This is the tale of an unusual employment vetting experience of an IT contractor who was destined for a public sector organisation with a significant amount of data and information assets under their control, from a past life whilst in my role as Head of Operations and Compliance at a specialist IT recruitment consultancy firm which operated across the UK, Europe and USA.
Given the ongoing wider conversations happening both in and out of the tech community relating to the rise in fake candidates and whispers of such activities being North Korea related, we are re-sharing this information here to raise awareness of things any organisation can look out for during their vetting process.
Here is the low down; Apologies for the terrible formatting.
The IT Recruitment consultancy was approached by a candidate with his CV who suggested that a [named] person at a client organisation had referred him to us for this role specifically (not unusual in itself, we get a lot of referrals but I did not know this detail about this case till this morning, instant red flag on learning this, the named person did in fact did not refer him (I checked), he socially engineered that aspect to get a foot in our door).
A Senior Managing Consultant with more than 15 years IT recruitment experience undertook the initial screening, candidate passed this — was able to answer all questions accurately and with confidence etc. The consultant submitted CV to client. Client reviewed the CV, offered an interview, for the following day/PM.
Important note here that I feel is of relevance, with hindsight anyway: the client had struggled to fill this role for some months — they initially tried to hire for it as a perm role themselves and were not successful, then eventually allocated it to the recruitment consultancy as a contract role, to source a candidate for. They needed it filled to attain their deliverables, hence the much quicker than normal turnaround, interviews are not usually next day, even in our relatively fast paced world.
The client interviewed candidate on a Thursday, a 1 hour video call via Microsoft Teams with(I believe) two client organisation employees conducting the interview. We as the consultancy had scheduled/sent invites for the video call interview. The interview according to both the client and the candidate went well.
On Friday the client made an employment offer, the candidate accepted.
It is at that stage we then begin our vetting processes, which involves collecting information from the candidate such as; Driving Licence, Passport, 3x proof of address documents, NI Number, address history for the last five years, employment references for last five years etc, then basically scrutinising the hell out of it, contacting all references for confirmation of employment, running security checks etc.
I would not let a contractor go on site until I was satisfied all was above board, even if that would cause upset to my commission hungry colleagues.
We contacted the contractor to request the above info to commence vetting. He sent some but not all of the requested information, maybe half the requested documents, and offered his employment references as personal email addresses — a big no no for employment referencing, especially public sector. I want to speak to your prior employer, not your mate.
We pushed back on that as per the above email chain extract, the candidate replies. The above response is a little unusual, and we gave no well wishes? My ears pricked up at that point, spidy senses start tingling and I started reviewing all the stuff to do with that contractor.
We pushed back again.
This response above, also a little unusual, usually a person will just provide the information requested. A resistance to provide the requested info, as requested, when a person wants a job is frankly very weird and unusual. A couple of hours later they get back to us with the below.
On receipt of the above, I look up the domains immediately bc I’m very nosy by nature; who are these people, what do they do, how do they do it. The former has no website, the latter is clearly not a company called 6Degrees. What business that’s employing contractors in this day in age doesn’t have a website?! Nor a LinkedIn page, no public facing marketing materials, nothing, just a Companies House record where the company has been effectively dormant since its registration in 2022, which doesn’t support the concept of it being an active employer.
It occurred to me to look up the DNS record immediately.
The domain had been created and registered 30 minutes earlier, only moments following our insistence of requiring the employer to confirm the employment.
Ok, well then I knew something definitely isn’t as it should be. My Director was in the office, I walked over, show him the above and explain the sitrep, his face winced, we agreed something was up. This time, I went back to the contractor (below). I could be a bit more blunt than some of my colleagues due to my role and responsibilities.
Curious as to what the response could be, I reached out to the reference for most recent employment (below) whilst awaiting confirmation of the other (which never arrived btw, shock)
The reference for this most recent employment replied very swiftly for an out of hours email (response below).
But it also read like, well, like ChatGPT? (which multiple AI detectors strongly suggested to be the case).
I was not satisfied with this response, no where near close, so went back to the reference to request additional clarity (below)
Even more red flags and inconsistencies. He was allegedly an employee for a year 20 minutes ago, but now he is a contractor? Nah, not buying it.
(Internally it was decided at that stage that this contractor was not going on site, collectively these things are a major fail of vetting, raising more concerns the more we saw/don’t get to see).
Still, I opted to continue the charade, for research purposes and some giggles, so went back to the contractor to request his consent to share this info with us to confirm the employment.
And reply to the reference confirming our position
We (unsurprisingly) didn’t hear back from either of them ever again.
The candidate ignored the above emails and our further attempts to communicate to ‘continue the onboarding process’ were tragically unsuccessful, The contractor did not even read the WhatsApp messages despite being very swift and reliable on comms up to the point we showed our hand, he had ghosted us. Coward.
We held a meeting internally to establish how this incident had happened, during which the info about him being a referral/approaching us in the way he did for this specific role came out etc.
The client was informed with full transparency on the matter of our findings and concerns, and accepted our decision to remove the candidate from process, they expressed a lot of gratitude and thanks for our evidently awesome checks.
All just in a days work I guess.
I have redacted on emails etc here, but have not redacted company names since they are in the public domain through companies house records.
Couple of other things that made me go hmm whilst we were actively investigating this; the address on ID didn’t match the proof of address documents. The energy bill for a month at his ‘home’ where he was reportedly a full time remote worker had the following usage, I mean, that is not the energy usage of a home based remote IT worker.
I of course also contacted BNY Mellon seeking to confirm his employment there, they had no record of this person being employed by them as a permanent employee nor as a contractor what so ever let alone for three years, it was a very interesting phone call.
It appeared that this ‘candidates’ entire employment history was fabricated, I didn’t believe based on the information we had that he legitimately worked at any of the places doing the jobs as stated on the CV. I also questioned the authenticity of the documents and ID we were provided (which I have opted not to share as its clearly someone’s ID but I am not sure its the person we were communicating with).
In retrospect looking at the CV now with what we know now it doesn’t read right at all. What do you mean you did ‘higher education in Computer Science’ but don’t mention the place of study or grade? I’ve never seen education presented on a CV like that. Small details.
To find out ways you can take small measures to apply stringent checks to your recruitment and vetting process, contact us today to start a conversation.
