Vetano Blog
Fake Job Posts Are a Platform Problem, Not Just a Spy Story
MI5 warned that foreign intelligence services are using LinkedIn, Indeed and Upwork to pose as recruiters. The deeper issue is platform-level employer verification — and it affects far more than espionage.
By Chris Fairley · Founder & CEO · 2026-06-04 · 4 min read
MI5 warned this week that foreign intelligence services are using LinkedIn, Indeed and Upwork to pose as recruiters. The deeper issue is structural.
HiringIdentity VerificationTrust & SafetyPlatform Integrity
MI5 issued a bulletin this week warning that foreign intelligence services are using LinkedIn, Indeed, and Upwork to pose as recruiters and extract sensitive information from UK and Five Eyes government and military personnel. The agencies named specific fake LinkedIn profiles. The Five Eyes alliance flagged the practice as a strategic threat.
It's a serious story, and most of the coverage is framing it as one. But the espionage angle is the most dramatic version of a much broader problem — and treating it only as a spy story misses what the bulletin actually reveals about how modern hiring infrastructure works.
The structural issue underneath the espionage story
Strip the specific actors out of the MI5 warning and what's left is a description of how trivially easy it is to post a fraudulent job on any major hiring platform. No verification. No identity check. No proof that the company exists, that the recruiter is who they claim to be, or that the role is real.
The platforms named — LinkedIn, Indeed, Upwork — are the largest in the industry. None of them require employer verification before a job post goes live. Anyone with an email address can create a recruiter profile and post a role. The barrier to entry is intentionally zero, because zero-friction posting is what made these platforms economically viable in the first place.
That trade-off worked for two decades. Volume scaled. Job seekers found opportunities. Employers found candidates. The cost of unverified posting was treated as background noise — some bad actors, some fake postings, but nothing the platforms felt obligated to fix because it didn't break the model.
The MI5 bulletin is what happens when that cost gets large enough to attract national security attention.
Espionage is the visible case, not the whole problem
State-sponsored intelligence services are the worst-case version of a vulnerability that's exploited every day at smaller scales. The same gap that lets foreign intelligence pose as recruiters also lets:
- Resume harvesters extract personal information from job seekers for sale to data brokers.
- Identity thieves run fake job postings to collect Social Security numbers and bank details under the guise of onboarding paperwork.
- Scammers post non-existent remote positions and ask applicants to buy equipment, send deposits, or share payment credentials.
- AI-generated fake job posts flood entry-level categories at volumes that make detection nearly impossible.
These aren't theoretical. They're the daily background reality of unverified-employer hiring. The MI5 bulletin just made the worst version visible. The rest of it has been happening for years.
The same is true on the candidate side. Fake applicants, AI-generated resumes, identity-borrowed applications — all of these exploit the same platform-level gap from the opposite direction. Most hiring platforms verify neither side. The entire architecture assumes a level of trust that doesn't exist.
What verification actually means
There's a meaningful difference between optional verification and required verification, and the distinction matters more than it appears.
Most platforms that talk about verification offer it as a feature — a checkbox an employer can complete if they want, often behind a paywall. The result is predictable: legitimate employers verify, fraudulent ones don't, and the candidates seeing the listings have no reliable way to tell the difference. A verification badge that some accounts have and others don't is closer to marketing than security.
Required verification is structurally different. Every employer goes through the same identity check, on the same terms, before any listing becomes visible. There's no path for an unverified account to reach a candidate at all. The fraudulent post that drives most of the harm above never makes it into the system in the first place.
This is the model Vetano was built around. Every employer completes government-ID verification through Persona before they're visible to candidates. Same standard we hold candidates to. Same process for everyone, no opt-outs and no premium tier. The friction this adds at signup is real — onboarding takes 15 to 30 minutes rather than 30 seconds. That friction is the entire point.
The trade-off is worth naming
It's fair to point out that platform-level verification slows down volume. Some businesses won't want to verify, and they won't post jobs on a platform that requires it. Some candidates will skip a sign-up that asks for ID. The model gives up some scale to gain trust.
That trade-off used to be considered unviable. The category-defining platforms made the opposite bet, and for a long time that bet looked obviously right. But the MI5 bulletin is one of several signals that the cost side of the equation has been catching up with the volume side — fraud increasing, AI making fake posts cheaper to generate at scale, hiring managers reporting that they can no longer trust the applications they receive, candidates reporting they can't tell which listings are real.
At some point, the math flips. Verified-by-default hiring becomes the model that scales, because unverified-by-default is the model that's getting exploited.
What this means going forward
The fix for the problem MI5 described isn't more bulletins, more warnings, or more reactive policy. Foreign intelligence services aren't going to stop posting fake jobs because a government agency told them to. Job seekers aren't going to develop better instincts for spotting fraudulent recruiters at the scale required.
The fix is structural: verified identity at the platform level, before fake posts get the chance to do damage in the first place. That's not a feature that can be retrofitted into a hiring platform built on the unverified-volume model — it's a different architectural decision that has to be made at the foundation.
Hiring platforms that make that decision will look different. Onboarding will be slower. Volume will be lower. Trust will be higher. That's the trade Vetano made, and it's the trade we think the industry will increasingly need to make.
The MI5 bulletin will fade from the news cycle in a few weeks. The structural issue it surfaced won't.