Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Job Scams. Show all posts
Remote Workers
Data Breach Data Leak Data protection data security IT workers Job Scams North Korea North Korea Hackers Remote Workers

Leaked Data Exposes Daily Lives of North Korean IT Workers in Remote Work Scams

 

A recent data leak has shed rare light on the hidden world of North Korean IT workers who carry out remote work scams worldwide. The revelations not only expose the highly organized operations of these state-sponsored workers but also offer an unusual glimpse into their demanding work culture and limited personal lives.  

According to the leak, North Korean IT operatives rely on a mix of fraudulent digital identities and sophisticated tools to infiltrate global companies. Using fake IDs, resumes, and accounts on platforms such as Google, GitHub, and Slack, they are able to secure remote jobs undetected. To conceal their location, they employ VPNs and remote access programs like AnyDesk, while AI-powered deepfakes and writing assistants assist in polishing resumes, generating fake profiles, and handling interviews or workplace communication in English. 

The documents reveal an intense work environment. Workers are typically expected to log a minimum of 14 hours per day, with strict quotas to meet. Failure to achieve these targets often results in even longer working hours. Supervisors keep close watch, employing surveillance measures like screen recordings and tight control over personal communications to ensure productivity and compliance. 

Despite the pressure, fragments of normalcy emerge in the leaked records. Spreadsheets point to organized social activities such as volleyball tournaments, while Slack messages show employees celebrating birthdays, exchanging jokes, and sharing memes. Some leaked recordings even caught workers playing multiplayer games like Counter-Strike, suggesting attempts to balance their grueling schedules with occasional leisure. 

The stakes behind these scams are far from trivial. According to estimates from the United Nations and the U.S. government, North Korea’s IT worker schemes generate between $250 million and $600 million annually. This revenue plays a direct role in funding the country’s ballistic missile programs and other weapons of mass destruction, underscoring the geopolitical consequences of what might otherwise appear as simple cyber fraud.  

The leaked data also highlights the global scale of the operation. Workers are not always confined to North Korea itself; many operate from China, Russia, and Southeast Asian nations to evade detection. Over time, the scheme has grown more sophisticated, with increasing reliance on AI and expanded targeting of companies across industries worldwide. 

A critical component of these scams lies in the use of so-called “laptop farms” based in countries like the United States. Here, individuals—sometimes unaware of their role—receive corporate laptops and install remote access software. This setup enables North Korean operatives to use the hardware as if they were legitimate employees, further complicating efforts to trace the fraud back to Pyongyang. 

Ultimately, the leak provides a rare inside view of North Korea’s state-directed cyber workforce. It underscores the regime’s ability to merge strict discipline, advanced digital deception, and even glimpses of ordinary life into a program that not only exploits global companies but also fuels one of the world’s most pressing security threats.
Read more »
Scam
Company Data Breach Job Scams Jobseekers Linkedin New Jobs Online Jobs Perfect Jobs Scam

Online Jobseekers Beware: Strategies to Outsmart Scammers

 


The number of employment scams is increasing, and the number of job seekers who are targets of cunning scammers is also on the rise. A person who is seeking a new job is advised to be vigilant to these scams and to be aware of what to look out for to better protect themselves against them if they are searching for one. 

Precisely what is the scam? 

On fake websites that look like they belong to reputable companies, criminals will pose as them to post fictitious job descriptions that require applicants to apply for fictitious jobs. The scammers will then make false job offers to candidates looking for a job. 

Sometimes, the fraudster may ask for personal information, like a person's address, bank details, or personal information like a passport number. It is becoming increasingly common for these scams to take the form of legitimate recruitment activities, and they often appear to be recruiting through third-party websites or direct email exchanges. 

It is becoming increasingly common for employers to be caught up in this sort of scam, which is known as recruitment fraud. A scammer has been known to target job seekers with fake job openings on LinkedIn as the social networking site receives more than 100 job application submissions per second. 

Approximately two-thirds of British users have been targeted in the last several years, according to a study conducted by NordLayer, a security firm. Scammers do not limit themselves to LinkedIn, with scammers exploiting other genuine, well-known job websites as well as sending email solicitations directly to university students by targeting them directly within their email addresses. 

Scammers employ two main methods to con their victims. A job offer with basic information about the company and its job position sounds very interesting to job seekers, and there is a link that says that if they click on it, a presentation with detailed information about the company and the job role will appear, says Jedrzej Pyzik, a recruitment consultant at the financial recruitment firm FTeam.

It has been observed that after clicking through the link, there are usually some landing pages that require the user to download a certain program, log in, and provide personal information - this is the most common one that has noticed the most, said Jedrzej. 

When that data is obtained, it can be used to steal the job seeker's identity, or even to open a bank account in their name or to apply for credit in their name if the job seeker is not present. Another popular scam involves asking "successful" job applicants to send over a substantial amount of money upfront to have the money paid back when they are hired - a practice known as advance fee scams. 

If a person is told that the amount can be credited towards training fees, criminal background checks by the Disclosure and Barring Service (DBS), travel fees like visas, or equipment that is needed for the job, they may feel more inclined to apply. 

The problem is that if a check is ever received to cover these costs, it will bounce. A large part of the problem is associated with fake job ads, which are especially common when it comes to the recruitment process for students and recent graduates, who may be considered to be less knowledgeable about it. 

Several scams have been targeting US university students lately, according to the security firm Proofpoint, offering jobs in biosciences, healthcare, and biotechnology fields, mostly in recent months. These scams appear to have targeted students in various parts of the country. 

Is there a way to protect from these Frauds? 

To identify phishing scams, follow these five tips: 

It is advisable to avoid generic emails at all costs. A lot of effort is put into casting a wide net when scammers do not include specific information in their scams. It is always a good idea to be cautious when receiving an email that seems overly generic. 

The spelling of domain names and email addresses should be checked very carefully. Even a slight change of lower and uppercase letters can result in a redirect to a different domain where the job seeker may be a victim of identity theft. 

A recruitment agent from an authentic company will most often ask applicants for an in-person interview if the candidate truly meets all the requirements for the job. 

A recruiter will never ask a prospective candidate for financial information or payments as part of an employment application or as a condition of employment or anything similar.

Those who post a job stating the position is the "perfect job" usually make this claim as they rely on the high pay they will offer for positions that do not require any skills and experience. 

It is likely that such a job is a scam and is just too good to be true. There is a concerted effort being made by job platforms to eliminate job scams in their platforms. 

A report from LinkedIn claims that 99.3% of the spam and scams it detects are caught by its automated defences, and 99.6% of the fake accounts it detects are blocked before members even know they exist. Additionally, job websites are also doing their part to help those looking for work. 

It is the company's policy to perform automatic verification processes that confirm the validity of its advertisers, according to Keith Rosser, director of group risk at Reed, a process which involves checking Company House information, the domain information of the company as well as the email addresses and physical addresses of the company's advertisers. 

The job seekers are advised, however, to be cautious and to check whether the employer is legitimate before sharing any personal information with them. Before sharing any personal information, it would be wise to verify that the organization exists.
Read more »
Subscribe to: Posts (Atom)