Hiring fraud and identity assurance: what IAM teams are missing

TL;DR: Hiring fraud is accelerating as synthetic identities, deepfakes, and remote onboarding gaps let impostors pass traditional checks, with FTC-reported losses rising from $90 million in 2020 to more than $501 million in 2024 and Google Mandiant citing more than 60 compromised identities tied to North Korean IT workers. Point-in-time verification is no longer enough; workforce identity must be treated as a persistent assurance problem, not a hiring filter.

NHIMG editorial — based on content published by 1Kosmos: hiring fraud, synthetic identities, and identity assurance

By the numbers:

• Financial losses from job and employment scams have exploded from $90 million in 2020 to more than $501 million in 2024.
• One American facilitator working with North Korean IT workers compromised more than 60 identities of U.S. persons and impacted more than 300 U.S. companies.
• Only 5.7% of organisations have full visibility into their service accounts.

Questions worth separating out

Q: How should security teams stop hiring fraud from turning into access abuse?

A: Security teams should treat hiring as an identity assurance workflow, not a recruitment event.

Q: Why do remote hiring processes make identity fraud easier to scale?

A: Remote hiring reduces physical verification and increases reliance on documents, video, and asynchronous review.

Q: What do organisations get wrong about identity proofing during onboarding?

A: They often treat proofing as a one-time gate instead of the start of a trust relationship.

Practitioner guidance

• Tighten prehire identity proofing Require stronger evidence than resumes, static documents, and video interviews before any offer is finalised.
• Link onboarding assurance to access provisioning Do not let a hiring decision automatically become an access decision.
• Review high-risk roles for identity continuity Prioritise roles that can touch finance, source code, customer data, or admin systems.

What's in the full article

1Kosmos' full article covers the operational detail this post intentionally leaves for the source:

• LiveID liveness-detection workflow and how it is used in identity proofing.
• The vendor's end-to-end workforce identity assurance flow from first interaction through ongoing access.
• How the platform ties verified identity data into authentication and sensitive transaction handling.
• The article's own examples of where continuous identity assurance is positioned across the employee lifecycle.

👉 Read 1Kosmos' analysis of hiring fraud and identity assurance →

Hiring fraud and identity assurance: what IAM teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →