Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Hiring fraud and identity assurance: what IAM teams are missing


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Hiring fraud is accelerating as synthetic identities, deepfakes, and remote onboarding gaps let impostors pass traditional checks, with FTC-reported losses rising from $90 million in 2020 to more than $501 million in 2024 and Google Mandiant citing more than 60 compromised identities tied to North Korean IT workers. Point-in-time verification is no longer enough; workforce identity must be treated as a persistent assurance problem, not a hiring filter.

NHIMG editorial — based on content published by 1Kosmos: hiring fraud, synthetic identities, and identity assurance

By the numbers:

Questions worth separating out

Q: How should security teams stop hiring fraud from turning into access abuse?

A: Security teams should treat hiring as an identity assurance workflow, not a recruitment event.

Q: Why do remote hiring processes make identity fraud easier to scale?

A: Remote hiring reduces physical verification and increases reliance on documents, video, and asynchronous review.

Q: What do organisations get wrong about identity proofing during onboarding?

A: They often treat proofing as a one-time gate instead of the start of a trust relationship.

Practitioner guidance

  • Tighten prehire identity proofing Require stronger evidence than resumes, static documents, and video interviews before any offer is finalised.
  • Link onboarding assurance to access provisioning Do not let a hiring decision automatically become an access decision.
  • Review high-risk roles for identity continuity Prioritise roles that can touch finance, source code, customer data, or admin systems.

What's in the full article

1Kosmos' full article covers the operational detail this post intentionally leaves for the source:

  • LiveID liveness-detection workflow and how it is used in identity proofing.
  • The vendor's end-to-end workforce identity assurance flow from first interaction through ongoing access.
  • How the platform ties verified identity data into authentication and sensitive transaction handling.
  • The article's own examples of where continuous identity assurance is positioned across the employee lifecycle.

👉 Read 1Kosmos' analysis of hiring fraud and identity assurance →

Hiring fraud and identity assurance: what IAM teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Hiring fraud exposes an identity proofing gap, not a recruitment filter gap. The article is right to move beyond applicant screening because the failure begins before onboarding is complete. A verified workforce identity has to exist before credentials, tickets, or sensitive systems are ever assigned. For IAM teams, the practical conclusion is that onboarding assurance and access governance are the same control plane, not separate processes.

A few things that frame the scale:

  • 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
  • Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.

A question worth separating out:

Q: Who should be accountable when a fraudulent hire gains internal access?

A: Accountability should span HR, IAM, and security because the failure sits at the boundary between identity verification and access governance. If the organisation cannot prove who was vetted, who was hired, and who was provisioned, it has no defensible trust chain. The control owner should be the lifecycle process, not a single team.

👉 Read our full editorial: Hiring fraud exposes the limits of point-in-time identity checks



   
ReplyQuote
Share: