Vetting a Remote Candidate
A five-minute, public-signals-only workflow for screening a remote hire, and the follow-up questions that matter more than any single check.
From a resume you usually have a phone number, an email, and a handle or two. Each one carries a quick public signal: a phone's line type, an email's domain age and risk, a username's account-age footprint. None of them decides anything on its own. Run them, look for a consistent story, and turn anything odd into an easy question rather than a rejection. This is a starting point for verification, not a background check.
Why a quick check is worth it
Remote hiring removed the in-person signals teams used to rely on, and a wave of fraudulent-applicant activity moved in, including the well-documented North Korea-affiliated IT worker operations that US Department of Justice and Treasury notices describe. Those operations work at volume with thin, hastily-built identities. A few minutes of public-signal checking will not catch a determined, well-resourced impostor, but it reliably catches the low-effort attempts that would otherwise eat your interview time. The goal is not to play detective; it is to know which conversations deserve an extra question.
The workflow
The phone number: check the line type
Paste the candidate's number into the Phone lookup. You want the line type. A non-fixed VoIP number (Google Voice, TextNow) is cheap to create from anywhere and is mildly unusual for someone claiming to live somewhere that uses mobile carrier numbers. It is a weak signal, not a verdict; plenty of honest people use VoIP. See VoIP numbers in hiring for when it matters and when it does not.
The email: domain age and risk
Run the address through the Email lookup. It tells you whether the domain receives mail, whether it is disposable or a free provider, how old the domain is, and its anti-spoofing posture. A brand-new domain behind a "company" address, a disposable inbox, or a lookalike of a real brand are all worth a second look. A free mailbox where a company address was expected is a mild flag, not a problem on its own.
The handle: read the footprint shape
Take any username from the resume, a GitHub, a portfolio, a social handle, and run the Username search. Two things matter. First, breadth: a real long-term professional usually exists on several platforms. Second, and more telling, the account ages. The search surfaces a footprint summary, and if every datable public account is only a few months old it flags it. A candidate who claims a decade of experience but whose oldest public account is eight weeks old is telling two different stories. See reading a username's footprint.
One box for any of them: Scan
If you would rather not pick a tool, paste any single identifier into Scan. It detects whether it is a phone, email, domain, IP, or username, runs the right check, and returns one verdict card with the signals behind it and links to dig deeper. It is the fastest way to get a first read, and the verdict labels stay about the identifier, never about the person. See reading a Scan report.
Reading the result: look for the story, not the score
No single check decides anything. What you are really doing is assembling a picture and asking whether it is consistent:
- A senior engineer with a years-old GitHub full of real work, a long-lived email domain, and a normal mobile number is a coherent, low-friction story.
- A "senior engineer" with a two-month-old everything, a fresh domain, and a non-fixed VoIP line is not necessarily a fraud, but it is three soft signals pointing the same way, which is exactly when a follow-up question is warranted.
Treat "could not check" honestly. Some platforms block automated checks, so the tools mark them unknown rather than guessing. An unknown is not a red flag; it is simply no information.
Better than rejecting: ask
When something gives you pause, the right move is almost never a silent rejection. It is a question that is easy for an honest person and harder for an impostor:
- A short video call with cameras on. Honest candidates almost always say yes.
- An in-depth, unscripted technical conversation about something specific on their resume.
- A casual question about their week, the local weather, the time of day where they are. Easy for someone who lives where they claim.
- Right-to-work verification through your normal HR channels for high-trust roles.
A weak signal does not change any of these steps. It just adjusts how attentive you are during them.
Using this responsibly
- Apply it to everyone. A check you only run on some candidates is a bias waiting to happen. Use the same process for every applicant at a given stage and document it.
- Never decide on one signal. Every item here is weak on its own. Corroborate before you act, and give the person a chance to explain.
- Know your obligations. Using checks like these in hiring can trigger fair-use and anti-discrimination rules. In the United States that includes FCRA and EEOC guidance; other regions have their own. This is not a background check or a consumer report, and it is not legal advice. Follow your organization's policies and consult qualified counsel before acting on anything.
Start with one identifier
Paste a phone, email, domain, IP, or username and get a one-look report in seconds. No login, nothing stored.
Open the Scan box →This guide is educational and reflects publicly available information about phone routing, email and DNS records, public profiles, and published government enforcement actions. It is not legal advice or a recommendation about any specific person or application.
Every signal described here is weak on its own and proves nothing about a person's honesty. Many people use VoIP numbers, keep little public presence, or have new accounts for entirely legitimate reasons. Never make an adverse decision about someone based on a single signal. Corroborate any concern with independent evidence and give the person a chance to explain.
If you use checks like these in hiring or other consequential decisions, you may have obligations under fair-use and anti-discrimination laws (for example FCRA and EEOC guidance in the United States, and comparable rules elsewhere). Apply the same process to every candidate, document your reasons, follow your organization's policies, and consult qualified counsel before acting.