The Person on the Other End of the Call Might Not Be Real. HR Needs to Act Like It.

By5dscreening
The Person on the Other End of the Call Might Not Be Real

Thought Leadership  ·  Enterprise Security  ·  People Operations

The Person on the Other End of the Call
Might Not Be Real.
HR Needs to Act Like It.

Deepfakes just claimed the top spot on Gartner’s enterprise threat chart. For HR leaders, this isn’t a security team problem, it’s yours too.

June 2026 · 8 min read · Based on Gartner Security & Risk Summit 2026

Gartner released its 2026–2027 ThreatScape this month, and for the first time, deepfakes sit at the very top, ahead of software supply chain risk, prompt injection, and AI application compromise. Not because the threat is new, but because the economics of deception have fundamentally changed.

A synthetic voice or face-swapped video that once required studio resources and specialist skill now takes minutes on commodity hardware. The attacker’s cost of execution has collapsed faster than the defender’s ability to detect. That asymmetry is precisely what earns deepfakes the “critical zone” designation on Gartner’s six-zone grid.

But here’s what most security-focused coverage misses: the most exposed front door in your organisation isn’t your firewall. It’s your hiring process, your video calls, and your onboarding workflows. That makes this an HR problem just as much as a CISO problem.

62% of cybersecurity leaders experienced a deepfake attack in the past 12 months
31% of hiring managers interviewed a candidate later revealed to be using a fake identity
1 in 4 candidate profiles worldwide projected to be fake by 2028 Gartner

The Numbers HR Leaders Need to See

Gartner’s survey of 302 cybersecurity leaders found that 62% had experienced a deepfake attack in the prior 12 months the majority involving social engineering or automated verification. Audio call incidents were reported by 43% of respondents; video call incidents by 37%. These aren’t edge cases. They are now the baseline operating environment.

The recruitment channel is particularly exposed. According to Checkr’s survey of 3,000 hiring managers, 31% had interviewed a candidate later revealed to be using a fake identity, and 35% reported that someone other than the listed applicant had participated in a virtual interview. A separate study found that 62% of hiring professionals now believe job seekers are better at faking with AI than recruiters are at detecting it.

Gartner has also projected that by 2028, one in four candidate profiles worldwide could be fake, a figure that sits uncomfortably alongside the FBI Cyber Division’s May 2025 advisory highlighting financial services firms that had unwittingly hired individuals using entirely fabricated identities, supported by deepfake interviews.

“Attacker use of deepfakes continues to advance and is now commonplace to make fraud and phishing scams difficult to detect. There is no one cybersecurity control that will protect you.”

John Watts, VP Analyst, Gartner  ·  Security & Risk Management Summit 2026

Why HR Is on the Front Line

Gartner is clear that deepfakes don’t just enable direct attacks, they power the adjacent threats on the chart too. Identity abuse, customer account takeover, and AI application compromise all share a common mechanism in practice: a convincing cloned voice or synthetic face that fools someone during a routine interaction.

For security teams, that “someone” is often a help desk operator or an IT administrator. For HR, it’s a recruiter, a hiring manager, or an onboarding coordinator. The specific risks HR functions now face include:

  • Synthetic Candidate Fraud Fabricated identities complete with AI-generated LinkedIn profiles, polished résumés, and real-time face-swapped video are appearing in live interview workflows. In some cases, the person who passes the technical assessment and the person who shows up to work are not the same individual.
  • Executive Impersonation A phone call, WhatsApp message, or video meeting request from a senior leader once carried a reasonable assumption of authenticity. Voice cloning of executives is now being used to authorise payroll changes, direct wire transfers, and extract employee personal data.
  • Recruiter Impersonation Scammers posing as HR professionals approach candidates to collect personal information under the guise of pre-employment verification. The resulting damage is reputational as well as legal.
  • Proxy Hiring & Ghost Employees Remote-first hiring has created conditions where the verified person and the working person are routinely different individuals whether through deliberate account sharing or organised fraud at scale.

The Defense Is a Stack, Not a Tool

Gartner’s position is unambiguous: “There is no one cybersecurity control that will protect you.” This is true in IT security. It is equally true in HR. The instinct to buy a single verification tool and declare the problem solved is exactly the gap attackers are exploiting. What works is a layered workflow, built in order:

1
Identity Verification

Before anything else, confirm that a real, authorised human or a known verified agent is on the other end. For recruitment, this means moving beyond document upload toward liveness detection and contextual signals that can’t be replicated in real time by a face-swap filter.

2
Provenance

Where content arrives with a verifiable origin a watermark, a content credential, a digital signature, check it. This applies to candidate portfolios, video introductions, AI-generated work samples, and reference call recordings.

3
Detection

For everything that arrives without provenance, apply synthetic media detection in real time where possible, and as a review step where not. Detection technology is imperfect but operating without it means relying entirely on human judgment in an environment designed to defeat it.

4
Interpretation

A detection flag is not a verdict. A human reads the result in context, applies policy, and determines the appropriate response. This is also where organisational learning happens what patterns are emerging, and what do they tell you about evolving your standards?

5
Action

Operationalise the outcome. Remove a fraudulent candidate from the process. Keep the audit trail. File to take synthetic content down. Document what happened and feed it back into your detection and policy frameworks.

The first three layers answer the question: can this voice, face, or file be trusted? The last two determine what you actually do once you have that answer.

What HR Leadership Should Do Now

The organisations managing this well are not waiting for security teams to hand them a solution. They are building the organisational muscle themselves.

  • Make identity verification standard in remote hiring not an add-on for edge cases. The baseline assumption that a video call participant is who they say they are is no longer operationally safe.
  • Train hiring managers and recruiters on detection not to make them forensic analysts, but to make them appropriately sceptical. Teach them what real-time face-swapping looks like and how to escalate without creating friction for legitimate candidates.
  • Review onboarding workflows for verification gaps. The period between offer acceptance and system access provisioning is a critical window. Identity confirmed at interview should be re-confirmed at onboarding.
  • Coordinate with your CISO. Deepfake risk sits at the intersection of people operations and information security. HR leaders not in active conversation with their security function are operating with an incomplete picture.
  • Build policy before you need it. What is your procedure when a hiring manager reports a suspected synthetic candidate? Who owns the decision? What is the audit trail? These questions are much easier to answer before an incident than during one.

The Broader Shift

What Gartner’s ThreatScape reflects is something deeper than a list of new attack types. It reflects a structural change in who controls the advantage in human-facing interactions.

For most of recent history, the burden of fraud was on the attacker, to be convincing enough, skilled enough, and lucky enough to fool someone. The defender could rely on the accumulated weight of human intuition: something feels off about this call, this email, this candidate.

Generative AI has inverted that. The synthetic content is now often more polished, more consistent, and more persuasive than the real thing. The burden has shifted to the defender to actively verify what they once assumed.

HR functions have always sat at the boundary between the organisation and the outside world. That boundary is now a primary attack surface. The leaders who recognise this early and build the verification habits, workflows, and cross-functional relationships to manage it will be the ones who protect their organisations from a threat that is, as Gartner confirms, no longer theoretical.

“The person on the other end of the call might not be real.”

Act accordingly. Setting up layered verification and operationalising trust data is how you keep the top deepfake threat at bay and how HR becomes a strategic security partner, not a vulnerability.

Sources

Gartner Security & Risk Management Summit 2026  ·  Gartner ThreatScape 2026–2027 (John Watts, VP Analyst)  ·  Checkr Hiring Manager Survey 2025 (n=3,000)  ·  FBI Cyber Division Advisory, May 2025  ·  AMS Inform: Synthetic Identity Fraud in Hiring, Feb 2026  ·  People Management: Deepfakes in Recruitment, Jan 2026  ·  Citi Institute Deepfake Projection 2025

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *