What tools are available to help identify fraudulent applications in our pipeline?

there are a couple of routes you can take in ashby to help surface fraudulent applications this information can be correlated with other threat intelligence information in your company's siem systems more on ashby's candidate fraud detection option can be found at docid\ xveiv6cjcfywty7538spl manually review linkedin profile urls it can help to manually check whether the linkedin profile url provided in the application leads to a real profile while not completely fail safe, this can help with spotting red flags early on in the review process use the candidate listclientinfo endpoint to review ip data you can call our https //developers ashbyhq com/reference/candidatelistclientinfo endpoint and review the data within the response this can help you to identify a large number of applications from the same ip address unusual ip locations inconsistent with your job’s target regions building an integration between ashby and threat intelligence tools using ashby’s apis you can build custom integrations between ashby and third party threat intelligence services like grey noise or spur to identify potentially suspicious application activity this requires custom development using our apis but can provide valuable security insights for teams with the ability to do so below you can find an example setup example integration set up a webhook listener configure ashby webhooks (e g on applicationsubmit or interviewschedulecreate ) to notify your integration when new applications are received or interviews are scheduled retrieve candidate ip data when your webhook is triggered, use the candidate listclientinfo endpoint to retrieve the ip address and user agent information post https //api ashbyhq com/candidate listclientinfo `{` `"candidateid" "\[id from webhook payload]"` `}` fetch candidate details use the candidate info endpoint to get email, phone, and location information post https //api ashbyhq com/candidate info { "candidateid" "\[id from webhook payload]" } check against threat intelligence send the ip address to a service like grey noise or spur get https //api greynoise io/v2/noise/context/\[ip address] get https //api spur us/v2/context/\[ip address] process the results analyze the threat intelligence response for risk indicators is the ip associated with malicious activity? is the candidate using a vpn from an unexpected country? does their claimed location match their ip location? are they using anonymizing services? take appropriate action based on the risk assessment, some options could include post https //api ashbyhq com/candidate createnote { "candidateid" "\[id]", "note" "security alert ip shows high risk indicators grey noise score 85/100", "sendnotifications" true } move suspicious applications to a special review stage post https //api ashbyhq com/application change stage { "applicationid" "\[application id]", "interviewstageid" "\[security review stage id]" } tag candidates for internal tracking post https //api ashbyhq com/candidate addtag { "candidateid" "\[id]", "tagid" "\[security review tag id]" } implementation example a basic workflow might look like this create a serverless function (aws lambda, azure functions, etc ) that receives ashby webhooks when a new application is submitted, the function retrieves the candidate's ip and personal information from ashby checks the ip against grey noise or spur if suspicious indicators are found (vpn usage from high risk country, known malicious ip, etc ), adds a security note and moves the application to a security review stage some possible setup options for engineering teams looking to implement this integration, you may want to consider one or more of the following create a dedicated security review stage in your interview process set up relevant tags for tracking suspicious applications document clear protocols for how recruiters should handle flagged applications this integration can help proactively identify potential corporate espionage attempts, fraudulent applications from prohibited countries, or other security risks before they progress through your hiring pipeline other best practices using to help your team label and track suspicious applications if you're seeing a consistent pattern, consider updating your job posting or application form to include a simple validation step (e g , "include a sentence about why this role at our company interests you") for high volume roles, some teams introduce short screening questions or exercises to help weed out low effort submissions early