{"id":213564,"date":"2026-05-12T03:00:00","date_gmt":"2026-05-12T07:00:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/12\/why-hr-and-cybersecurity-need-to-collab-on-spotting-fake-it-workers\/"},"modified":"2026-05-14T00:55:24","modified_gmt":"2026-05-14T04:55:24","slug":"why-hr-and-cybersecurity-need-to-collab-on-spotting-fake-it-workers","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/12\/why-hr-and-cybersecurity-need-to-collab-on-spotting-fake-it-workers\/","title":{"rendered":"Why HR and cybersecurity need to collab on spotting fake IT workers"},"content":{"rendered":"

Why HR and cybersecurity need to collab on spotting fake IT workers<\/a><\/p>\n

https:\/\/www.itbrew.com\/stories\/why-hr-and-cybersecurity-need-to-collab-on-spotting-fake-it-workers<\/a><\/p>\n

Publish Date: 2026-05-12 03:00:00<\/a><\/p>\n

Source Domain: www.itbrew.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. In February 2025, Katelyn Halbert, market intelligence manager at deepfake-detection company Pindrop, noticed that an interviewee on a video call seemed a bit off. Their answers were not only vague, but delayed by a few seconds. While Halbert is no stranger to a nervous job candidate, she noticed the interviewee\u2019s lip movements weren\u2019t syncing to the audio\u2014and that was enough to make her go straight to her team\u2019s chief people officer and VP of research.\u201cThat first moment, I was very taken aback and honestly intimidated,\u201d Halbert told us.Halbert\u2019s candidate didn\u2019t land the gig, but the interview made her realize that HR needs to be aware of the tech-aided tactics that fake IT candidates will employ during interviews. These days, finding the right person for the job\u2014and a real person for the job\u2014can require some collaboration between HR and cybersecurity teams.Apply now! Tim Rawlins, senior advisor and security director at cybersecurity company NCC Group, said deepfakery in interviews frequently stems from state-run schemes backed by North Korea, in which stolen or entirely synthetic identities are used to obtain IT jobs advertised as fully remote. If the fraudsters are hired, they bypass external defenses, operate as insiders, and gain access to a corporate network. (The FBI has said that North Korea also dispatches remote IT workers \u201cto generate revenue for the regime.\u201d)In a recent LinkedIn post, Amazon Chief Security Officer Stephen Schmidt said the company, since April 2024, had stopped \u201cmore than 1,800 suspected DPRK [North Korean] operatives\u201d from joining the team. And in a March 6 advisory, Microsoft wrote that threat actors are leveraging AI to \u201cget hired, stay hired, and misuse access at scale.\u201dAnd bad news, defenders\u2014deepfakes are getting good.What to do. With HR often handling the first interview in any given hiring cycle, its team members have to spot early signs of suspicious behavior. Halbert\u2019s practices include making video mandatory (i.e., no more phone calls), and using the company\u2019s own fraud-detection tech to watch for suspicious locations and VPN use (which hides true location).Top insights for IT prosFrom cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.Rawlins recommends HR professionals find a way to ask candidates about their current location to check local knowledge\u2014a football team, a train station, a nearby park. And watch for when a candidate repeats a question, because they might just be putting that query into an AI bot to find the answer.(TechCrunch reported on a recent tactic for exposing a DPRK deepfaker: Ask them to insult their leader.)Cybersecurity teams need to help HR. Security should provide a list of \u201cred flags\u201d for their HR counterparts, according to Rawlins. Suspicious signs could include:Refusal to verify addressMismatches, even minor ones, across official documents and application materialsEnvironmental inconsistencies (is it nighttime, for example?)Obvious use of AI in photos\u201cThe recruitment really does need to be a security control, and the pre-employment screening has got to be part of your threat assessment for the organization,\u201d Rawlins said.And HR needs to help cybersecurity teams. Rawlins also advised HR teams to escalate signs of suspicion to the cybersecurity team or other relevant parties, like Halbert did.Pindrop, a deepfake-detection company, has an especially important reason for learning about the latest deception tactics\u2014and that\u2019s why their HR and cybersecurity teams work together frequently.\u201cHalf of my recruiting team now is actively trying to interview fake candidates,\u201d Vijay Balasubramaniyan, CEO and co-founder at Pindrop, told us in January. \u201cWhenever we see something weird, we\u2019re actually saying, \u2018Hey, we want to do an interview with you.\u2019\u201dBut to be an effective deepfake detector, HR professionals have to go against what they\u2019re taught, Halbert said, which is to not make quick judgments and to give people the benefit of the doubt. In addition, HR folks might not be used to deeply scrutinizing a candidate\u2019s current location down to parks supposedly near their house.\u201cAll of these things that we\u2019re now starting to make a judgment on,\u201d Halbert said. \u201cThat isn\u2019t a natural feeling for most HR folks.\u201d
<\/p>\n","protected":false},"excerpt":{"rendered":"

Why HR and cybersecurity need to collab on spotting fake IT workers https:\/\/www.itbrew.com\/stories\/why-hr-and-cybersecurity-need-to-collab-on-spotting-fake-it-workers Publish Date:…<\/p>\n","protected":false},"author":1,"featured_media":213565,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.sanity.io\/images\/bl383u0v\/production\/3553cc2c375d5ee817498733a0fc527f721185a4-1500x1000.gif?rect=0,106,1500,788&w=1200&h=630&q=70&fit=crop&auto=format","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24],"class_list":["post-213564","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213564"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=213564"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213564\/revisions"}],"predecessor-version":[{"id":213566,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213564\/revisions\/213566"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/213565"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=213564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=213564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=213564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}