Certain employers more vulnerable to IT scams, says police force offering tips on prevention
Hiring remote IT freelancers may appear efficient and cost-effective, but the Royal Canadian Mounted Police (RCMP) has issued a warning that engaging with workers linked to North Korea could result in violations of United Nations sanctions, exposing companies to legal liability and compliance breaches.
The RCMP said North Korean nationals are posing as IT freelancers from other countries to obtain remote contracts. These individuals offer services in areas such as IT support, platform development, and firmware engineering.
Despite appearing legitimate and technically skilled, they may be affiliated with the Democratic People’s Republic of Korea (DPRK), whose activities are subject to UN sanctions, says the force.
Weapons of mass destruction
According to the RCMP, earnings from these freelancers are believed to be funnelled into the DPRK’s weapons of mass destruction and ballistic missile programmes. This financing route is prohibited by United Nations Security Council resolutions.
The security alert also warned that these freelancers, once granted access to company systems, may insert passive malware or backdoors into software. These actions could enable unauthorised monitoring, information gathering, or future cyber exploitation.
“Through privileged access to companies’ networks and critical infrastructure, North Korean IT workers may insert passive malware and backdoors in program codes that can collect information, monitor traffic, or facilitate future exploitation, thereby exposing companies to the risk of corporate espionage and data theft,” the alert said.
Red flags for North Korean IT workers
Small and medium-sized businesses, particularly those with limited screening processes or hiring through freelance platforms, are considered more susceptible.
The RCMP outlined several indicators that companies may be dealing with a North Korean-linked worker. These include:
-
frequent money transfers via online platforms
-
requests for cryptocurrency payments
-
inconsistent personal and professional details
-
multiple logins from different geographic locations.
Additional signs may include refusal to provide identification, inability to attend voice or video interviews, use of AI-generated visuals during meetings, unusually low service quotes, and a willingness to start work without a signed contract or payment guarantees.
The RCMP advised conducting interviews through video, verifying documents and credentials, checking employment histories with institutions and past employers, and reviewing payment arrangements when several bank accounts are involved.
