Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
It’s no secret that North Korean threat actors are ramping up their game by using stolen or fake identities to gain employment at Western companies. (Some might say they are faking IT ’til they make it!) One identity assurance company, however, claims that these cyber criminals aren’t the only culprits behind the popular faux hiring scheme.
Last week, HYPR admitted in a blog post that it extended a contract to a European software engineer, dubbed John Doe, who it later discovered was not who he claimed to be.
Doe was extended the employment offer after successfully advancing through several rounds of live interviews with the identity security company and began HYPR’s onboarding and credentialing process—which entailed device verification, location check, document authorization, as well as text and video chat—in mid-October. However, his identity quickly sounded alarm bells.
Red flags. One tell-tale sign of Doe’s false identity was the fact that his location did not align with the information he had provided to the company. HYPR revealed that the new hire’s IP location showed that he was 301 miles away from his home address.
While Doe’s passport was able to bypass the document review process, HYPR said that a facial verification check detected “discrepancies” between the document’s picture and the face scan. Doe also failed a liveness detection test.
During the final step of the onboarding process, which involved a live video verification process to ensure Doe was the same person interviewed, the fraudulent new hire alerted HYPR that camera problems would prevent him from coming on video. The next day, Doe effectively waved his white flag, alerting the New York-based company that he would not be continuing the onboarding process because he was pursuing a different opportunity.
Busted! The fake IT worker scheme has continued to make headlines. Mandiant said it has detected North Korean IT workers masquerading as non-North Korean nationals in order to obtain employment at Western companies and generate revenue for the North Korean regime since 2022. Earlier this year, security platform KnowBe4 disclosed that it had accidentally hired a fake North Korean IT worker for its internal AI team.
Interview fraud is also a rising threat to businesses. In 2022, the FBI issued a warning to businesses about the use of deepfakes and stolen personally identifiable information to apply for remote positions after receiving an uptick in complaints related to the practices.
HYPR in its blog post suggested that organizations remain safe from threats similar to the one they faced by using a multi-factor verification process during new employee provisioning. The company added that businesses should implement video-based verification beyond the onboarding process and use an identity assurance approach that “unifies phishing-resistant passwordless authentication, adaptive risk mitigation, and automated identity verification.”