'If you're a Fortune 500 company, then I can easily say you've at least been targeted'
A United States-based cybersecurity expert is warning large corporations that they are most likely on the radar of North Korean fraudsters.
Barnhart—who formerly led North Korea threat-hunting operations for a Google subsidiary called Mandiant—told CBC that North Korean remote workers engage in "spray-and-pray" job applications for positions at companies hiring remote employees.
This means they apply for hundreds of jobs a day, hoping to receive at least some responses.
"If you're a Fortune 500 company, then I can easily say you've at least been targeted," Barnhart said. "Whether you've hired them, that's a different story."
This could spell trouble for employers.
“Fake remote employees and contractors are now something everyone needs to worry about. Every organization should be updating its hiring policies, processes, and education to reflect this new reality,” according to a previous report.
Ontario architect’s stamp
In a recent case, a remote worker believed to be a North Korean fraudster forged the seal of an Ontario architect, according to a CBC report.
The professional seal of Canadian architect Stephen Mauro—based in the Greater Toronto Area—was among a series of professional stamps in the United States posted by a pseudonymous online researcher known only as Cookie Connoisseur, noted CBC.
In the post on social media platform X, Connoisseur claimed that the stamps were being used by North Korean remote workers.
“THIS INCLUDES stamping engineering drawings for construction in the U.S. as purported ‘Structural Engineers’. They are also electrical engineers, construction engineering, etc. They will create CAD drawings for you on your next construction project,” Connoisseur said.
Mauro’s seal, in particular, appeared on a blueprint for a "boutique studio" designed by a company named Global Creative Consultant Engineers (GCCE), reported CBC.
However, the architect claimed that he had never heard of GCCE, had never seen the drawing before, and did not stamp it, according to the report. He also said that the signature on the document was different from his own.
Even the stamp itself had minor differences from his official seal.
"The biggest thing is to find out where these are being submitted in Ontario, to notify the municipalities that it's not an actual architect submitting these,” he said, according to CBC.
A Facebook search by Human Resources Director showed a page for GCCE:
CBC noted that it reached out to Faisal Hussain, whose name appears on the page. Hussain claimed that the drawing was his and said he is based in Pakistan, according to the report.
Hussain initially told CBC that Mauro “is working with me as a teammate." However, in a subsequent video call, he claimed that he had hired Mauro via an online freelancing platform and had never seen his face or heard his voice.
"He's been working with me for two years and I didn't get any issue from the city," Hussain said.
Asked about which city he was referring to, Hussain opted not to identify the place, according to the report.
Citing a 2022 U.S. government advisory on North Korean IT workers, CBC noted that they "most commonly obtain freelance jobs through various online platforms."
Previously, more than 2,300 Canadians fell victim to job and employment scams, and collectively lost over $49 million to fraudsters, according to a report released in April.
