Identity fraud in hiring: what this means for IAM teams

TL;DR: Identity governance is moving earlier in the lifecycle, where trust decisions are harder to reverse, as JumpCloud’s new venture arm backs early-stage identity, security, AI, and IT productivity startups, with its first investment in Tofu, a company focused on identity fraud in hiring and onboarding, a risk that begins before login and grows with remote work.

NHIMG editorial — based on content published by JumpCloud: New investment arm reflects JumpCloud’s commitment to building a more secure and productive tech ecosystem

By the numbers:

• 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.

Questions worth separating out

Q: How should security teams prevent identity fraud during hiring and onboarding?

A: Security teams should place verification controls before account creation, not after.

Q: Why does hiring fraud create IAM risk before a user logs in?

A: Hiring fraud creates IAM risk before login because the organisation may already have accepted the candidate as a trusted identity.

Q: What do organisations get wrong about identity checks in remote onboarding?

A: Many organisations treat remote onboarding as a documentation problem instead of an assurance problem.

Practitioner guidance

• Insert identity verification before account creation Require stronger evidence checks before an onboarding workflow can create accounts, issue credentials, or assign system access.
• Map hire-to-access trust handoffs Document where candidate identity, employment identity, and access identity are transferred between HR, IAM, and IT systems.
• Review remote onboarding for impersonation exposure Examine workflows that rely on uploaded documents, asynchronous approvals, or limited live interaction.

What's in the full analysis

JumpCloud's full article covers the operational detail this post intentionally leaves for the source:

• The company rationale for launching JumpCloud Ventures and why identity, security, AI, and IT productivity are grouped together.
• Background on the first investment in Tofu and how the startup frames identity fraud in hiring.
• The founder commentary on remote work, trust, and where identity risk begins earlier in the employee lifecycle.
• The broader context for JumpCloud's view of secure workforce identity across humans and autonomous AI agents.

👉 Read JumpCloud’s announcement on its new venture arm and first investment →

Identity fraud in hiring: what this means for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →