Fake Identities and Fake Diplomas: Hiring Under Extreme Pressure

Deepfakes and fake diplomas: AI powering hiring fraud

Understanding how digital forgeries are evolving to better protect your company.

Introduction

The recruiter has just completed a perfect video interview. The candidate handles technical questions, the resume looks solid, and the diplomas are attached as PDFs. Two weeks later, reality hits: the person hired has none of the skills demonstrated during the interview. The real expert who answered the questions was not the candidate.

This scenario, documented by several international cybersecurity organizations, illustrates a profound shift in hiring fraud. It is no longer limited to polishing a resume: it now mobilizes increasingly accessible digital-forgery tools to produce identity documents, diplomas, and visas that are hard to distinguish from originals.

The global scale of document fraud

Application-related fraud is now part of a structured criminal economy that affects three major categories of documents: diplomas, passports, and visas. Available data illustrates the scale of the phenomenon:

More than 75% of companies have discovered discrepancies in applications during their hiring processes (HireRight — Global Benchmark Report on Identity Fraud in Hiring, 2025).

In virtual interviews, 60% of hiring managers have identified candidates who misrepresented their qualifications or experience (Checkr — The Hiring Hoax Manager Survey, 2025).

• 25% of candidate profiles could be entirely fake or AI-generated by 2028 (Gartner, July 2025).

In this context, the hiring process becomes a new attack surface for organizations.

The three main families of document fraud

1. Diploma fraud

Academic fraud is one of the most widespread forms of forgery in recruitment. The global market for fake diplomas and related services is estimated at $21 billion (Parchment, 2024). Today, these documents are produced with enough visual precision that naked-eye detection is unreliable.

Three falsification modes can be distinguished:

A — The forged diploma

An authentic document is altered after creation: name, grade, date, or institution changed. Editing software makes it possible to manipulate typography, stamps, and signatures with increasing precision. These modifications generally leave traces in the file's metadata.

B — The digitally reconstructed diploma

Artificial intelligence tools can generate a modified version of an existing document, or reconstruct a whole document from visual examples. Unlike classic forgery, this approach generates a new file whose structure may look coherent, but whose content is fraudulent.

C — The fully generated diploma

Specialized services offer diplomas created entirely by AI for fictitious universities with convincing websites, active phone numbers, and “professor” profiles. These complete fraudulent ecosystems are particularly hard to spot without cross-checking against official accreditation registers.

Warning signs to watch for:

• – Metadata indicating a recent creation for a supposedly old document
• – Font or logo slightly different from the institutional standard
• – QR code redirecting to a recently registered domain
• – Accreditation number not found in official registers
• – Impossible academic dates (a semester ending before its start date)
• – Signature or stamp reproduced from a public document
• 2. Passport and identity document fraud

Forgery of passports and identity documents has undergone a profound transformation. Physical alteration methods have largely given way to digital techniques. Three categories can now be distinguished:

A — The forged document

An authentic document is digitally altered: photo replaced, personal data modified. Detection relies on analyzing embedded security features and verifying with the relevant authorities.

B — The digitally reconstructed document

Passport images are generated or manipulated by AI tools to produce visually convincing scans. These fakes are especially used in remote identity-verification processes where no physical document is ever presented.

C — Synthetic identity

It is no longer about forging an existing document, but about creating a complete identity that does not exist: a name, date of birth, address, partial history, and a coherent document are generated together. These identities sometimes combine real data with fictitious information, making detection structurally harder because no real individual is directly impersonated.

In a hiring process, a fake ID document mainly serves to:

• – Bypass work-eligibility checks
• – Hide a real identity (history, flags in sector databases)
• – Allow someone to apply under another person's identity that has the required qualifications
• 3. Visa fraud

Forged visa documents are a blind spot in many hiring processes. HR teams rarely verify work visas with the same rigor applied to diplomas, even though these documents legally condition the right to work.

Three types of fraud can be distinguished:

A — The forged visa

An authentic visa is copied or digitally modified: altered expiration date, visa type changed (tourist turned into work visa), or issuing country modified. Consular verification systems can theoretically validate these documents, but few employers have direct access to them.

B — The digitally reconstructed visa

Images of passport pages containing visas are generated or manipulated by AI. These fakes are frequently used in fully dematerialized hiring processes, where no physical document is ever checked in person.

C — The fully generated visa

In documented cases, visas are generated for nationals of fully synthetic identities. This type of fraud targets remote international hiring processes, where verifying foreign documents is structurally more difficult.

Hiring someone whose work visa is forged exposes the employer to significant risks:

• – Administrative sanctions for illegal employment
• – Fines whose amount varies by national legislation
• – Liability if negligence is established
• – Reputational risk in case of inspection or investigation

Why organizations have become targets

The generalization of remote hiring

Video interviews are now the norm. Tools can manipulate image and voice in real time during an interview, to the point where the recruiter may interact with someone whose on-screen appearance does not match their real identity. This phenomenon has been documented by several international cybersecurity authorities, including the FBI, which has issued public warnings about it.

The strategic value of internal access

A fraudulent hire can grant access to IT systems, internal databases, and strategic communications. Documented cases show these accesses have been used maliciously, notably to exfiltrate intellectual property or compromise infrastructure.

The limits of current defenses

Most organizations rely on manual reading of the resume, visual checks of documents, and the video interview. These mechanisms rely on human trust. Modern document fraud exploits exactly this weakness: documents designed to fool a visual check leave no obvious trace without deeper analysis.

Recruiters face a structural problem: they must make a decision based on digital evidence that easily accessible tools can forge. The issue is no longer whether this happens, but how to protect against it.

Legal and compliance framework: what matters most

The legal consequences of a forged document always depend on the facts, the sector involved, the applicable qualification, and the competent jurisdiction. In practice, the main issue for an organization is to be able to demonstrate a proportionate, traceable, and well-documented verification process, with human review whenever a decision may have a significant effect.

The controls described here should therefore be understood as risk-management, compliance, and evidence-preservation measures. Any final blocking decision, report, contractual sanction, or legal action should still be validated by the relevant legal or compliance teams.

Illustrative scenario: combined fraud in a remote hiring process

The following scenario is illustrative. It is based on fraud typologies documented by cybersecurity authorities and identity-verification organizations, but does not correspond to an identifiable real case.

The context

An international technology company hires a senior remote developer. The candidate presents a solid resume, a diploma from a reputed university, an apparently valid work visa, and successfully completes a technical video interview. The documents are submitted to in-depth analysis before the hire is finalized.

What deeper analysis can reveal

Identity substitution during the video interview

The candidate’s image shows visual inconsistencies characteristic of real-time manipulation: micro-distortions around facial contours, lip movements not aligned with the audio, atypical behavior during sudden gestures.

Digitally produced diploma

The PDF file has an atypical structure for a scanned document. The named university does not appear in any accessible official accreditation register. Its website was registered shortly before the application.

Digitally reconstructed work visa

The visa image shows visual characteristics consistent with digital generation or manipulation. The visa number matches no known official format for the issuing country.

Partially synthetic identity

Cross-checking data reveals that the used identity combines real elements with unverifiable information: non-existent address, date of birth matching no public record.

What happens next

The verification team receives an alert. The candidate file is suspended and an additional verification is carried out before any hiring decision. The hire is canceled.

This type of case illustrates the value of integrating a systematic document-analysis process upstream of any decision, in addition to usual human checks.

DeepForgery: a solution integrated into your verification processes

DeepForgery is designed to integrate directly into existing document-verification workflows used by HR, legal, and compliance teams, without changing their organization.

Two deployment modes

DeepForgery is available through two integration options adapted to each organization’s constraints:

In both cases, analysis is performed automatically when the document is submitted or transferred into the processing workflow, with no additional manual action required from teams.

Two complementary engines

DeepForgery Media analyzes video and audio streams to identify visual and sound anomalies during remote interviews.

DeepForgery Documents includes models trained specifically to detect document fraud in its three main forms:

• – forged documents — modified after creation using editing software (image retouching, PDF editing, professional graphic tools)
• – digitally reconstructed documents — all or part of which has been recreated by AI from existing templates
• – fully generated documents — produced ex nihilo by AI tools or specialized software, with no authentic source document

These models analyze internal file structure, metadata, and visual characteristics of the document’s components, and cross-check against external reference sources (accreditation registers, official document formats by issuing country). This multi-layer approach addresses fraud that escapes human visual verification.

The two engines work together, providing broader coverage of the exposure surface in a dematerialized hiring process.

What the analysis covers

• – Verification of the structural consistency of submitted files
• – Metadata and document-history analysis
• – Cross-checking declared data against external references (accreditation registers, official document formats)
• – Detection of manipulation or digital-generation indicators in video streams
• – Production of analysis reports usable for internal audit

DeepForgery is a decision-support tool. Its analyses are indicators to consider in a broader verification process, not definitive conclusions. Any decision to hire or reject remains the organization's responsibility, based on all available checks.

Frequently asked questions

Does DeepForgery support all document types?

DeepForgery supports the main formats used in hiring processes: PDF, images, scans, and screenshots. It covers diplomas, passports, work visas, transcripts, and recommendation letters. The list of supported formats is available in the technical documentation.

What is the difference with an optical document-reading tool?

An optical reading tool (OCR) extracts text from a document. DeepForgery analyzes the structure and coherence of the file itself: modification history, compliance with document standards, presence of indicators of digital generation or manipulation. The two approaches are complementary.

Can DeepForgery distinguish the different types of document fraud?

The analysis aims to identify different categories of indicators depending on the type of manipulation: a modified document, a digitally reconstructed document, and a generated document have distinct characteristics. The solution produces a categorized analysis report that enables teams to prioritize complementary checks.

How does integration into existing HR processes work?

Integration relies on a documented REST API, compatible with the main ATS systems on the market. For on-premise environments, installation documentation is provided and technical support is available. The goal is not to change teams' working habits, but to add an upstream automated analysis layer.

What data is transmitted during an API analysis?

Data-processing modalities, retention periods, and confidentiality guarantees are detailed in contract documentation and DeepForgery's data-processing policy. For organizations with specific constraints (GDPR, regulated sectors), on-premise mode allows processing all documents without sending them outside the infrastructure.

What teams can expect

Integrating DeepForgery into a document-verification process aims to:

• – Strengthen detection of falsification indicators in diplomas, passports, and work visas in dematerialized processes
• – Identify visual and behavioral anomalies during remote video interviews
• – Reduce infiltration risk linked to a fraudulent identity or unverifiable qualifications
• – Support compliance with AML6, GDPR, and immigration-law requirements by producing traceable audit elements
• – Free teams from repetitive manual checks on common documents

Conclusion

Hiring fraud has changed in nature. It is no longer only about embellishing a resume, but about producing complete identities and career paths using accessible digital tools: diplomas from fictitious universities, reconstructed identity documents, generated visas. These documents are no longer handcrafted imitations — they are digital artifacts designed to bypass usual visual checks.

In an environment where organizations must protect their data, internal access, and comply with labor and immigration law, the absence of an appropriate document-verification process represents a real legal and operational risk.

Integrating automated document analysis upstream of hiring decisions, via API or on-premise deployment, makes it possible to add a structured vigilance layer without burdening existing processes — and to have traceable elements in case of inspection or audit.