Lately, I've been hearing from more and more security-minded folks in recruiting—particularly people worried about a spike in potentially fraudulent job applications. They might get a lot of ghost candidates or applications from suspicious IP addresses. Or, their organization might not hire remote candidates from specific countries due to regulatory risks, trade embargoes, or security reasons.
But if you're hiring remotely, it's not always easy to tell what's real. And with the number of applications we get at Zapier, it's just not realistic to comb through IPs and phone numbers manually. Automating the process is our only way to filter out fraudulent candidates ahead of the interview stage.
So, I built a Zapier-powered system that helps automate part of our fraud detection process. It's lightweight, scalable, and gives our recruiting team more confidence when reviewing candidates. Here's how it works and how you can set up something similar.
Zapier is the most connected AI orchestration platform—integrating with thousands of apps from partners like Google, Salesforce, and Microsoft. Use interfaces, data tables, and logic to build secure, automated, AI-powered systems for your business-critical workflows across your organization's technology stack. Learn more.
Skip ahead
Overview: How we detect fraud signals early, automatically
Hitting the "Recruiter Screen" stage is often the first moment a candidate is under serious review. It's also the perfect point to check for inconsistencies or red flags—before anyone spends time on an interview that never should've happened.
This matters because remote recruiting has created opportunities for candidates to misrepresent their identity, location, or work eligibility to slip through hiring processes. Some are simply trying to secure work from countries where we can't legally hire, while others have more serious intentions—like outsourcing the job after being hired or accessing internal systems fraudulently.
To catch these cases early, my automated system uses a series of steps to pull in all the risk factors our team uses to verify a candidate's identity, like:
Location mismatch: Does the IP or phone number location differ from what the candidate reported? If so, that's a red flag that the candidate is hiding something from us.
Restricted countries: Is the IP address coming from a country we legally can't hire from?
Internet-based phone numbers: Is the number a virtual one like Google Voice or Skype?
VPN detection: Is the candidate using a VPN that could be masking their actual location?
Bot or automation activity: Does the candidate's activity match patterns typical of bots or automated scripts?
Abuse history: Is there any recent abuse (like spamming, fraudulent behavior, or other malicious actions) tied to the applicant's IP address?
From there, the automation alerts the recruiter (and our ops team) of any risks in real time, then logs the results in our recruiting software for tracking and compliance. Here's an overview of what our system looks like:
How to automate fraud detection in your recruiting process
Want to create your own version? We've created a template for you to make it easy to get started. Click on the button below, then customize the template to match your specific needs.
Automatically detect suspicious applicants using IP and phone verification to protect your recruiting process.
To start your Zap (Zapier's word for automated workflows), you'll need to choose a trigger—like when a candidate moves to a specific stage in your recruiting tool. Even if your app doesn't integrate natively with Zapier or the exact trigger events you need, you can still use a webhook to pull in the candidate information you need and kick off the automation, which is what we've done in our workflow.
Depending on your tools and team workflows, you may need to add filters to limit or specify how the Zap runs. For example, you might add a step that checks the candidate information against records in your applicant database to see if they've already been vetted, like if they applied for a previous position or accidentally submitted multiple applications. Either way, a filter step can ensure the Zap only continues if no match is found.
From there, you can use webhook steps to run the applicant's information through a few fraud detection services:
IP-API to get the geolocation of their IP address
Veriphone to check the validity and type of their phone number (using a VOIP like Google Voice is usually a red flag)
IPQualityScore to check whether the candidate was using a VPN to mask their location
Now it's time to assign the applicant a risk level rating based on all the information the Zap has pulled in so far. My Zap uses a JavaScript command in a Code by Zapier step to compare the IP address to their stated location, what kind of phone number they provided, and whether they were using a VPN or Tor network. It marks a candidate as one of three risk factors:
No Risk: Everything matches or is well within reason.
Moderate Risk: One issue pops up (like a Google Voice number or a VPN), but it's explainable and not necessarily disqualifying.
High Risk: Multiple issues show up together, or there's a dealbreaker like an IP from a restricted country.
Finally, you can use conditional logic to take different actions based on the applicant's risk level. For example, if a candidate is flagged as Moderate or High Risk in my Zap, the assigned recruiter (and our Talent Ops team) get a Slack message with the candidate's name, risk level, and a summary of the red flags.
Your message might be something like:
Fraud Check Alert for Jane Doe: Moderate Risk — IP location mismatch and Google Voice number detected. Please review before proceeding.
A summary of the findings is also logged directly to the candidate's profile in Ashby for future reference.
If no risk is found, the Zap just logs a quick "all clear" note in our recruiting tool and quietly moves on.
Try automating fraud detection for yourself
This automation gives our team peace of mind while saving us time. Our recruiters can focus on qualified candidates while still keeping fraud detection baked into the process. It also adds a layer of accountability and documentation, which helps with compliance and internal auditing down the line.
And the best part is that once it's set up, it runs quietly in the background. No chasing down data, no clunky handoffs—just a clear signal when something's off.
If you're hiring remotely and want to add some lightweight fraud detection to your workflow, this kind of Zap is a great starting point. You can tailor it to your risk tolerance, your tech stack, and your team's review process. Start simple: pick one or two signals to track, then build from there.
Automatically detect suspicious applicants using IP and phone verification to protect your recruiting process.
