When You Find One Fraudulent Hire, You Usually Find More


Most organizations treat the discovery of a fraudulent employee as a closed incident: something to investigate, remediate, and move past. The evidence from organizations that have actually gone through this process suggests a more complicated reality.
"What we've seen from organizations that know what they're looking for is that often, if they find one of these actors, they find more," Matthew Welling, a partner at Holland & Knight, told HR Dive a few weeks ago.
The mechanism is not coincidence. If one bad actor is successfully hired, Welling noted, they can act as a reference for others, using their insider knowledge of the employer's hiring process to coach additional fraudulent candidates through.
That changes the threat model significantly. A single fraudulent hire inside a large remote workforce represents a vulnerability that has already been exploited to map the organization's defenses, and that map is being shared.
How the network effect works
The fraudulent hire who makes it through the hiring process has something valuable: specific knowledge of which controls failed to catch them. They know which stages verification runs at, which questions interviewers ask, what a background check covers, and where the gaps are. That knowledge has material value to others running the same playbook, and organized fraud operations treat it accordingly.
Welling also noted that suspected fraudsters tend to be "very cooperative and communicative" when organizations grow suspicious, with some going as far as returning company laptops or arranging in-person meetings with employers to extend the scheme's runway. The goal in those moments is to buy enough time to ensure the next candidate in the network can complete the same process before suspicion is raised.
The behavior reflects a coordinated operation with continuity across targets. Individual opportunists do not invest this level of effort in extending their welcome.
Why point-of-hire verification is necessary but not sufficient
The standard response to hiring fraud is to improve the hiring process: better screening, identity verification at application, government ID checks at the shortlist, trained examiners at Day One. All of those controls matter, and a layered verification approach that runs through the full funnel is significantly more effective than a background check alone.
The network effect reveals a limit to point-of-hire verification as a complete defense, though. The fraudulent hire who clears verification and gains access has already changed the risk calculation for every subsequent hire who uses them as a reference. The exposure continues for as long as that person retains access, and potentially beyond.
Neda Shaheen, an associate at Holland & Knight, noted that sanctions for employing fraudulent workers can be imposed on a strict liability basis, meaning no intent is required and organizations can face consequences even when they had no knowledge a violation was occurring. That legal exposure does not reset when HR closes the incident file.
What a complete response looks like
A hiring integrity program designed to account for the network effect has two components that point-of-hire programs typically lack.
The first is breadth of investigation.
When a fraudulent hire is identified, the immediate question worth asking is who else in the organization used that person as a reference, interacted with them in the hiring process, or was recommended by them. The Holland & Knight guidance is direct on this: organizations that know what to look for find more actors. That means the search has to expand beyond the individual from the moment one is confirmed.
The second is continuity of identity assurance after hiring.
A continuous identity record that starts at application and runs through the I-9 at Day One creates an auditable thread that can be revisited when a question arises later. If a fraudulent hire used a stolen identity that was verified at entry, that verification record becomes both evidence in the subsequent investigation and a baseline for auditing related hires.
The implication for how organizations think about hiring fraud is meaningful. A hiring integrity program designed for the network effect has a different target than simply preventing any single fraudulent candidate from clearing the funnel.
The goal is to make the entire network effect unworkable, by ensuring that insider knowledge of the verification process does not translate into a replicable advantage for the next fraudulent candidate behind them.
See how Proof builds a continuous identity thread that holds up to that standard >
















































.jpg)








































































.png)

.jpg)












