1. Greenhouse Support
  2. All Recruiting topics
  3. Real Talent

Fraud Detection

Permissions: Site Admins, and Job Admins with permission to view fraud reports

Product tier: Available for Plus and Pro subscription tiers

Greenhouse Recruiting has integrated with IPQS, who provides enterprise grade fraud prevention and threat detection. This integration helps bring fraud detection signals to recruiters, so they can reduce the potential for fraud at the top of the hiring funnel and focus on real, qualified candidates.

Using Greenhouse’s fraud detection tools, recruiters can automatically flag suspicious applications, verify candidate authenticity, and reduce the risk of impersonation or spam at scale—all without leaving Greenhouse.

In this article

View fraud reports

Navigate to a candidate’s profile and select the Security screening tab. Then, open the Fraud report dropdown menu.

If a fraud report has been run for the candidate, you’ll see information about any fraud signals detected when the report was generated.

To view more details, click View full report.

resolve_view full report.png

In the full report, you’ll find each signal outlined along with the candidate’s digital profile. The digital profile includes the information used to generate the report.

Candidates with strong fraud signals are marked with an icon next to their name on the candidate profile to indicate they may be potentially fraudulent.

Fraud report signals

Our trusted third-party service analyzes a candidate’s phone number, email address, location, and IP address to identify common patterns associated with fraud.

The report includes three categories of signals:

  • Signals verifying the candidate's identity indicate that the candidate appears authentic. For example, their email address may be more than a year old.

  • High-risk signals suggest a strong correlation to fraudulent activity, such as the IP address being linked to a data center.

  • Weak signals highlight inconsistencies in the candidate’s profile that may warrant further review, such as a mismatch between their timezone and reported location.

Fraud signals are not a definitive assessment of a candidate’s authenticity. Use them alongside your organization’s internal security guidance when making a decision.

Resolving fraud signals

If you follow up with the candidate or review the signals and decide they don’t pose a risk to your organization, you can resolve the signals. Resolving signals removes them from the Security screening tab but does not delete the fraud report.

resolve signals_article.png

Select the reason for resolving the signals. If your reason isn’t listed, select Other.

resolve fraud_article.png

After the signals are resolved, the name of the user who completed the action appears in place of the original signals in the report. This action is also recorded in the candidate’s activity feed.

If the candidate’s circumstances change or the signals were resolved in error, you can restore them.

resolve fraud restore_article.png

Fraud Detection in Application Review

Fraud detection is also available in the application review stage for users with permission to view fraud reports. When reviewing applications in this stage, the fraud report appears alongside other candidate information on the right side of the page.

Candidates whose applications have already been reviewed for fraud appear in application review with a shield icon that indicates their status.

app review_fraud_icon.png

Search and filter by fraud report results

On both job-specific and all-candidate search pages, you can choose to exclude candidates who have strong fraud signals in their report. To do this, check the Exclude potential fraud box in the left-side filtering menu.

The same icon used on the candidate profile identifies candidates who may pose a higher fraud risk. Candidates who have already been rejected are excluded by default.

Configuring fraud detection settings

To set up or manage your settings for all RealTalent features, go to Configure and select Real Talent from the right hand menu. Choose Fraud from the tabbed list at the top.

Choose which offices and departments should have fraud detection.

When fraud detection is enabled, Greenhouse automatically collects a candidate’s IP address for applications submitted through Greenhouse-hosted job boards and embedded job posts. If you’re using the Indeed integration, the candidate’s IP address is provided to Greenhouse by Indeed as part of the application submission. In these cases, the application form is hosted by Greenhouse, so the IP address is sent as part of the standard network request made by the browser. This process does not rely on cookies.

If your organization uses Option 5 from the career page integration examples, which is a fully custom job board that submits applications through the job board API, you’ll need to include the candidate’s IP address in the API request for it to appear in the fraud report.

Permissions

You can add the ability to view and run fraud reports to your existing Job Admin levels. To edit your levels, go to Configure. Select Permissions from the menu, then select See and manage Job Admin levels.

Job admins can be given two levels of permission to access fraud reports:

  • Can view fraud reports: The user is able to see the results of existing fraud reports
  • Can run fraud reports: The user can run new fraud reports

By default, Site Admins can both see and view fraud reports for all candidates.