge interview was equally suspicious in retrospect, despite the candidate clearly having a great grasp of the tech. Once again, the candidate didn’t have his camera on. When Binkley asked him about it, he said that it was broken and he was waiting on a new one. “I was thinking, well, you live in Chicago, you can just run down to Best Buy and pick one up.” 

But, the candidate was able to share his screen so he could work through the code and the interview proceeded. “He did really well,” said Binkley. “Almost too well. He seemed to have intentionally made some mistakes so that he could fix them in the interview because he found them so quickly. It felt very rehearsed.” Again, this wasn’t something that excluded the candidate, but just felt off to Binkley. “[I thought]...he’s prepared for the interview!”

In the final interview with the CEO, they eventually got the candidate to turn on his webcam to prove he was a real person. “The CEO actually said at one point, ‘I can’t continue the interview unless you turn on a camera,’” said Binkley. Otherwise, things were just a touch surreal with the candidate evading questions and not being clear about the specifics of the contract, like how long he wanted to be a contractor. “He had an excuse for everything, but after a while I was like, well, there’s a number of red flags.”

“We were concerned,” explains Binkley, “and we said before we give this guy an offer, let’s do a background check.” They were looking for someone US-based and wanted to confirm the candidate was located in Chicago and had actually attended the University of Chicago. So they sent him a release form. 

It came back signed – but with none of the checkboxes marked. “No, you cannot contact my school. No, you cannot contact my previous employer,” says Binkley. The candidate explained that he wasn’t comfortable with them contacting anyone in his past or confirming any of his details. This was the breaking point, and they didn’t take the application any further.

What’s the scam?

In the process of reporting this story, we found that there are a few different variants of this fake candidate scam. 

In some cases, the fake candidate is likely after the job for themselves. They have the skills but don’t qualify for the role, because they are based outside of the United States, don’t have a visa, don’t have the right qualifications, or otherwise don’t meet the job spec. This is the softest version of the scam, though it isn’t without potential consequences. Last year, the US government issued a warning about companies inadvertently hiring North Korean IT workers. Doing so would violate international sanctions, which come with penalties of around $330,000 per incident.

In other cases, it appears that non-US developer shops hire US-based front people (or use fake identities to create them) to interview for the job, and then potentially outsource the work. This is the version that Berg, the CEO of Forward, suspects he sees most often.

This is confirmed by the experience of another engineer, based outside the US, who asked to remain anonymous. They have been approached multiple times about taking part in similar scams. In one email, seen by LeadDev, the scammer explained how things worked.

The scammer claimed to have US “friends” with no coding experience who were prepared to let them use their profiles and bank accounts. They just needed someone “skilled” who could pass the interviews and get the jobs. For the interviews, the engineer was offered $0.50 per minute if they passed. But as the scammer explains, “Our goal is to get the job.” If that happens, the wage would be split four ways, with 50% going to the US-based front person, 25% to the person running the scam, and 25% to the hiring engineer, who would also have to do all the work.

Red flags all round

For the most part, these fake candidate scams seem to be a major time sink. Even if they are able to filter out the scammers, it takes hours and resources, on top of the already time-consuming hiring process. 

“There are a lot of tells at every step of the process, but none of them are immediately obvious,” Berg wrote in the original Slack thread. He says that an impressive amount of resources are put towards creating fake profiles on LinkedIn, Twitter, Slack, and popular job sites, like WeWorkRemotely and Indeed. But because the profile pictures are fake, they won’t turn on their videos when they are interviewed.

The same is clear from Binkley’s experience. From the start, they were suspicious of their fake candidate, but he remained just plausible enough to make it to the final interview. Now, they are able to spot the scammers earlier. 

Strangely, they are often most suspicious of the best candidates on paper. “The fake candidates do such a good job of tailoring their resume exactly to your position,” he explains, so they often rise to the top. 

They have now signed up for a service that allows them to verify if an applicant’s phone number is real, because a lot of the fake candidates use VOIP numbers. There are also frequent discrepancies between their LinkedIn profile and resume, or they claim not to have LinkedIn. Then, of course, they refuse to turn on their cameras in an interview and otherwise just evade normal conversation during the hiring process. 

“You take it at face value that someone sending you a resume is a real person or is the person that they say they are, so you don’t think to check all this stuff,” said Binkley. But given how prevalent this scam seems to be, from now on, engineering managers should be vigilant to these red flags.