From hiring and onboarding fraud to service desk social engineering, attackers increasingly exploit identity workflows with stolen identities, forged documents, and deepfake-enabled impersonation.