A growing number of US companies are falling victim to a sophisticated fake IT worker scam originating from North Korea. The scammers use stolen or fake identities, often with AI-enhanced polish, to deceive hiring managers and gain access to sensitive data.
According to Socure’s Chief Growth Officer Rivka Little, the company has seen an influx of suspicious job applicants, mostly in engineering and software development roles, with thin LinkedIn connections and “shallow” profiles paired with beefy resumes. The scammers often use deepfake videos to make their applications more convincing.
Mandiant Consulting CTO Charles Carmakal and Google Cloud’s senior director of security engineering Iain Mulholland have both reported encountering fake IT workers in their pipelines. The scam has cost American businesses at least $88 million over six years, with the scammers using insider access to steal proprietary source code and extort employers.
To combat this issue, companies like Netskope are working closely with law enforcement, HR teams, and cybersecurity experts to verify applicant identities. They share IOCs (indicators of compromise) with peers and government agencies to curate an aggregated data set for resourcing tools.
The key to spotting the patterns is to train hiring managers and security teams to look out for warning signs such as suspicious profiles, delays in answering questions, or environmental signs like being in a call center. In-person interviews remain the final step in the process, with companies requiring applicants to come to the office to pick up their work computers.
As the scammers adapt and evolve, it’s essential for organizations to stay vigilant and adopt best practices to avoid becoming victims of this scam.
Source: https://www.theregister.com/2025/07/13/fake_it_worker_problem