Skip to content
SEEK employer
employer
Contact us
Current scams
Security Hub Current scams

Fraudulent employment campaign originating from North Korea

Fraudulent employment campaign originating from North Korea
Current scams

Summary: You may have seen reports in the media regarding a fraudulent employment campaign originating from North Korea. As part of this activity, individuals working on behalf of the North Korean government aim to obtain employment abroad using fraudulent identities. We understand that any salary earnings are then typically funnelled back to fund North Korean government programs. At Jobsdb, we have been closely monitoring this activity and have implemented multiple safeguards to protect our platform and our customers. Measures taken to protect Jobsdb’s customers include but are not limited to:

  • Dedicated cyber and threat detection monitoring for activity related to this campaign

  • The ongoing and active detection and blocking of suspicious candidate accounts

  • The proactive removal of candidate applications from identified North Korean actors so they are no longer visible to hirers on Jobsdb’s platform.

If you have concerns about this activity or have noticed suspicious candidates applying for your roles, Jobsdb highly encourages you to reach out to your local cyber authorities.

Tactics used: These fraudulent candidates utilise stolen identities, and other technology such as deepfakes to hide their true origins, in order to obtain employment overseas. We understand that they also engage facilitators local to the employer to receive laptops and ensure the devices are remotely accessible to the North Korean operatives.

Top Recommendations: Jobsdb strongly encourages organisations to ensure at least one job interview for your preferred candidate takes place in person, and appropriate background checks are conducted. We also suggest looking for verified identity and other credentials on Jobsdb Profiles. It is recommended that organisations train their recruitment staff to be on the lookout for suspicious indicators such as:

  • Resume inconsistencies

  • Candidates who are unwilling to turn off their virtual background

  • A consistent and significant lag before responding to questions or tasks, or

  • If a candidate lacks local knowledge about where they claim to reside.

Introducing live practical tasks which can be observed during the interview process are also encouraged.

We strongly encourage cyber security teams to monitor key indicators to detect and prevent malicious applicants or staff logins. For example, detecting known malicious indicators of compromise (IOC's), suspicious login times, unusual IP address logins and overlapping IP addresses.