Blog

A recruiter's guide to fraud signals in CVs

Four fraud signals every recruiter can check in a CV. PDF metadata, online presence, over-tailored applications, and fabricated experience. Practical checklist inside.

Fraudulent CVs share four detectable patterns, with PDF metadata that contradicts the candidate's story, an online presence that is thin or mismatched, a CV that mirrors your job ad word for word, and experience claims that do not hold up to basic checks. This guide walks through each signal, how to check it manually, and where automated detection fits in.

Why this matters now

Writing a convincing CV used to take effort. Now it takes a prompt. AI tools can generate a polished, perfectly targeted application in seconds, and some applicants are not who they claim to be at all, such as agencies submitting invented profiles, candidates outsourcing their identity, or coordinated fake applicants applying at scale. If you hire remotely, you will see this. The good news is that fraud leaves traces. You just need to know where to look.

Signal 1, PDF metadata inconsistencies

Every PDF carries metadata about who created it, with what tool, and when. Most recruiters never open it. Fraudsters count on that.

What to check.

  • Author name. Does the document author match the candidate's name? A CV for "Anna Weber" authored by a different person, or by a CV-writing service, deserves a second look.
  • Creation date. A CV supposedly refined over a career that was created ten minutes before submission is not proof of fraud, but combined with other signals it matters.
  • Creation tool. Bulk-generation tools and template farms leave fingerprints. One-off oddities are fine. The same tool signature across many applicants for one role is not.

One inconsistency alone is weak evidence. People borrow laptops and use CV builders. Look for clusters.

Signal 2, thin or mismatched online presence

A genuine senior candidate almost always leaves a trail, such as a professional profile, conference mentions, code contributions, a company page that lists them. Fabricated candidates usually do not, or the trail contradicts the CV.

What to check.

  • Does the profile exist at all? No professional footprint for someone claiming eight years in the industry is a signal.
  • Does it match? Compare job titles, companies, and dates against the CV. Small wording differences are normal. Different employers or missing years are not.
  • Is it hollow? A profile created last month, with no connections, no activity, and a stock-photo headshot, is a classic fake-applicant pattern.
  • For technical roles, does the work exist? Empty repositories, forked projects presented as original work, or contribution history that starts the week they applied.

Be fair here. Some excellent candidates keep a low profile online. Treat absence as a prompt to verify, not a verdict.

Signal 3, the over-tailored CV

Tailoring a CV to a role is smart. Mirroring the job ad is a signal. When a CV repeats your requirements verbatim, in order, with your exact phrasing, the candidate (or their tool) optimized for your parser, not for the truth.

What to check.

  • Verbatim echoes. Put the CV next to your job ad. Whole phrases lifted directly, especially niche ones, suggest reverse-engineering.
  • Keyword stuffing. Skill lists that include every technology in your ad, including ones that rarely coexist in one career.
  • Convenient completeness. Every single requirement met, every nice-to-have covered, nothing missing. Real careers have gaps. Perfect matches deserve more scrutiny, not less.

The tell is not tailoring itself. It is a CV that reads like your job ad wrote it.

Signal 4, fabricated experience patterns

Invented experience tends to follow patterns, because it is easier to fabricate vagueness than detail.

What to check.

  • Unverifiable employers. Companies with no website, no registration, no other employees findable anywhere.
  • Vague achievements. "Led key initiatives that drove significant growth" across every role, with no numbers, no product names, no specifics you could ask about in an interview.
  • Timeline arithmetic. Overlapping full-time roles, degrees that do not fit the dates, or seniority that arrives implausibly fast.
  • Interview mismatch. The fastest check of all is to ask one specific question about a claimed project. Fabricated experience collapses under detail.

The checklist

Before you shortlist a candidate you have doubts about, run this.

  • Open the PDF metadata. Check author, creation date, and creation tool.
  • Find their professional profile. Compare titles, companies, and dates against the CV.
  • For technical roles, check the work, including real repositories, real contributions, real history.
  • Put the CV next to your job ad. Flag verbatim phrases and too-perfect matches.
  • Verify at least one employer independently.
  • Prepare one detail question per claimed achievement for the first call.

Ten minutes per suspicious candidate. Worth every one of them.

Where automation fits

Doing this for five candidates is diligence. Doing it for 250 applications is a full-time job, which is why most teams simply skip it, and why fraud works.

This is a problem software should carry. 10xTable runs fraud and fake-applicant detection automatically across every application. Metadata checks, online presence verification, and tailoring analysis happen in the background, and suspicious candidates are flagged before you spend a minute on them. Every flag comes with the evidence behind it, so you can click through and judge for yourself rather than trust a black box.

Your job stays the same. Hire great people. The difference is you stop paying a time tax to catch the fake ones.

Screening applications by hand? See how teams screen 250 applications in about an hour, with fraud detection built in. Source candidates free or Book a demo.

Related articles