Financial Crime World

Financial Fraud in North Korea: Common Schemes Exposed

Pyongyang’s financial schemes are causing chaos in international markets, with North Korean individuals using sophisticated tactics to evade sanctions and line their pockets. A recent investigation by the Federal Bureau of Investigation (FBI) has shed light on the most common types of financial fraud emanating from the Democratic People’s Republic of Korea (DPRK).

Common Schemes

Identity Theft and Remote Work Schemes

North Korean IT workers are leveraging unsuspecting individuals in the United States to gain access to company networks, using remote work schemes as a front. They set up U.S.-based internet connections, enable remote desktop connections, and even purchase web services like artificial intelligence models and background check programs. Some facilitators receive shares of the proceeds earned through these schemes.

  • Red flags:
    • Unusual network traffic
    • Presence of prohibited remote desktop protocols or software
    • Inconsistencies in interviews

Front Businesses and Job Search Sites

To evade detection, North Korean IT workers create front businesses and use popular job search sites to attract unwitting victims. They may pose as short-term technical contract workers or offer virtual assistant-type positions. However, once hired, they install remote access software and gain unauthorized access to company networks.

Warning Signs for Businesses

The FBI has issued a warning to businesses to be cautious of the following red flags:

  • Unusual network traffic
  • Presence of prohibited remote desktop protocols or software
  • Inconsistencies in interviews
  • Increased noise during virtual meetings

Protecting Yourself

To avoid falling victim to these schemes, businesses and individuals must implement robust identity verification processes, educate HR staff and hiring managers about the threat, and monitor network activity. The FBI recommends verifying remote workers’ identification information through E-Verify.gov and flagging changes in address or payment platforms.

Reporting Suspected Schemes

If you suspect that your business has fallen victim to a North Korean IT worker scheme, report it immediately to the FBI’s Internet Crime Complaint Center (IC3) at www.IC3.gov. Evaluate network activity from the suspected employee and use internal intrusion detection software to capture activity on the suspected device.

Conclusion

As the world grapples with the financial fallout of these schemes, it is essential to stay vigilant and take proactive measures to prevent further exploitation by North Korean IT workers.