Tech Hiring Has A Fraud Problem
02/02/2026
Over the last 18 months I’ve had to change how I screen and review job applicants. Not because standards have dropped. But because the risk has gone up!
What used to be the occasional strange CV/Resume is now something I expect to see regularly. Applications that look fine at first glance, but raise enough questions that moving them forward just isn’t worth the risk.
This isn’t about real candidates or people needing help presenting themselves. It’s about applications that are deliberately misleading, or in some cases... COMPLETELY FAKE!
I shared a real example publicly where a candidate turned out to be using an AI deepfake filter over their face during an interview process. Once you’ve seen that happen, you stop assuming it’s a one-off
(Watch the story of the deepfake on my YouTube here.)
This also isn’t just my experience or limited to hiring Python and Django engineers. The Pragmatic Engineer pointed out in this article last year. AI generated and fraudulent candidates are now showing up across hiring pipelines in the US, UK, and Europe.
The takeaway is simple. These aren’t edge cases anymore, they’re a pattern hiring teams now have to look out for.
What I’m seeing more of
It's worth saying that most applications are still genuine.
BUT mixed in with them now are profiles that raise concerns almost immediately. Not because of a single mistake, but because of patterns that don’t sit right.
🚩 CVs that read too well but feel oddly empty of any personality
🚩 Experience that sounds impressive but is strangely generic
🚩 LinkedIn profiles or GitHub links that don’t quite match the rest of the profile
I regularly see Nike and Apple on a fake profile. Almost always a red flag in itself
Every day I’m seeing cases where I don't believe that the person applying will be the person who would turn up to interview. If these scammers actually reach a client facing interview stage, the damage is already done. Time is wasted and trust takes a hit. That’s why the focus has shifted earlier in the process.
I also spend a lot of time each year at conferences and community events, meeting hundreds of REAL Python and Django developers in person. Those conversations, understanding the people and the networks around them, make it much easier to sense when something doesn’t add up.
RED FLAGS I look out for
None of these on their own prove anything. But when several appear together, I’m usually going to tap out. Most sensible people will ignore a message from a stranger overseas offering them millions out of the blue. Hiring isn’t that different now, when something feels off, it usually is.
🚩 Identity inconsistencies
Details around name, photo, location, or work history that don’t line up cleanly. Not proof, but a risk signal I’ve learned to trust.
🚩 LinkedIn profiles with no clear photo
No photo, faces hidden, turned away from the camera, heavy filters, avatars, memojis, or long-distance shots. On their own this might mean nothing. Combined with other flags, it matters.
🚩 Weak or missing online history
No LinkedIn profile, broken links, very new accounts, or senior-looking CVs paired with very few connections. The same applies to GitHub profiles with no long-term activity or history that doesn’t match what’s being claimed.
🚩 Overly perfect CVs
Flawless timelines, no gaps, lots of big company names, and very little detail about what was actually built. These can be harder to verify than they look.
I’m not trying to prove someone is real or fake here. I’m deciding whether the risk is acceptable to spend my time with this candidate. I normally take the stance, if there's a doubt, there's no doubt. I just delete the application and move on to the next.
The deepfake candidate I came face to "face" with. My expression just shows how annoyed I was by the whole situation.
Double checking and being deliberately cautious
The scams have evolved. It’s no longer just brand new profiles. People are now seeing applications that use otherwise solid looking profiles belonging to real people.
A hiring manager as recently as last month (January 2026) shared a case that stood out:
- They had an interview booked, everything looked fine, but something felt off. So they messaged the person directly on LinkedIn to confirm.
- The reply came back quickly. It wasn’t them.
- Their profile had been used without their knowledge and someone else was about to interview under their name. This is much harder to spot and very easy to miss early on.
This is where having and using your professional networks really matters. When you spend time in the community, meet people face to face, and stay connected, verification becomes far easier. You’re not relying purely on documents and profiles. You’re able to draw on a deeper understanding.
(identity hidden deliberately, they could have used a real profile photo)
Above is an example fake candidate, who applied to a job recently and has been reported to LinkedIn:
Name and face don't match the associated email 🚩
Profile opened in 2023 vs 15 year career 🚩
Work history very common amongst fake profiles 🚩
Application made at unusual time of day for San Diego, CA 🚩
No mutual connections within my Python Developer network 🚩
My suspicion is that this was a genuine profile, it's been hacked and "re-branded" as a Software Developer. There are no "social posts" on the profile, but up until 3 weeks ago all the reactions (likes) show that this person was interacting with "Freshers job postings" in the biomedical sector in India.
I think this "re-skinning" of profiles is going to be more commonplace as the scams evolve. Be even more careful with your passwords and maybe set up another way of verifying your Linkedin Account.
Screening calls before submission
Before I put anyone in front of a client, I run a short screening call. This isn’t a technical interview. It’s a final sense check that the person applying is real, present, and who they say they are.
I’m upfront about this and include the requirements on the booking page and calendar invite.
If a candidate objects, I cancel the call. That decision alone filters out a surprising amount of nonsense. If I'm on the call and still feel suspicious, I have the fallback of asking to see the ID and ask the candidate to hold this to camera (in front of their face) where I will also be able to make a further judgement call.
How I actually run these calls
Even with extra checks in place, I never treat screening calls like interrogations. The objective is still to meet a new person, to discuss my client, their jobs and see how I can help the jobseeker in their search. Like I said at the start, most applications are still genuine.
The first part is about building rapport. Where someone is based. Their setup. Local meetups or community involvement. Normal conversation. The kind that’s very hard to fake convincingly.
From there, I’ll talk through their work history at a high level. What they’ve done. Where they’re strongest. Where they know they still have gaps. I’m not looking for detail here. This is where someone using a script will fall down. They won’t actually answer the question and will miss the cues.
I’ll also dig into why they’re looking for work. There’s always a reason someone applies. A human reason, usually with a bit of emotion behind it. Understanding that context matters more than job titles and a perfect match of skills ever will.
Having met so many developers in person over the years, these conversations tend to feel very different when someone is genuine.
Getting out, into the community. Jon (holding the O in Django) at a Django event in Copenhagen.
A quick reality check
I love to find humor or fun in a situation, even one with the potential risk involved with these fraudsters and there’s a quote from Michael Scott in The Office that I always think of in this scenario.
It’s ridiculous, but it sums things up. Most of us were happy to give the benefit of the doubt for years. Assume good intent. See how it goes in interview.
Giving the benefit of the doubt worked when deception was rare.
It doesn’t now. Starting from a position of scepticism and working forwards is simply safer.
💩 If it smells like bullshit, avoid it and move on.
The trade off I’m comfortable making
This approach isn’t perfect and I know some genuine candidates will be filtered out earlier than they would have been in the past. I’m fine with that.
The cost of introducing a fraudulent candidate into a process is far higher than most people realise. Lost time Broken trust. Delayed hiring. In some cases, real commercial or security risk.
This is true whether you’re hiring directly or working with a recruiter.
When you compare that potential loss to a recruitment fee, especially one with a rebate period built in, the maths is simple. The downside is capped. The risk is shared.
🦊 Why Foxley Talent exists
Foxley Talent is community first by design. But I never designed it with this situation in mind. Who would.
I spend a large part of each year at Python and Django conferences, meetups, and events, meeting developers in person and building long-term relationships. Those people have their own networks, and those networks matter.
Attending DjangoCon US 2025 in Chicago. 350+ REAL Django developers in the same room.
When someone applies for a role, I’m not just looking at a CV. I’m looking at whether they fit into a community I know well, whether their story makes sense, and whether there’s enough trust to put them in front of a client.
If you’re hiring a Python or Django developer and want to reduce risk, save time, and avoid learning these lessons the hard way, that’s where I can help. Book a call and let's work together.
And if you’re a genuine developer, working with someone who knows the community and can vouch for you often works in your favour too. Please get in touch or visit the Foxley Talent Jobs Page to see if there's a role that interests you.
