Side note to the remote founders/employers out there:
Have you been plagued by applicant fraud? We've found for all of our remote engineering roles, we get 100's of amazing applicants who are all fake (clearly not actually in the US) once you get them on a screening call. They're often reading from a script, broken english, and say strange things like they're born and raised in Texas, yet can't speak fluent English or have a heavy accent.
My best guess is it's dev shops overseas who are using an English-speaking "front" person who then delegates the work to other people with the "front" person being the one who joins company meetings, etc.
Really frustrating because it's making us have to do silly things like require photo ID verification over video on the first screening call (which I would rather not inconvenience applicants with, but there are just SO many candidates lying about residing in the US).
With our most recent role, about 60-70% of applicants were fake ("fake" = candidates who lie about living/residing in the US)
Yes! We catch them in the screening stage, but it's scarily common. I thought we were being targeted at first until I talked to other people with the same problem.
I've also heard of situations where one person is hired to do the job, but then after a while their work changes for the worse. They start "forgetting" things you've talked about recently, or they'll "forget" how the code they submitted an hour ago works.
They're either a front person for a dev shop, or they're trying to outsource their work. They don't care about doing a great job because they know most companies will take a long time to fire people. If the company PIPs them, they might suddenly become a great performer again until the heat dies down, then it's back to the same game.
Before the "if they're getting their work done, why does it matter?" comments: Having someone take our codebase and send it to random contractors is a huge security breach. Even ignoring that, these people aren't selecting world-class developers to outsource their work. They're outsourcing as cheaply as possible so they can pay as little as possible. It's never an okay deal for the company.
(Original commenter here) our company has been victim of overemployment with 2 employees (the worst offender found us via Who's Hiring on HN - he had 3 full-time W-2 jobs).
Having been fooled by 2 "overemployed" people (on a team of 20), these fake candidates are distinct in that they're almost always have an unexplained heavy accent yet they say they're born and raised in the US. They also often have Zoom backgrounds that are just... odd (the room will often look like it has shelving and boxes or whatever that don't look like something you would see in the US).
It's difficult because no single data point is enough to prove they're fake, but when you add all the warning signs together, it's pretty obvious.
In my experience, /r/overemployed people are a lot better at blending in with regular candidates.
Re: overemployment, the best counter-offense I've found is to require LinkedIn profiles and to require background checks that include employment verification. Most "overemployed" people are smart enough to not have a LinkedIn profile. This has a side effect of excluding applicants without a LinkedIn, but it's a tradeoff.
I have been on the other side, people wanting to hire me to be the front-door either take interviews or the front-door with customers, the last time I was offered $xx/h + 20% from each project's revenue.
It's a real problem which makes it harder for people like me that are legitimately working remotely. This has existed for a long time but it wasn't as popular because remote working was unpopular before the pandemic.
> Really frustrating because it's making us have to do silly things like require photo ID verification over video on the first screening call
Unfortunately, this wouldn't solve it, a person can join the calls and get someone else to do the work.
Same here - I was recently offered an "interview support" job by one of these body shops in a far away Asian country, which I immediately rejected. The role would've been to help candidates pass interviews using tricks (cheats, really) like the ones that've been brought up in other discussions before.
If you're good enough to pass a senior dev interview, you're probably also capable enough to create some kind of SaaS tool/plugin for applicant tracking systems (or directly in Zoom?) to help employers identify fake/real candidates.
You have potential to make a lot more money catching these bad actors rather than enabling them.
Someone wrote about this in a previous discussion. The grift is to bilk you until you realize the charade. Even one American paycheck is golden in the developing world.
Think logically about it, of course this will happen. The labor market for office jobs is completely broken to the point that many or most companies have no control of whether their employees are doing anything productive. Corporate work is mostly a charade and a wealth distribution scheme, also when it comes to software engineering - as evident by the many single individuals shipping software with better quality than huge corps employing thousands.
The hope of these fake candidates is that they can sneak in and get a few good paychecks from a corrupt and disorderly employer. And it costs then almost nothing to try.
i did some contracting for a place that i think hired one of these guys.
in his case i think he more or less knew what he was doing, and showed up on calls, but delegated the work to some other people.
we’d hear people in the background of his audio discussing things really oddly similar to tasks he’d been assigned and had outstanding. he was putting in (bad) PRs at all hours of day and night, and never had any recollection of any email, slack conversation, or his own PRs.
At the same time it makes it shitty for regular folks working remote and like a normal person having bad periods from time to time. There will be way less understanding towards... You are trying to do the right thing, but the dial if turned too tight might blend wrong people.
Accent aside (if they can't be understood at all they're obviously not qualified):
What's the difference between a foreigner with an accent in your onsite team VS a foreigner that's remote in US timezones (LatAm)? Why just open the job for US-remote?
Compliance? Deel/Remote can help you with that.
Security? It applies if you're working on defense software, but other than that...?
> What's the difference between a foreigner with an accent in your onsite team VS a foreigner that's remote in US timezones (LatAm)?
If I give someone in the US access to my code, systems, and, inevitably, customer data then I have a lot of legal recourse against that person if they do something bad. They have a lot of incentive to be careful and follow the rules. Their desire to maintain their reputation and avoid legal liability aligns our interests.
If I hire someone in the US and they hand everything over to a random person in a foreign country who doesn't care in the slightest about US laws, then they don't care about anything other than keeping those paychecks coming for a while. They don't care about anything, especially once those paychecks stop coming. It's even more complicated because the company isn't the one sending the paychecks, it's the person you hired. If that person has a falling out with their outsourced counterpart and the outsourced counterpart decides to take revenge on the company as leverage over their front-person, it gets bad.
> Security? It applies if you're working on defense software, but other than that...?
Are you suggesting that security only matters to defense software? You've never worked on a project that involves customer data? You've never worked on proprietary software that your competitors would love to have?
Do you not get annoyed when companies leak your personal data?
> they don't care about anything other than keeping those paychecks coming for a while
Don't forget this is all employment really is. Any employee-employer relationship boils down to this regardless of what you have deluded yourself into believing.
Yes, I do my work for money, and would not do it if they don't pay me, but it's definitely not just money. I like my team, have personal friends among them, and find pleasure and realization in doing a good job.
Hi. Question: I'm an engineer living outside the US. If I were to establish a consultancy company in the US and offer my services through it, would that fulfill the legal and security concerns?
Run a background check, sign confidentiality and DP agreements and hire someone who sells you trust. Again, something you would do in any given modality of work.
this sounds good on paper but how effective - really - are background checks outside the developed world? Even inside the developed world, language becomes a big stumbling block.
That's not inevitable (for programmers, at least). Post-GDPR European developers generally keep well away from customer data, and it isn't a big impediment.
If you can imagine the difference between hiring one single developer to work on your application vs. hiring dozens of different developers each to handle some small part of it...and it's still worse than that.
Typically the person "hired" is the senior and the person doing the work is _extremely_ green.
Oh yeah, if you're talking about dev shops, don't hire dev shops (the "hired" VS extremely green person phenomenon you're talking about happens in these kinds of companies because their incentive is to sell hours/men, instead of actual value).
Do your diligence, and your technical/communication/leadership interviews to make sure you're hiring the right person.
And if it doesn't work out after 2-3 months, fire the person. It happens in all formats of work whether it's remote, hybrid, or onsite.
> It happens in all formats of work whether it's remote, hybrid, or onsite.
You're not wrong, but it's missing the point.
It's so much harder and riskier to do this onsite that it's not very common. Why anyone would try to do this onsite instead of getting a remote job to do it is beyond me.
With remote, a group of people can defraud multiple companies at the same time this way. They can do it all remotely, which means they can do it without stepping into the legal jurisdiction of the company.
Remote opens the doors to so much more fraud. There is almost no comparison between someone doing this on-site and someone from a foreign country scamming companies as their job.
Your objection is valid, and I'm sure someone at these international payroll companies would be able to answer it much better than I can. Regardless, the benefits are much larger.
The happy path between local vs foreign often looks the same. That's not the problem for anybody.
The edge cases are common and often legally ambiguous. When things go wrong, it can be extremely hard for a company to resolve the situation when it crosses boarders. Heck, even just operating in a different state can open a company up to legal issues.
Once you start opening up to different legal jurisdictions, you basically have to run company policy in a way that accounts for the worst situations across all jurisdictions.
Some things that I'm aware of:
* Import/Export law for software. It may seem mundane, but having any encryption can cause significant scrutiny.
* Import/Export law for hardware (like getting a company laptop to an employee)
* Ability to track/down or recover lost/stolen hardware
* Variations in labor laws.
* Variations in copyright/IP protection laws.
* Variations in digital hacking/data integrity laws.
* Government level data monitoring/tracking
* Local data protection laws that you might not be subject to without a local employee.
* Scrutiny from your customers about foreign workers.
* Accidental sanctions violations.
* Potential for customer data to leave legal boundaries via a foreign employee.
- IP protection - some countries make it super hard if someone breaks the NDA and steals their employer's IP. At least in the US, the employer can go after the IP thieves as a last recourse.
- Secure devices - lot of companies give laptops which come with all sorts of tracking software (eg. to force security updates). It is hard to ship laptops all over the world due to customs requirements.
You do not want the Treasury Department knocking on your door to ask you why you're sending money to a North Korean front company in exchange for slave labor.
Work with one of the 20 countries that the USA has a FTA with. From what I understand (I'm not a lawyer), these agreements have a chapter dedicated to cross border trade in services which includes dispute resolution.
curious, so if you see some devs from those countries applying for your jobs, are you relating them to the news and automatically rejects them based on those countires?
As a non US citizen this has always confused me. Does this mean that to get the job I need to be authorised to work in the US? Or that I will need to be authorised once I get the job?
Can I apply in hopes of moving to the US? Or in which situation would a non citizen be authorised to work?
> An employer has no legal obligation to commence an immigration case. ... The employer may lawfully reject the job applicant because, if hired, that individual will ask the employer to take steps before the federal government to obtain authorization to employ him (an employment-based immigration case).
In other words, if you are not currently legally authorized to work in the US, the employer has no obligation to sponsor you for work authorization, and can simply reject you.
> This situation differs from one in which a job applicant has temporary work authorization that is independent of the employer and the applicant does not ask the employer to take on the legal obligation of an immigration case in order to employ him. The employer should not reject the job applicant simply because he has temporary work authorization.
On the other hand, a non-citizen with a green card, EAD, etc. is protected, and refusing to hire because of those documents is illegal.
Y'all always forget Canada exists :) I worked with a US company in Houston for 11 years, and we had other people located outside the US on the dev teams as well. Cultural match is more important than strict geo imho.
Bit of a tangent but Canadians should be ticking "Yes" for "are you authorized to work in the US?" because acquiring TN status does not require sponsorship from the employer; the TN is explicitly non-immigrant intent. If a company prefers to hire an American over a Canadian, that's discrimination on the basis of citizenship, which is illegal.
I don't know about residency, but we get tons of applicants that know nothing about what's on their resume. If you get them into an interview they try to talk around your questions in generalities. There are also a few "job parking" companies that we've identified. I'm convinced that these companies aren't real (their websites are generic fluff and the applicants that we've talked to don't know anything.) If anyone has those companies listed on their resume it's straight to trash with them. Hiring is not easy.
BlueWillow.ai - the developer claims to have been a full time employee since 2021, but the company doesn't appear in marketing databases until March 2023, and the LinkedIn page has posts but nothing earlier than March.
On the phone with the candidate, his ID "was at his brother's house". He also joined the call with the name "Senior Dev" rather than a real name. I asked him why he used a pseudonym, and he mumbled something I couldn't understand.
I politely said thanks for your time, but it's not a good fit.
Again it’s a trade off. The same risks with remote existed in offshoring also. Nothing new. You got to have a solid contract and good project management and work with reputed companies. But sometimes it will just make more sense to not do remote remote hiring. One size do not fit all.
And yet I get flat out rejected without a phone screen after 300 applications. What is even going on?
I was under the impression that every job posting right now is instantly buried with a glut of top quality candidates, and that you simply pick your favorite, lowball them and you're done.
We ran into the same thing with our new recruiting tool, discovered hundreds of fake applicants for the first remote engineering job we posted. We initially noticed that a large number of job applicants were using ChatGPT responses with our virtual recruiter, and showing drastically different scoring from non-fake candidates.
We started scheduling video chats with the candidates clearly using ChatGPT with our virtual recruiter, and they all got on the call and began reading scripts, and could not answer more unique phone screen questions like: What engineering principle is important to you?
It’s the most frustrating thing, taking up so much of our time and taking time away from strong engineers who deserve our time.
We’re testing a solution for this to keep our own product operating fast and delivering amazing candidates.
We’re also keeping a list of red flags:
- LinkedIn profile was created in the last year
- GitHub link has a generic identity, 0-2 followers, very little activity
- Candidate will say yes to a phone screen immediately, literally right now
- Or candidate will ask if the meeting is a technical screen
- Candidate will go quiet if you ask them if they are available to fly to HQ to meet the team for their final interview
- Job history includes large, non-tech enterprises where employment would be hard to confirm; think CVS, The Home Depot, Best Buy, etc
- LinkedIn About Statement is written in the third person
- LinkedIn profile uses generic language like “cutting edge technologies”
- Profile photos may be avatars, or look like stock photos
None of these things individually can indicate a fake applicant, but taken all together with language used with our virtual recruiter we’ve gotten good at identifying the fakes. We’re still doing a lot of tests to prevent discrimination on our part.
If anyone wants to chat, my CoFounder and I have become obsessed with solving this.
It also seems like you have to be wary of the tax consequences here. Who do you pay on the payroll? If it's a US Citizen in America it's one thing, but if it's anything else, then you may tax issues.
These people have a US-based front person, or at least a stolen identity. The stolen identify is particularly bad because the tax consequences are attached to the stolen identity.
If someone tried to claim they were from the US but didn't have any tax ID and we needed to send their paychecks to an obscure address in Europe for reasons, that wouldn't work at all.
Hey,
what do you think - how can we "repair" this process? I mean, what would be a perfect solution to not require photo ID verification video and get rid of scammers?
I'm pretty sure it's an EEO violation to request ID or a photo before hiring.
"Similarly, employers should not ask for a photograph of an applicant. If needed for identification purposes, a photograph may be obtained after an offer of employment is made and accepted."
This does not seem relevant when you're already on a video call. The prohibition on requesting photographs is to prevent otherwise unknown information about their race/gender/etc.
You need to win a judgement in civil court first and try to collect on it before you can attach a lien to someone’s house in almost any jurisdiction in the US.
Not hard? Not easy to prove fraud. Is it fraud to have multiple jobs? Did your employment contract specifically restrict moonlighting? Is it even legal to restrict moonlighting in that state? Plus, even if all the moons align and you go through all that effort and money and possibly win. They declare bankruptcy and protect their homestead from your claim. You lose even more money and most importantly your time. Far from easy.
I was wondering the same thing as an infrastructure engineer making Canadian peanuts compared to my friends who moved to the US.
I guess it’s mostly my own fault for being nervous about switching jobs, but hearing them accidentally hiring obvious frauds makes me think it’s not as daunting as I feel.
Idk if this is an actual signal of anything, at least with mexican-american people I noticed they still have a unique accent. First gen americans can live in ethnic bubbles, and not speak english primarily, especially if their parents didnt put in any effort to speak english.
For me, it's the way I say "house". I watched the show House three times all the way through before I realized I say it differently than they say it in the show.
Have you been plagued by applicant fraud? We've found for all of our remote engineering roles, we get 100's of amazing applicants who are all fake (clearly not actually in the US) once you get them on a screening call. They're often reading from a script, broken english, and say strange things like they're born and raised in Texas, yet can't speak fluent English or have a heavy accent.
My best guess is it's dev shops overseas who are using an English-speaking "front" person who then delegates the work to other people with the "front" person being the one who joins company meetings, etc.
Really frustrating because it's making us have to do silly things like require photo ID verification over video on the first screening call (which I would rather not inconvenience applicants with, but there are just SO many candidates lying about residing in the US).
With our most recent role, about 60-70% of applicants were fake ("fake" = candidates who lie about living/residing in the US)