U.S. authorities have indicted fourteen North Korean nationals for spending months or years embedded in American companies under fabricated identities, conducting interviews using AI tools and deepfakes, and routing roughly $88 million in wages over six years back to the regime. The DOJ has named over 136 U.S. victim companies. OFAC imposed additional sanctions on the networks behind it in March 2026, targeting DPRK IT worker facilitators across North Korea, Vietnam, Laos, and Spain.
That's the extreme end of the spectrum. But the underlying problem is everywhere.
The Numbers Are Getting Worse
A 2025 industry survey of 3,000 hiring managers found that 60% had caught candidates lying about their qualifications or backgrounds, with another 13% suspecting dishonesty but unable to confirm it. A Standout CV study puts the number higher: 64.2% of employees have lied about skills, experience, or references at least once, up from 55% in the same study's 2022 wave.
The most common lies are by no means dramatic, they're just effective enough to slip through. Over 60% of candidates misrepresent their abilities or skills. Nearly 40% inflate their previous job title. About a third lie about their education history. One in four fabricates or coordinates fake references.
And here's where it gets expensive. Industry estimates commonly put the cost of a bad hire at 30% or more of first-year salary. For a $100,000 role, that's $30,000 in direct costs, not counting the downstream damage to team productivity, client relationships, and institutional knowledge.
And the stakes are no longer purely financial. Iowa just made lying about a degree or professional license a crime, effective July 1, 2026, a signal of where employer scrutiny is heading.
AI Made Fraud Easier Before It Made Detection Better
The rise of generative AI has supercharged resume fraud. Recent industry surveys suggest a growing share of candidates are using AI to generate fake work samples, and a majority of hiring professionals now believe job seekers are better at faking their identities with AI than HR teams are at catching them.
The tools are sophisticated. Candidates use AI to write tailored resumes that mirror job descriptions word for word. They generate fake portfolios, fabricated code samples, and polished cover letters that sound exactly like what hiring managers want to hear. And in remote interviews, deepfake technology can alter a candidate's appearance and voice on camera.
Regulators are scrambling to keep pace, with a patchwork of new AI hiring rules already taking shape across the states. For a rundown, see 5 AI hiring laws that could catch your company off guard.
Spotting a Deepfake in a Video Interview
Spotting a deepfake in a live interview is harder than it sounds. Research suggests people catch manipulated video only about 56% of the time, barely better than a coin flip, and most video platforms ship with no detection built in. Real-time deepfakes do leave tells, though, if you know where to look.
- Watch the mouth first, because synthetic lip movement often lags a beat behind the audio or never quite matches the words.
- Watch the eyes next, since AI faces tend to blink in an odd rhythm, sometimes only once every 30 to 60 seconds, and they miss the small darting movements real eyes make when scanning a room.
- Then watch the edges where the face meets hair or background, which can blur or shimmer during a head turn while the lighting on the face stays flat against a room that shifts around it.
None of these signs is proof on its own, which is exactly why observation belongs alongside identity verification rather than in place of it.
The North Korea Problem Is Real
This isn't science fiction. DOJ indictments have documented more than 136 U.S. victim companies, and security researchers believe the full scale of infiltration is significantly broader. North Korea deploys an estimated 100,000 overseas workers across dozens of countries, with an estimated 3,000 to 4,000 of those specifically in IT roles. Despite the relatively small headcount, the IT workers' earnings are disproportionately large: OFAC filings cite the schemes generating nearly $800 million in 2024 alone to fund weapons programs. A single December 2024 indictment out of the Eastern District of Missouri accounted for roughly $88 million in wages earned over six years by just fourteen operatives.
Their methods are advanced. They use generative AI to forge synthetic identities, alter photos, and build entire fake professional histories. In video calls, they use AI to mask their appearance and guide their answers to technical questions. A single operator can interview for the same position multiple times using different synthetic personas.
By November 2025, the DOJ had identified 136 U.S. victim companies, $2.2 million in wages earned by DPRK operatives, and $15 million in stolen cryptocurrency in related cases. In March 2026, OFAC sanctioned six individuals and two entities, including Amnokgang Technology Development Company (the DPRK state entity managing overseas IT worker delegations) and facilitators in Vietnam, Laos, and Spain who were converting stolen wages into cryptocurrency.
A Three-Layer Defense
Resume fraud, whether it's a candidate padding their title or a state-sponsored actor using a stolen identity, follows a pattern: it exploits gaps between what a candidate claims and what gets verified. As with most cyber security risks, the fix is layering your verification to close off any gaps, or minimize them as far as possible.
Layer 1: Identity Verification
Before anything else, confirm the person is who they claim to be. AI-powered identity verification tools compare government-issued documents against live biometric data (a selfie or video capture) to detect synthetic identities, stolen credentials, and deepfake-generated photos. KRESS's Global ID service handles this at the front door of the screening process.
Layer 2: Resume Verification
Cross-reference every verifiable claim on the resume against primary sources. Employment history confirmed directly with previous employers. Educational credentials verified with institutions, not databases that may be outdated. Professional licenses checked against issuing boards. KRESS's ResumeMatch technology automates this comparison, flagging discrepancies between what the candidate submitted and what the sources confirm. (For more on why human verification matters alongside automation, see our blog post.)
Layer 3: Ongoing Monitoring
A clean check at hire doesn't guarantee a clean record later. Continuous monitoring catches changes as they happen, whether it's a new criminal charge, a license revocation, or an identity flag. This is where KRESS SHIELD continuous monitoring picks up, providing lifecycle screening that keeps your verification current.
The Cost of Not Verifying
KRESS screening data consistently shows that a significant share of educational credentials contain falsified information. Studies find that a meaningful percentage of applicants provide fabricated or coordinated references. And the ACFE Occupational Fraud 2024: Report to the Nations estimates that occupational fraud costs organizations roughly 5% of annual revenue. In a remote-first hiring environment, the attack surface is wider than ever.
The question isn't whether candidates are misrepresenting themselves. It's whether your process is catching it. Multi-layered verification, starting with identity and working through every verifiable claim, is the only reliable defense.