The move to remote hiring has dramatically broadened the talent pool available to organizations, enabling them to tap into expertise from across the globe. However, this same shift has inadvertently introduced a new category of security threat: state-sponsored “fake workers.” These actors successfully secure IT positions by exploiting stolen identities, utilizing AI-generated photographs, and conducting deepfake interviews to mislead hiring teams.
Once embedded within a company, these operatives gain privileged insider access, which can be leveraged to siphon sensitive information or disrupt operations. A significant portion of their compensation is often channelled back to hostile foreign regimes, transforming what might appear to be straightforward financial fraud into a complex national security concern. As a result, IT hiring teams must recognize and address these risks with heightened vigilance.
How State-Sponsored Actors Exploit Remote IT Hiring
What’s Happening
State-sponsored actors from North Korea, China, and Russia are actively leveraging false identities and synthetic media to secure remote IT positions. In particular, the North Korean approach involves operatives funnelling salary payments through intermediaries and so-called “laptop farms.” Reports indicate that as much as 90% of the earnings from these roles are redirected back to the regime. Industry sources and legal indictments confirm that these actions are part of an organized and sustained campaign, rather than a series of isolated incidents.
Why IT Teams Are a Target
IT roles are especially vulnerable because they require privileged access, the use of remote tools, and company-issued devices. These privileges can be exploited to facilitate lateral movement within networks, exfiltrate sensitive data, or install persistent backdoors. As a result, hiring managers should treat remote hires for high-privilege IT positions as a distinct and elevated risk category.
Key Statistics and Operational Impact of Fake Workers
Key Statistics to Know
The median direct financial loss associated with a fake worker incident is approximately $50,000, accounting for salaries and benefits paid out before the fraud is detected. However, some cases have resulted in losses scaling into the millions.
The consequences of hiring fraud extend beyond these immediate costs, leading to secondary issues such as inaccurate tax filings, wasted recruitment efforts, the need for incident response, legal liability, and the risk of lawsuits from clients or shareholders.
Industry surveys and analysis consistently indicate that this is a widespread challenge. Estimates suggest that around 10% of Fortune 500 companies have encountered fraudulent workers, and projections warn that by 2028, as many as one in four job candidates could be fake.
Operational Impact
The effects of fake workers are not limited to financial losses. Their presence can erode trust in remote collaboration among teams, trigger expensive internal audits, and divert security resources away from other critical priorities. For IT leaders specifically, a significant but less visible cost comes from the time and effort required to investigate unusual access patterns and remediate systems that have been compromised.
Strengthening Pre‑Hire and Post‑Hire Controls
Pre‑Hire Controls
To effectively prevent fraudulent hires, organizations must move beyond basic resume screenings. Implementing multifactor identity verification helps ensure candidates are who they claim to be. Secure video interview platforms, particularly those designed to resist deepfake manipulation, further protect against impersonation. Behavioral interview techniques can reveal rehearsed or inconsistent responses, offering additional insight into candidate authenticity.
Warning signs such as recycled contact information, generic resumes, or reluctance to participate in company video interviews or comply with device-shipping policies should be considered potential red flags during the hiring process.
Post‑Hire Controls
Once IT staff are onboarded, treat new hires as high risk throughout an initial probationary period. Enforce the principle of least privilege to limit access to sensitive systems and data. Monitor for unusual VPN activity or atypical use of remote access tools, and configure alerts for unexpected geolocation changes. Require all company devices to be enrolled in endpoint management systems for real-time oversight. Detection rules targeting remote desktop tools and anomalous access patterns have demonstrated their effectiveness in identifying suspicious behavior during actual investigations.
How Domino Technologies Can Help
Domino Technologies specializes in IT recruiting and staffing and can help organizations source verified candidates and implement stronger vetting steps. By combining talent screening with identity‑check best practices, Domino reduces the chance of hiring a fraudulent worker while keeping your hiring pipeline efficient.
Conclusion
Fake workers are no longer a fringe scam—they are a strategic threat aimed at the roles that power your infrastructure. The solution for IT‑hiring organizations is a mix of tighter pre‑hire identity controls, vigilant post‑hire monitoring, and partnerships with staffing providers who understand both talent and risk. Are you confident your hiring process would catch a sophisticated fake worker before they gain privileged access?