FBI warns against North Korea job scams

In addition to elders being a key target for scammers, preying on their blind trust, vulnerability and lack of digital dexterity, a new group is coming under attack by sophisticated North Korean hackers. Job seekers. Taking advantage of a shaky employment market and the desperation and excitement tied to new job opportunities, this new ring of scammers have developed practically undetectable tactics to siphon funds from Americans looking for work. 

As reported by Newsweek, “These methods are the latest chapter in a long-running saga of cyber-espionage by the isolated nation, which has employed numerous methods both to profit from Western companies and to wreak damage on the state apparatuses of its enemies.”

What’s been dubbed as social engineering campaigns, even the most intelligent and careful could fall victim to these scams. By scanning social accounts and profiling people’s personal information, hackers create nuanced and refined profiles to approach their targets in a familiar way by impersonating recruiters and employers in a way that seems valid, authentic, and instantly believable even to the trained eye. What seems like a legit opportunity based on one’s unique experience, skill set and employment history is a scheme so undetectable the FBI is on high alert and warns Americans to be vigilant. Businesses in the cryptocurrency and decentralized finance space are especially vulnerable. 

According to the Bureau, "Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea's determination to compromise networks connected to cryptocurrency assets."

The consequences are significant once the bait has been cast. As victims engage with the scammers and buy into the recruitment and evaluation process, the stakes get higher. By accepting and opening what seem like legit job offers, contracts and calendar invites for video conference interviews, victims are unknowingly downloading malware to their systems which enables hackers to access and steal cryptocurrency funds. Lured by the eagerness to open an exciting new job offer and sign on the dotted line, victims are subjected to a bait and switch technique that costs them millions. 

According to Newsweek, “The FBI did not quantify how much had been stolen using these Social Engineering Attacks. In March, however, United Nations sanctions monitors revealed that Pyongyang-linked cyberattacks had caused around $3.6 billion in damage to cryptocurrency companies between 2017 and 2024.”

So how do you avoid becoming the next victim to these malicious scams? Avoid gratuitous job offers boasting suspiciously high compensation, don’t take professional conversations to other, unprotected platforms, and never download any applications on company devices. Get to know exactly who you’re dealing with and save yourself and your company from unnecessary loss.