Well-funded hackers, many from North Korea, submit hundreds of resumes and pose as candidates to infiltrate your intellectual property.
They use fake identities, deepfake interviews over Zoom, VPNs, and virtual machines to bypass traditional screening.
One successful attack exposes code and customer data. At the very least it wastes your recruiter time and budget in the process.
| Feature | Applicant Check Device ID | Traditional Screening |
|---|---|---|
| Covers every browser & OS (96 % accuracy) | ✓ | Relies on IP / email only |
| Detects VMs, VPNs, and headless browsers | ✓ | Usually ignored |
| Privacy-friendly (non-sensitive signals) | ✓ | Often stores PII or cookies |
| Real-time API / webhook for ATS | ✓ | Manual log review |
"cside helped our insider risk program prevent infiltration before it happened. Helping security and recruiting teams focus on what really matters."
FAQ
Frequently Asked Questions
Fraudulent applicants use sophisticated methods including VPNs to fake locations, stolen identities that pass background checks, scripted LLM responses during interviews, rotating proxy servers to avoid detection, and even deepfake technology to manipulate video calls.
Device fingerprinting analyzes over 30 technical signals from each applicant's browser and device - including WebGL rendering, canvas fingerprints, installed fonts, CPU specifications, and timezone data - to detect patterns of fraudulent activity.
Our system detects VMs through telltale signs like 1-core/1GB RAM configurations, 'llvmpipe' WebGL renderers, and limited font installations. For VPNs, we perform reverse DNS lookups to identify cloud providers and VPN services, while checking for timezone/location mismatches.
These organizations are prime targets for state-sponsored actors due to their valuable intellectual property, source code, cloud infrastructure keys, and sensitive data access. Remote-first hiring practices and high-value positions make them especially attractive targets.
