← Back to Blog
The Deepfake Briefing

You Could Be About to Hire Someone Who Doesn't Exist

July 4, 2026
· By David Pride
Ink drawing of a laptop during a video job interview where the applicant's face is a paper cutout mask on a stick, with a single amber ID badge on a lanyard.

I have hired people I never met in person. Most founders have by now. You post a role, the resumes come in, you hop on a few video calls, you watch someone talk through their work, and somewhere in that conversation you decide to trust them. That whole ritual runs on one basic assumption. The face on the screen belongs to a real person who is actually applying for the job.

That assumption is breaking.

In 2024, the security-training firm KnowBe4 hired a software engineer with a strong resume. He passed four video interviews. He cleared a background check. His face matched the government ID he submitted. Everything checked out. Then the new company laptop powered on and started loading malware. The engineer did not exist. He was a North Korean operative using a stolen American identity and an AI-altered face.

I keep coming back to that story because of how ordinary it sounds up front. Four interviews. A matching ID. This was not a careless hire by a team that skipped steps.

Here is what has changed since then. Palo Alto Networks and its Unit 42 researchers now describe real-time deepfakes as a logical evolution of the North Korean IT-worker scheme, where a single operator can interview for the same job over and over using different synthetic faces. The barrier keeps dropping. One analysis found it takes about 70 minutes for someone with zero image-editing experience to build a fake candidate that can pass a live video interview.

The numbers are the part that made me sit up. Gartner projects that by 2028, one in four job candidates worldwide will be fake. In a survey of IT and fraud leaders, 41 percent said their company had already hired and onboarded a fraudulent candidate. And nine security officials told Axios they had never met a Fortune 500 company that had not, at some point, accidentally put a North Korean IT worker on payroll.

This is the same family of fraud I have written about before, the kind that let criminals impersonate a CFO on a live video call and walk out with 25 million dollars. The tools are identical. The only thing that changes is the doorway. Instead of faking your boss to move money out, they fake a stranger to get inside.

And this is not only a Fortune 500 headache. In March 2026, a Japanese IT company caught a suspected deepfake applicant mid-interview, with analysts flagging likely ties to the same overseas-employment schemes. Smaller companies are actually easier marks, because they rarely have a fraud team watching the hiring funnel. I have felt that gap in my own business. When you are moving fast and trying to fill a seat, whether the candidate is even a person is the last thing on your mind.

I do not want to leave you scared, because most of the fixes here are human, not technical.

Ask for something live and unscripted. Deepfake rigs still struggle with sudden movement, so asking a candidate to turn their head fully to the side or stand up and step back from the camera can break the illusion. Watch for audio that lags the lips, flat even lighting on the face, and eyes that never quite track. Add a verification step that lives outside the video call, the same callback habit I keep pushing for any wire request that feels off. Confirm identity through a channel the applicant did not choose. And if your team is not sure what a manipulated face even looks like, spend ten minutes learning how to spot a deepfake before your next interview loop.

For small teams, the owner's defense playbook I wrote for deepfake scams applies here too. Build in a pause right before the moment you extend trust. That is exactly where these schemes live.

There is a real cost to getting this wrong, and it is not only the malware or the stolen data. A fraudulent hire can sit inside your systems for months, and most cyber policies were not written with synthetic employees in mind, which is its own gap I have dug into around deepfake coverage.

I stay optimistic about this, honestly. Every founder I know is getting sharper about verification, and the same awareness that protects your money protects your team. The fix is human. One more small habit at the moment you decide to trust someone new.

If you want a clear read on where your own exposure sits, take our free 2-minute Deepfake Risk Assessment. It is a fast way to see the gaps before someone else does.

Get The Deepfake Briefing

The threats, the laws, and how to stay protected, in your inbox each week.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.