Published: September 19, 2025
Our new bulletin Cyber Threat Watch has been created to help small businesses stay up to date on the latest threats, news, and events affecting their business. The content has been curated to make cybersecurity easy and accessible for both technical and nontechnical readers.
Featured Cyber Threat — Remote Fraud Work and Business Risks
Remote work is now a regular part of business operations—it helps control administrative costs, gives flexibility to employees, and opens access to wider talent pools. However, it also introduces new risks because hiring someone you never meet in person makes it harder to confirm their identity, skills, and intentions. This gap creates an opening for fraudulent workers to slip through, gain access to critical internal systems, and steal or expose sensitive data.
In July 2025, the U.S. Department of Justice sentenced an individual in Arizona who knowingly assisted foreign workers in posing as U.S.-based IT staff. This case shows how easily businesses—even large and well-known ones—can be deceived when remote work arrangements are exploited.
How the Scheme Was Carried Out
In March 2020, this individual received a LinkedIn message asking her to be the U.S. face of a company and help overseas IT workers gain remote jobs. The operation began with stolen U.S. identities used to pass background checks through fake documents submitted to prove employment eligibility.
To sustain the deception, the individual ran a laptop farm with company-issued devices at her home in Arizona so the IT workers appeared to be working within the United States while, in reality, remotely accessing those devices from abroad. At times, she joined video calls to maintain the illusion of a U.S.-based employee.
Through these tactics, fraudulent workers infiltrated 309 companies and collected over $17 million in wages, much of which was directed to North Korea’s weapons program. While this case centered on payroll fraud, experts warn that such fraudulent workers’ access could also be used to steal and sell sensitive company data.
Why Risk Is Growing in Remote Work
Fraud and business risks tied to remote work have increased since the pandemic. With many jobs now fully virtual, fraudsters find it easier to take advantage of the hiring process. Contributing factors include:
- Ease of Digital Deception: Fake resumes, stolen IDs, and manipulated online profiles allow fraudsters to pose as qualified candidates.
- Dependence on Staffing Agencies: Smaller businesses often rely on external recruiters who may not thoroughly screen applicants.
- Motivation of Hostile Actors: State-backed groups, such as North Korean IT workers, use remote work opportunities to generate revenue that funds hostile activities.
- Business Risks Beyond Payroll Fraud: Fraudulent workers may gain unauthorized access to company networks, steal sensitive data, or install malicious software for espionage.
What Your Business Can Do
Small businesses can take practical steps to reduce the risk when hiring for remote roles.
- Verify Identity In Person When Possible: Ask new hires to pick up company equipment (such as laptops) in person, or arrange a video call where they show a valid ID. This simple step helps confirm the person matches the documents provided.
- Use Trusted Hiring Channels and Conduct Background Checks: Work with staffing agencies that have strong identity verification practices. If hiring directly, conduct criminal record and reference checks and review applicants’ information through open-source searches. Identical personal details appearing across multiple profiles can be a red flag.
- Watch for Warning Signs During Online Meetings: Be alert for candidates who refuse to turn off blurred backgrounds, have background noise like a call center, or give rehearsed explanations for technical issues.
- Apply the Principle of Access Only What’s Required: Limit remote employees to the systems and data they need for their role—nothing more. Review and adjust access regularly. This follows the Zero Trust principle of never granting broad access by default.
- Train Managers and HR Staff: Provide necessary training so hiring managers can recognize common red flags. They don’t need deep technical knowledge—just awareness of fraud schemes and when to ask for additional verification.
Conclusion
Remote work brings clear advantages, but it also creates opportunities for criminals. By taking simple precautions such as verifying identity in person, conducting background checks, limiting access, and training managers, business owners can reduce the risk of costly financial and reputational harm.
The NCSS encourages businesses to adopt comprehensive security practices and stay informed about evolving threats. We recommend you consider becoming an NCSS member to access a wide range of our services. For more information, visit our Small Business page.
About the NCSS
The National Cybersecurity Society (NCSS) is committed to improving the online safety and security of the small business community through education, awareness, and advocacy. As a 501(3)(c) organization, the NCSS uses funds from charitable donations and grants to develop educational materials, webinars, weekly cyber tips, videos, and how-to-guides. The organization’s goal is to enable and empower small and medium businesses to obtain cybersecurity services, assist them in understanding their cyber risk, and advise on the type of protection needed. We want to continue to grow our community and encourage you to tell other small businesses we are here to help.
The NCSS is committed to respecting the use of images in our communication efforts. Accordingly, unless otherwise specifically noted, the graphics in our bulletin are sourced under license from Adobe Stock. The header and footer images were designed and purchased through a contract with Eyedea Advertising & Design Studio.