Table of Contents
How to Spot IP Spoofing in Fake Candidates
Fake candidates have been a recurring problem in recruiting talent in the digital age, especially with the rise of remote and hybrid work opportunities. While we have covered the topic of fake candidates in detail in previous articles, we have not taken a deep dive into one of the ways you can detect a fake candidate: by identifying IP spoofing.
Spoofed IP Addresses: A Telltale Sign of Fake Job Candidates
Detecting spoofed IP addresses is one way to identify fake candidates. You can discover this red flag during remote interviews, email correspondence, or online assessments, and it requires a combination of technical network analysis and process vigilance. Becoming familiar with the steps you can take to spot these hackers will protect you from scammers attempting to impersonate the qualified candidates you want.
🔥 Hot Tip: Want to just get a team of experienced recruiting researchers to identify qualified candidates, who are real humans, linked to their verified locations, and ignore the rest of this article? Sure thing, let’s connect by clicking on the button below. Peace of mind is in your forecast!
What is IP Spoofing?
So how does IP spoofing work? Generally, it is the act of falsifying the source IP address in network packets to disguise the sender’s identity, impersonate trusted systems, or facilitate a range of cyberattacks. In recruitment, ip spoofing is one symptom of candidate falsification.
When falsifying a candidate’s location and identity, an attacker creates Internet Protocol (IP) packets with a forged source IP address, making it appear as though the outgoing packets are coming from a trusted or different computer system rather than the actual sender. For example, someone could be actually located in Australia but use a fake IP address to make it look like they are in Texas. This manipulation is achieved by altering the source address information in the packet’s header at the network layer.
Not an IT person? All good. There are several ways to identify an IP spoofer without a degree in information technology, and we’ll get into those methods as you scroll down.
What are Packets?
A packet is the basic unit of data transfer in a packet-switched network, such as the Internet. When you send information like an email, a web page request, or a file, it is broken down into smaller pieces, aka packets, before transmission.
Signs of IP Spoofing
1. Unusual IP Addresses and Geolocations
If a candidate claims to be in one location but their IP address is linked to a different region, or if it rapidly changes between distant locations, this can be a red flag.
However, keep in mind that legitimate candidates may use VPNs for privacy or remote work, so this should be one of several factors to consider. To figure out if someone is using a VPN or not, you simply enter their IP address into this tool.
2. The Candidate Uses Proxy Servers or VOIP Services
Fake candidates often use proxy servers or VOIP numbers to mask their true location and identity. With VoIP phone numbers, the user can choose their dialing code to be associated with a desired location.
While some may use it to lower the cost of long-distance calls, it can also be used to fake locations and scam people. Thankfully, tools and websites like CarrierLookup can help identify if a phone number is associated with a VOIP service, which is commonly used in fraudulent applications.
3. Packet Analysis and Filtering
Got IT pros on deck? Then this method can work for your company. At the network level, organizations can use packet filtering techniques, such as ingress and egress filtering, to detect inconsistencies between the source IP address of incoming packets and the expected address ranges for legitimate users.
If a candidate’s IP address does not match their claimed location or is not within a permitted range, this may indicate spoofing. Want to check out this process on your own? Here are the 21 best packet sniffers.
4. Time-to-Live (TTL) and IP ID Anomalies
This is another tool you can use if you have IT experience or a tech pro in-house. By examining the TTL value in IP packets or the sequence of IP Identification Numbers, you can sometimes detect anomalies that suggest spoofing.
For example, if the TTL value is inconsistent with what’s expected from a candidate’s claimed location, or if the IP ID sequence doesn’t match typical behavior, these can be signs of spoofed packets. For more information on detecting TTL anomalies, check out this article.
5. Verifying the Expected Network Path
Here’s another one for the IT pros. Reverse path forwarding (RPF) is a technique that checks whether the data packet arrived on the expected network path. If not, it could indicate the packet’s source address is spoofed. This process is a bit involved and would require a tech expert to uncover, but if you have an IT expert on board, you could take advantage of RPF to detect spoofers.
6. Packet Sender Fails Authentication
Another tip (if you have tech experts on board) is to use cryptographic authentication. Using secure protocols like IPsec or TLS (transfer layer security), which authenticate the sender of network packets, you can help ensure the legitimacy of the candidate’s connection. If a packet fails authentication, it may be spoofed.
2. Non-Tech Methods
Ok, now for some red flags some non-IT pros can use to detect irregularities linked to IP spoofing.
1. Inconsistencies During Screening
Look for discrepancies between a candidate’s claimed location, resume details, and technical indicators, such as their IP address or phone number origin. If it doesn’t feel right, then trust your gut and dig deeper.
2. Interview Anomalies
Be alert for delays, echoing, or unnatural pauses during video or phone interviews, which may indicate the use of relay services or remote assistance. Deepfake filters on faces can also make a person’s mannerisms look abnormal or “off”.
3. Contact Information Verification
Cross-check phone numbers and email addresses for associations with known VOIP services or disposable email providers.
- To screen for disposable email providers, check out clearout.io or kickbox.
- To detect VOIP phone numbers, check out services like clearoutphone.io.
🔥 Hot Tip: Consider implementing multi-factor authentication or requiring candidates to join interviews from a verified corporate platform. An easy way to implement this is to use an ATS that allows multifactor authentication.
Detect IP Spoofing to Avoid Fake Candidates
When your team uses technology solutions to flag suspicious IP addresses, phone numbers, or geolocation changes, you can rule out some fishy candidates who could waste your time. When you can recognize both technical and behavioral red flags of fake candidates, the chances of onboarding a fake candidate will be slim to none.
