Amazon Blocks 1,800 Suspected North Korean IT Job Scammers

1,800 Suspected Job Scammers Blocked

Amazon has proactively blocked more than 1,800 suspected operatives from North Korea (DPRK) from joining the company since April 2024, and detected a 27% increase in DPRK-affiliated applications quarter-over-quarter. This demonstrates the scale of the ongoing issue of nation-state actors attempting to infiltrate organizations through remote IT positions.

These scams pose a financial and security risk; while some operatives aim to steal intellectual property, the primary goal is often to funnel wages back to the North Korean regime to fund weapons programs. The widespread nature of these attempts, even against a company with Amazon’s resources, underscores the vulnerability of organizations relying on remote workforces and the need for robust vetting processes.

Key Insights

• 1,800+ blocked applicants: Amazon has identified and prevented over 1,800 suspected DPRK operatives from being hired since April 2024.
• Evolving Tactics: Scammers are increasingly using stolen identities, hijacking dormant LinkedIn accounts, and leveraging “laptop farms” to appear US-based.
• Targeted Roles: There’s been an increased focus on targeting AI and machine learning positions, with scammers adapting claimed educational backgrounds to avoid detection.

Practical Applications

• Use Case: Amazon employs AI-powered background checks, credential verification, and structured interviews to identify fraudulent applicants.
• Pitfall: Relying solely on resume information and failing to verify credentials can lead to unknowingly hiring a malicious actor, potentially creating a security breach or funding hostile regimes.

References:

• https://www.darkreading.com/remote-workforce/amazon-fends-off-dprk-it-job-scammers