COMMENTARY: In recent days, when some companies finally find some IT workers, they are often crushed when they realize they paid a lot of money for a fake—a fraud.
That feeling of being deceived is overwhelming, and many companies find themselves in this situation in today's work environment where there’s unending pressure to produce quickly – and a demonstrable shortage of qualified tech people.
Two recent cases, which came to light within weeks of each other and have a fascinating connection, highlight how rife with fraud the remote IT workforce has become – and how even the best American companies get deceived. It even happened to KnowBe4, a leading cybersecurity company.
In May, the Department of Justice announced charges against an Arizona woman, Ukrainian man, and three unidentified foreign nationals posing as U.S. citizens and residents and taking remote IT positions at many companies. The fraud begins with identity theft, allowing the criminals to impersonate real workers who are also victimized.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
In the Arizona case, more than 300 U.S. companies were deceived into making over $7.5 million in payments. No one was immune from the impersonators. Victims spanned a range of industries, including Fortune 500 companies.
Earlier this month, on August 8, another set of indictments charged a U.S. citizen in Tennessee who, according to the indictment, participated in a scheme to obtain remote employment with American and British companies for foreign information technology workers. The suspect ran a laptop farm, helping the fraudulent IT workers, stealing identities once again, and pilfering money and sensitive information from various employers.
I could highlight even more cases, but they all have the same thread: In each of the two instances, the beneficiary of the stolen funds and corporate information was the DPRK—Democratic People's Republic of North Korea. But it was much worse.
The stolen funds found their way to the UN-prohibited weapons of mass destruction program. The DPRK is also a state sponsor of terrorism, having been designated again in 2017 by the U.S. State Department. In addition to a wide variety of criminal schemes, North Korea continues to seek ways to avoid the sanctions that cripple their country and economy.
But how dire is the IT shortage? According to a report from the Congressional Research Service, there could be over 1.2 million open engineering positions by 2026. Cyberseek reports that there were 469,930 openings this year requesting cybersecurity-related skills, and employers are struggling to find workers who possess them. Cybersecurity is the hot ticket for us, but the need has spread across the entire tech sector.
So it's no wonder there’s a lot of pressure to hire, hire, hire. What can be done to improve the verification of remote workers? After 9-11 and the scourge of terrorist financing, Congress passed even more laws, and banks implemented even more vigorous Know Your Customer programs.
An advisory published in May 2022 gives insight into how these campaigns work and who benefits from them. Companies can defend against these tactics by implementing some steps quickly and cheaply to reduce the potential for fraud, such as reaching out to local law enforcement to check if documents submitted by an applicant are fraudulent.
A joint alert between the United States and South Korea contains a list of “red flags” and additional due diligence measures. Some warning signs include an applicant’s unwillingness or inability to appear on camera, conduct video interviews or video meetings, as well as inconsistencies when they do appear on camera, such as time, location, or appearance. It’s also a red flag if the applicant show undue concern about requirements of a drug test or in person meetings and having the inability to do so.
Simply insisting that a remote workers pick up a laptop at a designated site or appear for an on-site interview can potentially stop many of these cases.
Do what’s possible for your company, but as the saying goes: Caveat emptor.
Morgan Wright, chief security advisor, SentinelOne
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.