How to Detect Fraudulent Job Candidates When You Source and Enrich

If you source and enrich candidates at any volume, some of the profiles entering your pipeline are not real people. By 2028, Gartner predicts 1 in 4 candidate profiles worldwide could be fake. You catch most of them with the data you already pull when you enrich a candidate, read correctly, rather than with a sharper interview question.

This guide is for recruiters, talent teams, and the people building sourcing tools on top of candidate data. It covers the manual red flags worth knowing, then the verifiable signals sitting inside an enriched profile that tell you whether a candidate's history is real. One team building fraud detection for remote engineering hiring put the core signal plainly: "Cool, this person just appeared on the internet less than 12 months ago. It's likely that this person is not real."

What candidate fraud actually looks like

Candidate fraud covers several distinct behaviors, and the detection method changes depending on which one you are facing. Most fall into five buckets.

The headline cases are organized. U.S. authorities have charged operatives who posed as remote IT workers to infiltrate more than 100 companies using stolen and fake identities, generating revenue for the sanctioned regime. The everyday cases are quieter, like a fabricated employer that no reference call can confirm or a profile assembled last quarter.

Manual red flags recruiters can still catch

Before any data tooling, a trained recruiter catches a meaningful share of fraud by reading the application and the interview closely. These signals cost nothing and belong in every screen.

The resume reads as generic and over-polished: Fabricated resumes lean on buzzwords, mirror the job description back, and cite metrics with no context. AI-generated resumes often look unusually clean and keyword-stuffed for an applicant tracking system.

The timeline does not hold together: Watch for overlapping roles at two companies, titles that outrun the candidate's age or years of experience, and employers you cannot find anywhere outside the resume.

Answers fall apart one layer deep: Fraudulent candidates handle standard questions but struggle when you ask them to walk through their own work. Look for long pauses before unexpected questions, repetitive phrasing, and answers that drift when you press for specifics.

Video and behavior feel off: On camera, watch for lip-sync that lags the audio, lighting that masks the face, eyes tracking off-screen text, and a voice or accent that does not match the stated background.

References resist real verification: Reluctance to do an on-camera reference call, references with scripted tone and vague feedback, and contact details that change between rounds are all worth a second look.

No single one of these convicts a candidate. The point of the manual pass is to raise scrutiny, then confirm with data.

The strongest signal lives in the candidate's digital footprint

This is where sourcing and enriching gives you an advantage a manual reviewer does not have. When you enrich a candidate, you can measure how long and how deeply that person has existed in public professional data. Real careers leave a long, consistent trail. Fabricated identities are built in a hurry, and the data shows it.

Profile age and footprint recency

The single most reliable data signal is how recently the candidate's professional footprint was created. A fraud-detection team we spoke with built its whole product around it, flagging profiles that appeared online within the last 12 to 24 months as likely fake. A recruiting marketplace runs the same filter on its candidate pool, with one builder describing how many fake profiles they were seeing and asking for profile-creation data to screen them out.

The pattern holds in adjacent fraud data. Identity vendor Socure found that legitimate applicants carried emails averaging 1,646 days old against 48 days for fraudulent ones, with phone-to-name correlation of 0.99 for real applicants versus 0.09 for fakes. A footprint measured in weeks rather than years is the clearest tell you can pull automatically.

Connection count against claimed tenure

A candidate who claims fifteen years in an industry but holds a thin network with few connections is worth a closer look. Recruiting teams already use this informally. The advantage of enrichment is that you can read connection count as a number and compare it against claimed seniority across every profile in a batch, rather than eyeballing one at a time.

Presence across the public web

Real professionals show up in more than one place, from a company team page or conference talk to a code repository or press mention. A fabricated identity usually exists in exactly one. Pulling a candidate's broader web presence during enrichment, and finding nothing beyond a single freshly made profile, is a strong corroborating signal.

Verify the candidate's work history with live data

Identity is half the question. The other half is whether the experience on the resume is real. This is the gap manual reference calls leave open, and it is where live people data does the work.

When you enrich a candidate, you can cross-check each claimed role against an independent record of that person's employment, matching the employer, the title, and the dates. Mismatches surface the embellishment that interviews miss.

• The employer does not exist or cannot be resolved to a real company record. A fabricated company is one of the hardest things for a fraudster to back up and one of the easiest to check against a company dataset.

• Titles or dates disagree between the resume and the enriched employment history. A "Director" who appears everywhere else as an individual contributor, or dates that do not line up, is a flag.

• The most recent employer is wrong because the candidate moved on and the resume was never updated, which is a softer signal but still worth reconciling.

A talent-vetting startup serving IT staffing firms built exactly this, using real-time detection of candidate job changes and employment-status updates to feed its fraud checks. That puts weight on the vendor you enrich with, which has to be trustworthy itself. One AI recruiting platform switched providers after discovering its data source was returning profiles that "are either inaccurately filled in or either they are the fake profiles." If your enrichment layer serves fabricated records, it becomes the fraud vector instead of the defense against it. This is why teams keeping candidate records accurate treat data freshness as a screening requirement.

For teams building fraud detection into a hiring product

If you build sourcing or screening software, the signals above become fields and a score rather than a recruiter's judgment. The workflow is to enrich each candidate, read the fraud-relevant fields, and weight them into a single risk number your reviewers can act on.

You can wire this in two ways, and both hit the same data.

The MCP path (low-code): A Claude Code agent with Crustdata's MCP server configured can enrich and screen candidates through Crustdata's data APIs without you writing orchestration code. The agent calls crustdata_people_enrich to pull a candidate's full professional record, including employment history, connection count, and skills, then weights the fraud-relevant fields into a score you define in plain language.

The direct-API path: Call Crustdata's REST APIs from your own backend. One high-signal check you can run on every candidate is whether each claimed employer resolves to a real company, using the free company identification endpoint that ships with the Company Enrichment API:

import requests

# Check that a claimed employer resolves to a real company (free endpoint)
resp = requests.post(
    "https://api.crustdata.com/screener/identify",
    headers={"Authorization": "Token YOUR_TOKEN"},
    json={"query_company_name": claimed_employer, "count": 5},
).json()

employer_is_real = len(resp) > 0 and any(c.get("is_full_domain_match") for c in resp)
if not employer_is_real:
    flag_for_review(candidate, reason="employer did not resolve to a real company")

import requests

# Check that a claimed employer resolves to a real company (free endpoint)
resp = requests.post(
    "https://api.crustdata.com/screener/identify",
    headers={"Authorization": "Token YOUR_TOKEN"},
    json={"query_company_name": claimed_employer, "count": 5},
).json()

employer_is_real = len(resp) > 0 and any(c.get("is_full_domain_match") for c in resp)
if not employer_is_real:
    flag_for_review(candidate, reason="employer did not resolve to a real company")

import requests

# Check that a claimed employer resolves to a real company (free endpoint)
resp = requests.post(
    "https://api.crustdata.com/screener/identify",
    headers={"Authorization": "Token YOUR_TOKEN"},
    json={"query_company_name": claimed_employer, "count": 5},
).json()

employer_is_real = len(resp) > 0 and any(c.get("is_full_domain_match") for c in resp)
if not employer_is_real:
    flag_for_review(candidate, reason="employer did not resolve to a real company")

Pair that with the People Enrichment API, which returns a candidate's employment history, titles, education, skills, and connection count in one structured object, so footprint age, network depth, and work-history checks all run on data you already pulled to source the candidate. To keep records accurate between checks, a Watcher can push job-change events so a candidate's status stays up to date after the first enrichment.

Route anything above your threshold to a human reviewer, and let clean profiles through. Treat the score as a way to flag candidates for scrutiny rather than to auto-reject, so a real candidate with a thin network is not quietly dropped.

Combine the signals into one layered process

No single signal is reliable on its own, which is why the best programs stack them. One or two soft tells rarely mean much, but when five or six aligned signals show up together across the funnel, the pattern is hard to fake.

A practical order that fits a sourcing and enrichment workflow:

1. Enrich at intake and read the automated fraud fields first, starting with footprint age, connection count against tenure, employer resolution, and web presence.

2. Apply manual red flags during screening and interview for anything the data flagged or could not resolve.

3. Verify identity with a government ID and liveness check for remote or sensitive roles, where the cost of a bad hire is highest.

4. Confirm employment by reconciling the enriched work history against the resume and doing on-camera reference calls for the roles that matter.

The data signals do the volume work, screening every candidate cheaply and consistently. The manual and identity checks go deep on the profiles the data flags. Together they catch far more than either does alone.

Conclusion

Interviews are where a prepared fraudster performs best, so the durable advantage comes earlier, at the moment you source and enrich, when the candidate's data either confirms a real career or exposes a fabricated one. Footprint age, connection count against claimed tenure, web presence, and a work history that survives cross-checking against live company and people data will catch the majority of fakes before a recruiter spends an hour on them.

Start by adding two automated checks to your intake, footprint recency and employer resolution. They are cheap to run on every candidate and catch the clumsiest fraud immediately. Layer identity and employment verification on top for remote and high-trust roles.

If you are building this into a sourcing or screening tool, you can test the signals on real candidates today. Sign up for Crustdata's free tier (100 credits included) and enrich a batch of profiles to see which ones the data flags. For recruiting teams running this at scale, see how Crustdata supports candidate search and data workflows.