It sounds contrived, hardly plausible. Bad actors on the international stage are creating fake employees—leveraging artificial intelligence and other tools to invent bogus workers. They’re inserting these fraudulent individuals into American companies to steal trade secrets and personal data, funnel funds out of the country, and potentially undermine national security.
We’d love to tell you that this is sci-fi nonsense—but we can’t, because it isn’t.
“I’ve actually had people apply to my jobs—whether it’s through my website or through a different route like Indeed or Monster—and they’re not real employees,” says Susie Dietrich, CSP, president of AllTek Staffing Inc. “We’re seeing it, and we’re not just seeing it once in a while; we’re seeing it all the time. The bad actors think that we’re an easy target.”
What happens when a staffing firm misses the signs, sending their client a fake employee who could be, for example, a North Korean spy? “If they’re misrepresenting themselves and they’re working on behalf of a foreign nation state, you obviously run risks of corporate espionage, data theft, extortion of the employer for their data or personal information, and theft of trade secrets,” says Evan Fenaroli, vice president of management and professional liability at Philadelphia Insurance Cos.
Add to this the reputational risk. AllTek Staffing is a 40-year-old business, “and we sure wouldn’t have gotten to be 40 years old if we were sending fake people,” Dietrich says.
What exactly is going on here? And how can staffing firms protect themselves?
THE SCAM EXPOSED
While the fake-worker scam may seem extraordinary or even unlikely, there are tangible proofs that this is happening. The U.S. Department of Justice in June announced a nationwide action to combat efforts by the North Korean government “to fund its regime through remote IT work for U.S. companies.”
As DOJ describes it, one scam involves the creation of front companies and fraudulent websites to help validate the credentials of people who apply for jobs as remote IT workers. With company-provided laptops, those workers “gained access to, and in some cases stole, sensitive employer information such as export-controlled U.S. military technology and virtual currency.”
A recent report by Kevin Prendergast, president of background-investigation firm Thuro, points to multiple real-work examples:
- In December 2024, 14 North Korean nationals were indicted for using fake identities to obtain U.S.-based jobs. Victims were deceived into paying over $88 million in wages, which were funneled through Chinese banks to fund North Korean military programs.
- In August 2024, federal authorities arrested a Nashville man for operating a “laptop farm” that facilitated North Korean nationals’ fraudulent employment in U.S. tech companies. Using stolen identities and AI-manipulated photos, these operatives accessed sensitive corporate systems, earning significant revenue for the Democratic People’s Republic of Korea regime.
- A May 2024 case involved an Arizona woman who raised $6.8 million through schemes that placed North Korean IT workers in over 300 U.S. companies, leveraging compromised identities and falsified documentation.
The staffing industry is particularly at risk here, says Brittany Sakata, Esq., general counsel at ASA. “Staffing is uniquely impacted because these are not workers that are coming in every day and having face time with the business. The employer is a third-party client, which makes it much easier to create confusion and engage in this kind of behavior,” she says.
HOW IT WORKS
In order to defend against fake-worker scams, it’s important to understand how bad actors bring these efforts to life.
“As long as there have been employers, there have been individuals who have misrepresented their backgrounds, their abilities, and their skills,” Fenaroli says. The latest scams take this to a whole new level.
Applicants for remote IT jobs may leverage stolen credentials to present themselves as qualified and legitimate. Facilitators in the U.S. may help them here, and AI-generated voice and video can also play a role. Once hired, they’ll use company equipment to log in to corporate networks—sometimes running multiple identities at once and operating multiple laptops in a “laptop farm.” These U.S.-based laptop farms help the fake workers to look as if they are physically present inside the country.
But the scam isn’t limited to remote IT jobs. Sakata warns that the light industrial sector also is at risk from fake-worker exploits. In some cases, “the worker who’s hired in a light industrial space—who’s vetted with a background check and whose employment is verified—is not the person who shows up at the third-party client site,” she says.
“It might be an underage cousin. It might be an undocumented relative, or an entirely unknown person,” Sakata says. When that happens, “the staffing firm and client could be exposed to Department of Labor underage worker violations. U.S. Immigration and Customs Enforcement and Department of Homeland Security inspections and enforcement are entirely possible. And the staffing firm might be completely unaware of anything until a federal agency shows up. It creates incredible exposure for both the staffing company and the client.”
Beyond the legal risk, “it’s a potential PR nightmare,” she says. “An underage worker getting injured on a job site? That’s reputational damage. The potential of putting undocumented workers out on a job site? Clearly, PR issues abound.”
In the IT space, the risks can be even greater, with bogus workers imperiling not just the staffing firms that send them out on the job, but even the underpinnings of national security.. “The goal is to embed these people into very sophisticated areas: aerospace industries, technology companies, huge organizations that have access to so much data involving U.S. consumers and national security,” Sakata says. “The stakes are very high in that environment.”
Shall we put a dollar figure on it? According to Cybersecurity Insiders’ recent 2024 Insider Threat Report, 83% of organizations have seen at least one insider attack in the last year. Of those, 32% said it cost between $100,000 and $499,000 to recover. And 21% reported costs ranging between $1 million and $2 million.
KNOW THE RED FLAGS
Staffing firms should learn to recognize the signs and signals of a potential fake hire. In the intake process, it’s important not just to get that remote applicant on video, but to watch for little warning signs. “The electrical outlets in other countries don’t look like the U.S.-style electrical outlets. So recruiters need to be trained to say ‘Hey, pick up your laptop, walk around the room. I want to see where you’re working.’ And they’re looking for things like that,” Sakata says.
As you ramp up a new employee, inconsistencies can be a red flag. “The mailing address that you’re sending the equipment to should be a U.S. address, and it should be the same address throughout employment,” she says. “If a mailing address changes, there needs to be some sleuthing into that. Where did they move; why did they move? Does it make sense?”
With many fake employees working from Asia, time zones can be a tell. “If you have an individual who seems to regularly be working outside of normal business hours, that would be one potential red flag,” Fenaroli says. Technology can likewise help disclose geography. “To the extent that you can monitor network activity, you could try to see if you’re seeing IP addresses from outside the U.S.”
It’s also vital to notice what you are not seeing. “If you’re having regular video meetings or calls with the team and somebody’s regularly not going on video, if they’re using an avatar, or if they’re just not attending these meetings, that could be an issue,” he says.
If it’s an employee you’ve sent out on a job site, it will of course be up to your client to notice whether that employee is showing up on camera. In the light industrial space, too, the client will need to be alert to risk indicators.
“You might have the worker who shows up and obviously looks very young. They are sometimes asking to work late shifts because they are literally high school students,” Sakata says. “Or the worker who shows up for the first week is not the same worker as the second week. That should be a red flag—that the person looks different, looks younger.”
Any or all of these circumstances should put the staffing firm on alert. Ideally, though, things will never go that far. What can staffing firms do to ensure fake workers never get into the pipeline? Quite a few things, as it turns out.
DEFENDING AGAINST DECEPTION
At AllTek Staffing, Dietrich and her team dig deep into every applicant, as a matter of course. That basic due diligence can be a hedge against hiring a fraudulent worker. “We do our vetting. We’re really good at this,” she says. “We’re an established agency and we’re really careful about the people that we represent. We pride ourselves here at partnering with our clients.”
To that end, “we do Google searches on everything—to find out what size environment that person has been in, to try to find the same size company to place someone in. You want a good, compatible environment,” Dietrich says. Sometimes that effort sets alarm bells ringing.
“We had a person who sent us a résumé that had three employers, and all three places had closed down,” she says. “When you’re looking at a résumé and they have three places on there, and all three have closed down, something’s wrong. From a probability standpoint, it’s not real.”
Adjust Hiring Processes
As part of the intake process, it’s going to be important to have eyes on the applicant. “To the extent possible, any type of an opportunity for in-person interaction is going to make pulling this off more difficult,” Fenaroli says.
Staffing firms may need to adjust their processes to make that happen, and he encourages them to get creative. “Rather than mailing or shipping a laptop to an individual, make them pick it up in person at an office location that’s nearby. If that’s possible, that would be a great first step. And then verify the identity of the individual when they come to pick it up,” he says. “Create opportunities for off-site meetings—any opportunity where you can force somebody to go somewhere in person. That is probably going to be your best bet.”
At his own company, Fenaroli has found ways to expand the range of visual verification—even when interviewing and hiring remotely. “Individuals who work full-time remote at our company generally need to provide photographs of their workstation—mainly for ergonomic purposes, making sure that somebody actually has space to do their work. This can also be an opportunity to have individuals show on video where their work setup is,” he says.
If anything looks suspicious, it probably is. “Anytime you have somebody who’s remote, where you can’t meet in person, you have to operate from a position of skepticism,” he says.
Rethink Automation
AI is revolutionizing staffing, and that’s all to the good. It’s helping to sort through unprecedented volumes of applications and empowering recruiters with effective insights. It’s speeding the intake process for applicants, helping get the right people into the right positions faster.
The fake-worker phenomenon demands that staffing leaders pause and take a hard look at where and how automation comes into play, Dietrich says.
“If I had an automatic screener or an AI screener, they can get past those. That’s why we’re getting targeted as an industry, because this industry’s gone so much to AI screeners to get résumés straight to your clients—without having that interaction with the recruiter,” she says.
“We’re chasing very sophisticated criminals. The time and money that staffing firms will need to shift to compliance in this area are significant, and it’s just going to get greater as the technology and the bad actors become more sophisticated.”
>—Brittany Sakata, Esq., ASA
Dietrich is adamant that AI shouldn’t be forwarding on an application to the client without some level of human intervention. Staffing leaders should “let good recruiters continue to do their jobs. It’s what distinguishes this industry from other industries, and it’s that human element that can prevent anything like this,” she says.
“I’m not saying don’t automate; I automate a lot. But that human element is what keeps us reputable,” she says. “I have some automations, but instead of sending that résumé directly to the client, which a lot of my competitors do, mine go to my recruiters first. Then the recruiter is the one that eventually sends it to the client. AI screeners go to the recruiter. The recruiter then goes to the client.”
Focus on Cyber Protection
Fake IT workers thrive on digital access. Staffing firms need to implement robust cybersecurity protections, and they need to encourage their clients (especially those using remote IT workers) to do the same.
“It’s really important to add strong access controls to the corporate network. Make sure you are operating under the principle of least privilege. Make sure that these individuals don’t have access to any software, databases, admin access—anything that they don’t need to do their job, especially within a probationary period,” Fenaroli says.
“Implement more robust monitoring in general—some type of network monitoring,” he says. That can make a big difference. “There was a major cybersecurity company who came public with being a victim of this, and they were able to spot abnormalities in what the individual was doing on the network, and they spotted it very early. They were able to cut off their access and quarantine malware that that individual had downloaded. They were really able to contain the threat.”
Verify Thoroughly
In his recent article, Thuro’s Prendergast points to a number of verification strategies that can make a difference here.
- Employment verification validates the candidate’s stated work history, roles, and responsibilities. Staffing firms can focus on gaps in employment, inaccurate dates and titles, employers that the candidate failed to disclose on their application, and periods of concurrent employment—instances where the individual worked for multiple employers simultaneously.
- Educational verification confirms the authenticity of degrees, certifications, and attendance records. This includes verification of degrees, ensuring claimed credentials were earned from accredited institutions. Also look at timelines, identifying inconsistencies in attendance dates or degree completion timelines, as these may suggest falsified educational claims.
- Identity verification uses secure methods to authenticate the candidate’s identity. Advanced techniques include biometric verification (match facial scans to submitted identification); liveness detection (use real-time biometric interaction to ensure the presence of a live person); and AI-driven fraud detection (cross-reference multiple data sources to flag anomalies in identity claims).
When sending out remote IT workers, ASA also recommends badging—a security and identity verification measure in which the staffing firm issues a photo ID or access credential (physical or digital) to each vetted worker after completing the I-9 and identity verification process.
“You can’t legally share I-9 documentation with the client, but you can share photos of those workers standing in front of a backdrop that is the company’s logo,” Sakata says. “The client can very quickly compare that badge to the person who’s walking in through the door every day.”
All of these measures can help to protect staffing firms, but the landscape is changing quickly and industry leaders will need to leverage the expertise of ASA and others to stay ahead of the fake-worker threat.
“We’re chasing very sophisticated criminals,” Sakata says. “The time and money that staffing firms will need to shift to compliance in this area are significant, and it’s just going to get greater as the technology and the bad actors become more sophisticated.”
, a freelance writer based in Annapolis, MD, is a regular contributor to Staffing Success. Send feedback on this article to s******@americanstaffing.net. Engage with ASA on social media—go to americanstaffing.net/social.
