After hiring a North Korean ‘fake employee’, cybersecurity platform KnowBe4 highlights the growing threat of fraudulent job applications targeting HR departments in the UK.
KnowBe4’s report, AI-Driven Scams and Fraudulent CVs: The Increased Risk to HR Operations in the UK, surveyed 1,001 HR professionals to explore the impact of AI-driven fraud, cybersecurity awareness gaps, and collaboration between HR and IT teams.
According to the findings, 44 percent of HR professionals have encountered job applications that were fraudulent or linked to scams. Notably, 40 percent of respondents admitted to progressing a fraudulent job application before recognising the deception. These applications often include malicious links or attachments, as reported by 35 percent of those targeted, posing cybersecurity risks for businesses.
Cyberattacks Linked to HR Operations
The report revealed that HR-related activities are increasingly becoming a focus for cyberattacks. Over half of surveyed companies (57%) experienced a cyberattack in the past 12 months due to employees falling victim to phishing emails. HR professionals appear particularly vulnerable, with 82 percent reporting a cybersecurity incident within the last year. However, 40 percent of respondents disclosed they lack a formal incident response plan to address such threats effectively.
“It is not unheard of for threat actors to embed malware, spyware or other harmful software into a fake resume when applying for a job application,” said Javvad Malik, lead security awareness advocate at KnowBe4. “If clicked by an unsuspecting member of the HR department, it can lead to phishing sites or initiate the download of harmful malware which can cripple the targeted organisation, steal sensitive information or exploit it financially.”
Fraudulent LinkedIn profiles further exacerbate the issue, with 48 percent of HR professionals admitting to engaging with profiles later identified as fake.
AI: A Double-Edged Sword
The report sheds light on the role of Artificial Intelligence (AI) in both facilitating and combating fraudulent activity in HR. On one hand, AI is increasingly used for legitimate purposes, with 37 percent of HR teams deploying it to screen job applications and 29 percent using it to draft job descriptions.
On the other hand, AI-driven scams are becoming more sophisticated, prompting 37 percent of HR professionals to advocate for AI-based tools specifically designed to detect fraudulent applications.
“Understandably, the use of AI by the HR department has revolutionised how organisations attract, hire, manage, and retain talent in a bid to improve efficiency and HR processes,” said Javvad Malik. “However, the report showcases how this integral department is being targeted by scammers and the risks associated with fraudulent job applications which can lead to detrimental consequences.
Cybersecurity in Recruitment
Over half (52%) of HR professionals expressed a desire for closer partnerships with their organisation’s IT and security departments, with 44 percent of respondents seeking better training for HR and recruitment teams to identify and mitigate security risks.
“As a company, we issued a warning about this threat this year after we accidentally hired a fake North Korean employee,” continued Malik. “This demonstrated how every organisation is susceptible. Ultimately, we want to see improved security awareness and advocate for all organisations to update the existing hiring processes to include more security processes to reduce the risk of falling victim. Hopefully, then we can see the exploitable gap diminish, making cybersecurity incidents fewer and further between.”
