The North Korean Hiring Scam: What You Don’t Know Can Hurt You

In January, the FBI issued a public service announcement regarding North Korean IT fraudsters posing as candidates to access proprietary and sensitive data, conduct data extortion, facilitate cyber-criminal activities, and generate revenue for the North Korean government.

Their tactics include shipping laptops to laptop farms in the U.S. where North Korean operatives access them remotely from abroad; hiding true location through VPNs; avoiding video communication; using AI to generate interview scripts; cheating on technical tests; and even using deepfake technology during video interviews.

If this is the first you’re hearing about it - don’t panic, but definitely keep reading. Nearly every Fortune 500 company has hired or received applications from North Korean nationals working on behalf of the country’s regime. Our customers have seen it, too, and here are lessons we’ve learned.

Team Up with Your MSP and Suppliers – Because Bad Actors Don’t Work Alone

Increasingly, fraudulent candidates are trying to leverage the contingent workforce as a backdoor to access and extort employer data. In response, Guidant Global established a comprehensive plan to guard our suppliers and customers against the North Korean scams. We’ve established clear protocols and responsibilities for all suppliers, especially those focused on STEM talent. Our goal is to ensure all suppliers and customers understand the threat of candidate fraud and how to identify and stop it.

Here’s how we’re tackling it:

Supplier and employer education. We thoroughly educate suppliers and customers on the threat and risk if they are infiltrated by North Korean fraudsters.

Clear supplier guidelines. We established a strict and comprehensive supplier policy around candidate fraud:

If a fraudulent candidate makes it through from the supplier to a customer, or we stop someone on the project management organization (PMO) side from making it through to the customer, we're going to investigate.

If the supplier didn't do their due diligence, they’ll get a written and verbal warning.

If it happens again, they’ll get a 90-day suspension.

If it happens a third time, they will be further suspended or terminated.

AI assessment tools. We partner with Glider AI, a skills validation and technical assessment platform that uses AI and automation to streamline the hiring process. Glider’s platform seamlessly flags identity misrepresentation in hiring. Training on Glider AI is mandatory for all Guidant Global suppliers and is increasingly important as fraudsters become more sophisticated.

Identity verification during interviews. Suppliers must conduct video or join interviews five minutes early for identify verification. Then, they pass the candidate off to the client’s hiring managers.

Workforce compliance and auditing. As an MSP, Guidant Global audits workforces on a recurring basis, as outlined in customer contract (i.e., audit 20% of workforce quarterly). This further ensures contingent workforce compliance.

Who’s Doing What? Get Clear on Roles Before Fraud Slip Through

When it comes to the contingent workforce, successful candidate fraud prevention relies on clearly defined roles and responsibilities among the MSP, supplier, and employee at each step of the recruiting and hiring process:

Pre-screening. What is everyone’s responsibility prescreen? What are suppliers responsible for? What best practices can we share? How do we verify identification?

Resume review. Are we flagging duplicate resumes, mismatched employment histories, phone and email reuse?

Skill set assessment. Can we flag multiple logins from different locations? What about screen sharing with external devices? Does our assessment system detect AI-generated voices, abnormal behavior, and deepfake manipulation? And can we confirm candidates have the skills they claim?

Onboarding. When onboarding, what red flags should we look out for? (i.e., Workstations being shipped to different addresses from the ones the candidates initially provided)

Placement. What is the employer’s responsibility once workers are placed? Does the MSP have a relationship with the employer’s cybersecurity team? This might include CTOs and CIOs. While MSPs typically don’t have relationships with these areas of an organization, it’s time to change that thinking, especially in higher stakes areas such as finance and IT.

Cybersecurity Isn’t Just for IT Anymore

Loop in your cybersecurity team early. They’re your best bet for spotting nefarious downloads, strange login locations, and other red flags before things go sideways. They will be able to flag if unapproved apps are downloaded on corporate devices and can monitor for other suspicious activity.

In certain industries, especially the financial sector, internal risk management teams work closely with the cybersecurity department to ensure workers are who they say they are. Risk departments can review physical and IP addresses to ensure they align. If there is a mismatch, the risk department automatically investigates to determine whether there is a reasonable explanation or whether dismissal must occur.

Train With Intention: Fraud Prevention Starts with People

Organizations should train all workers – full-time and contingent – to identify and root out fraud. While your HR team is responsible for training FTEs, you’ll need to determine whether you’ll handle contingent workforce training internally or through your suppliers. That training should cover areas such as:

Basic Security Hygiene – Recognizing phishing attempts, using passwords securely, and updating personal devices when used for work.

Data Handling and Confidentiality - How to properly handle client data, understanding data classification levels, secure file sharing methods, and non-disclosure agreement requirements.

Network and Remote Access Security - Safe use of client networks, VPN protocols, and secure connection practices, especially when working from various locations.

Incident Reporting - Clear procedures for reporting suspected security incidents, including who to contact and escalation paths within the client organization.

Clean Desk and Physical Security - Securing workspaces in client offices, proper handling of printed materials, and device security when working on-site.

Limited System Training - Focused training only on the specific systems and applications the external worker will use, rather than comprehensive organizational security awareness.

Compliance Essentials - Industry-specific requirements that apply to their role, such as HIPAA for healthcare contractors or PCI DSS for payment processing vendors.

All the above should be detailed in a comprehensive Cyber Responsibility Policy, distributed during onboarding, and refreshed as agreed to internally or with suppliers.

The North Korean IT worker threat is real. With AI evolving by the day, candidate fraud and identity misrepresentation will only become more sophisticated. The key to protection lies in proactive prevention. By implementing robust verification procedures, leveraging AI for assessments and identifying red flags, and encouraging internal and partner collaboration, you’ll be able to detect and prevent fraudulent candidates before they ever have a chance to start.