Keith Rosser: Director of Reed Screening and Chair of the Better Hiring Institute
Rob Brooker: Director of UK Identity Fraud Advisory (UKIFA)
Gavin Burton: Co-Founder and Training Director of Beruku Knowledge
Introducing the UK’s Hiring Fraud guide
Keith introduced the UK's first hiring fraud guide, a collaborative effort by organisations including the Better Hiring Institute, CIFAS, Sue Smith Consulting, and Reed Screening. The guide is completely free to use and addresses all facets of hiring fraud in the UK, ranging from reference fraud to AI abuse, providing invaluable insights for employers seeking to fortify their hiring processes.
Available via the Better Hiring Institute website, the guide can be navigated to focus on specific areas for ease of use.
The hiring fraud cheat sheet
The Tackling Hiring Fraud guide comes with the hiring fraud cheat sheet This one-page tool is specifically designed to aid busy HR professionals in swiftly assessing and addressing risks in their hiring process. Its purpose is to facilitate a quick gap analysis, allowing users to identify potential risks and exposure areas and providing corresponding responses or solutions.
Rob discussed the role of AI in recruiting, acknowledging its widespread use by recruiters in processes like keyword searches and application screening. However, there has been a significant shift in dynamics, with fraudsters increasingly leveraging AI more effectively than legitimate recruiters. Prevention measures are therefore important to combat fraud and enhance hiring processes, ensuring fairness and reliability in recruitment practices.
Common challenges in the changing landscape of hiring fraud.
Keith spoke about the hiring fraud challenges that the UK’s hiring market is facing. Despite strides towards making UK hiring faster, fairer, and safer, emerging risks are of significant concern, propelled by advancements in technology. For example:
Digital right to work systems, intended to streamline processes, inadvertently open doors to illegal working through document manipulation and forgery.
The potential of AI in hiring, while promising efficiency, also introduces risks such as WhatsApp job scams and deep fake applicants.
The involvement of organised crime via reference houses orchestrating sophisticated schemes that threaten data security and company integrity.
The shift towards remote work, exacerbated by the pandemic, underscores the crucial need for robust monitoring to safeguard businesses.
Keith also highlighted the robust support from the UK Government and Parliament in addressing the scourge of hiring fraud, recognising its detrimental impact on British businesses and the wider economy. With the involvement of the UK's anti-fraud champion briefing the Prime Minister, significant strides have been made, leading to the development of the UK's inaugural guidance on tackling hiring fraud. This comprehensive initiative emphasises the profound impacts of fraud, including bankruptcies, layoffs, safeguarding issues, and financial losses for individuals. Central to these efforts is the introduction of a comprehensive guide tailored for UK employers, aimed at fortifying hiring practices within organisations and supply chains. Emphasising the critical importance of safety in hiring, these measures are crucial for enhancing the competitiveness and prosperity of the UK, particularly amidst rapid technological advancements.
Synthetic Identity and Deepfakes
Synthetic identity fraud is rapidly becoming one of the most prevalent types of financial crime worldwide, with the McKinsey Institute noting its exponential growth, particularly in the United States, where it accounts for 85% of all fraud cases. It involves fraudsters combining genuine personal information with false identifiers to fabricate new identities, posing significant challenges for detection and prevention efforts.
An example of how widespread synthetic ID fraud is, as well as the importance of authorities working together to prevent its growth, is the recent takedown of the LabHost website. The site was set up by an organised crime network to create phishing websites aimed at stealing personal information and contained 500,000 fraudulent documents, primarily related to banking and personal details. The takedown was successful due to the joint work between multiple organisations, including the Met Police, NCA, and City of London Cyber Alliance, in addressing cyber threats.
The significance of such incidents in terms of data security and the potential exposure of personal information is huge for individuals and businesses. The challenge for businesses and authorities lies in keeping pace with the evolution of hiring fraud, as criminals are shifting from the more traditional scams like WhatsApp job scams to more sophisticated methods like deepfakes and synthetic identity fraud.
Challenges also arise in detecting synthetic identity fraud due to the combination of genuine and false information fraudsters use to create new identities. For employers, verifying the authenticity of job applicants becomes ever more challenging given the rise of deep fakes and synthetic identities.
Deepfake red flags
Rob also discussed the importance of identifying red flags associated with deepfake images, emphasising the importance of scrutinising details like hair, background quality, and artifacts around the edges of photos. The "Halo effect," which refers to the artificial quality around the hair and close crop of images, is a key indicator as well as smudges, irritation, or strip marks that may suggest manipulation. Other indicators include chromatic eyes that appear piercing and unnatural, as well as blurry or melted areas around small details like earrings and other jewellery.
Deepfake document generators
Deepfake document generators have become increasingly sophisticated, leveraging AI technology to create convincing forgeries that closely resemble genuine documents. These generators utilise two databases of high-resolution genuine documents, which are merged to produce a new, fabricated document. Similarly, AI algorithms can generate facial images of non-existent individuals with remarkable realism.
With deepfake document generators, users can input data into pre-formatted fields, including uploading deepfake images of individuals and signatures. The generated documents may feature various backgrounds and lighting conditions, but closer examination reveals discrepancies such as unnatural perspectives, lighting inconsistencies, and missing details like shadows. While these documents may initially appear authentic, careful scrutiny can uncover telltale signs of forgery. Despite their flaws, deepfake document generators are readily accessible on platforms like Telegram, where users can obtain or even contribute genuine documents for training AI models. As AI technology continues to advance, the sophistication of these forged documents is expected to increase, posing new challenges for document authentication and fraud detection.
Immigration Fraud
Covered comprehensively in the guide, immigration fraud is an ongoing, urgent issue. Reed Screening launched AssuredID, a digital right to work service, in collaboration with the UK Home Office back in early 2022, anticipating the shift towards digital right to work checks. The service has since facilitated over 200,000 checks in under two years. Impressively, AssuredID has uncovered approximately 7,000 fake documents, underscoring the effectiveness of digital systems in comparison to manual checks. However, despite these advancements, immigration fraud continues to evolve, with perpetrators devising new methods and documents to evade detection.
Gavin discussed how identity document forgery was fuelling immigration fraud and right to work fraud. There has been an increase in counterfeit Irish passport cards, facilitated by their simpler construction compared to traditional passports. These cards, often made of polycarbonate or PVC, are easier to counterfeit using readily available laser printers, posing a considerable challenge for authentication. Additionally, the misuse of immigration share codes by imposters adds another layer of complexity to the issue, especially when combined with genuine details on false documents.
The misuse of genuine ID documents, including stolen or compromised documents, is also on the rise, fuelling a black-market trade which enables individuals to pass off as others, exploiting vulnerabilities in identity verification systems. As the post-Brexit era has ushered in a more diverse workforce, introducing passports from a wider range of countries into the recruitment process, the complexity of document verification for hiring managers and HR departments has significantly increased. Amidst these challenges, reports of the Home Office granting sponsorship licenses based on false documents highlights the urgency of vigilance in ensuring the authenticity of documents and mitigating right-to-work threats.
False documents on social media
Through a deep dive into social media platforms, approximately four and a half thousand forged identity documents were uncovered. These documents included a variety of types, with driving licenses comprising 47%, followed by passports, visas, ID cards, and residence permits. Notably, 62% of the driving licenses were UK-issued, despite not being compliant with right-to-work regulations. Additionally, we identified about 1000 genuine documents being advertised for sale, further complicating the landscape of document authenticity. While national checking portals exist to verify document validity, our analysis suggests that a significant portion of the documents advertised may be invalid, lost, or stolen. However, the lack of such portals in every country may result in underestimations of the prevalence of fraudulent documents.
The deep dive into UK driving licenses also revealed significant concentrations of fraudulent documents in densely populated areas such as London, Greater Manchester, Merseyside, Leeds, Nottingham, Leicester, and Birmingham. These areas have historically been hotspots for counterfeiting activities.
False driving licenses are particularly sought after because they provide access to benefits like opening a bank account, which is often not possible with just a provisional license. It's worth noting that individuals with false driving licenses typically possess multiple fraudulent documents. Moreover, over 100 companies listed on Companies House are associated with at least 62 individuals linked to fraudulent driving licenses, highlighting the extensive network of individuals involved in such activities.
AI in hiring
The guide briefly addresses the increasing use of AI in job seeker services, particularly in the US, where technology startups offer real-time application services, allowing job seekers to apply for multiple positions simultaneously with tailored CVs and applications. This presents a challenge for HR departments in managing increased application volumes efficiently. While AI holds promise in streamlining hiring processes, ethical considerations loom large. Unethical use of AI can lead to the generation of bogus CVs and job applications, further exacerbated by the emergence of deep fake technology, which creates fake candidates with authentic details and documents. In response to these challenges, employers must carefully consider their stance on the use of AI in hiring, weighing its benefits against potential risks.
Looking ahead, the Better Hiring Institute and Reed Screening will publish best practice principles for AI use in hiring, providing much-needed guidance for organisations navigating this evolving landscape. Reed Screening has already begun leveraging AI to detect forged documents used by job seekers to support their applications.
Quantum Computing
Quantum computing poses significant risks to digital identities by potentially breaking cryptographic algorithms that currently secure communication and digital identity systems. QC's capabilities enable attackers to break encryption protecting personal information, leading to identity theft, fraud, and unauthorised access to personal accounts or systems.
The adoption of quantum-safe encryption algorithms can mitigate the vulnerabilities posed by traditional encryption methods, ensuring the protection of sensitive data against exploitation by fraudsters.
Quantum computing excels in simulating complex scenarios, providing a valuable tool for testing and refining AI models. This capability enables businesses to anticipate and prepare for potential attacks, enhancing fraud detection and prevention efforts.
While the convergence of quantum computing and artificial intelligence amplifies risks to digital identity, it also presents opportunities to enhance fraud detection and recruitment processes through predictive capabilities.
To effectively navigate these challenges, businesses must adopt proactive measures, anticipating and preparing for potential attacks facilitated by quantum computing and AI, rather than waiting for incidents to occur.
Dual employment monitoring
Rob described the concerning phenomenon of ghost jobs and ghost working, where individuals go through the hiring process only for the employers to disappear after candidates have provided personal information and banking details. In these scenarios, applicants are often left in the dark about the nature of the job and never hear back after providing their details.
Ghost working, particularly prevalent in industries like construction and healthcare, poses significant risks to health and safety, as unqualified individuals may be performing tasks they are not trained for, jeopardising patient care and workplace safety. Moreover, the practice of working multiple jobs concurrently raises questions about authenticity and integrity, with individuals potentially claiming sick leave from one job while working elsewhere. This not only constitutes fraud but also undermines trust and security in the workplace. Monitoring and thorough background checks are therefore important to prevent fraudulent activities and safeguard against the exploitation of sensitive information by organised crime networks.
Reed Screening now routinely conducts checks for dual employment and overemployment across the Reed group of companies, identifying employees who have started their own recruitment businesses or taken on additional undisclosed roles. Hiring fraud checks, including those for dual employment, are becoming more common in candidate assessments, with various types of checks available.
Reference Houses
In a study of approximately 50,000 candidates for referencing revealed that as many as 10% of them were flagged for various concerns, including legitimacy, outright fraud, or matches with reference houses. Reed Screening’s database includes nearly 200 active reference houses operating in the UK, particularly prevalent in sectors like financial services and healthcare, but expanding across other industries as well. Reference houses are utilised by criminal groups to facilitate employment by providing fake references or supporting the placement of insiders into organisations for malicious purposes.
Insights from our attendees
We took the opportunity to get a gauge of the experiences and opinions of our attendees.
Have you ever encountered hiring fraud within your business?
Yes – 42%
No – 37%
Unsure – 19%
Are you confident your hiring processes are fully protecting your business against fraud?
Unsure – 41%
No – 32%
Yes – 25%
Do you want more information on stopping illegal working within your organisation?
Yes – 82%
Not now – 14%
No – 2%
These insights from our attendees highlight the importance of improved and updated advice and resources for employers in tackling hiring fraud. With 42% of attendees being sure that they had encountered hiring fraud within their own hiring processes, and a further 19% being unsure, the scale of hiring fraud is broad and far-reaching.
As well as this, employers aren’t confident that their processes are fully protecting their businesses from hiring fraud, with almost three quarters stating that they were unsure or didn’t think that they had enough protection.
The need for more information is clear, with an overwhelming majority of 82% of attendees saying that they want further information and resources.