UK companies told: Reintroduce interviews to crack down on fake IT workers

North Korean agents are setting up fake identities to funnel money back home

Businesses should insist on in-person or video interviews with remote workers to avoid wage scams, say cyber experts.

British businesses are being urged to step up identity verification procedures for remote IT hires by carrying out job interviews on video or in-person, after cybersecurity experts revealed the UK has become a top target for a sophisticated North Korean employment scam.

Earlier this month, a Google intelligence report detailed how Kim Jong-un's regime is exploiting remote working trends to siphon wages from unsuspecting employers directly into state coffers.

The report highlights a new tactic: North Korean operatives posing as freelance or remote IT professionals are being hired under false identities, often with the help of facilitators based in the UK.

These operatives then covertly route their earnings back to North Korea, funding a regime increasingly cut off from global financial systems.

According to the report, one North Korean operative last year was discovered operating at least 12 fake identities across Europe and North America, with a particular focus on sensitive industries such as defence and government.

These individuals not only gain access to corporate systems but have begun retaliating against employers who attempt to terminate their contracts, threatening to leak confidential data unless paid off.

Investigators found many operatives working within the blockchain and cryptocurrency sectors, contributing to projects involving Solana and Anchor smart contract development, as well as AI applications built on blockchain technology.

Their roles range from conventional web development to highly specialised crypto-related tasks.

The shift to targeting the UK follows increased scrutiny in the United States, where authorities have already cracked down on similar operations.

"North Korea is facing pressure in the US and it is particularly focused on the UK for extending its IT worker tactic," John Hultquist, the chief analyst at Google's Threat Intelligence group, told The Guardian.

"It is in the UK where you can see the most extensive operations in Europe."

Facilitators inside the UK play a critical role in the scheme by helping North Korean agents establish a false physical presence. They receive company-issued laptops, set up addresses and even help secure fake passports, allowing the fraudsters to pass initial HR checks undetected.

In some cases, the scammers take advantage of bring-your-own-device (BYOD) policies, which offer fewer oversight mechanisms.

Both Hultquist and Sarah Kern, a North Korea analyst at cybersecurity firm Secureworks, are urging UK businesses to reintroduce video or in-person interviews as standard practice for remote hiring, particularly in the IT sector (although with the rise of deepfakes, even seeing a person is not as much of a confirmation of their identity as it used to be – Ed.).

Kern stressed the importance of due diligence.

"In the US it has also been fruitful to conduct in-person interviews, or at the very least video interviews, and checking that you're talking to who was actually advertised on the résumé," she said.

Kern also noted that the fake workers tend to avoid video interactions.

"We observed that they were very avoidant of video interviews because often they're located in a working centre where there's a lot of these North Korean IT workers working from one small room," Kern said.

"They wouldn't want to show their video, or it sounded like they're in a call centre, but with no actual reason as to why."

The bogus job seekers are infiltrating the job market via popular freelancing platforms such as Upwork, Freelancer, and Telegram channels.

While companies like Upwork insist they have robust systems in place to detect and remove fraudulent users, experts say the cat-and-mouse game continues.