You've found the perfect remote candidate. Their CV is polished, skills are impressive, and they’re ready to start Monday. But what if, behind that professional profile picture, you’ve just hired someone working for North Korea, and your monthly salary payments are helping fund a missile program? This isn’t a Netflix drama. It’s happening right now.

The Scam That Keeps On Running

This isn’t a one-off incident, it’s a multi-year operation that’s been evolving right under the noses of HR and IT teams worldwide.

Europe is now in the crosshairs

Google’s reports highlight just how sophisticated these operations have become. One case uncovered last year involved a single North Korean operative using at least 12 different personas to apply for remote roles across both Europe and the US. The targets? Companies in the defense sector and government agencies. In a disturbing new tactic, some of these fake IT professionals have even threatened to leak sensitive company data after being dismissed, raising the stakes for HR and IT teams managing remote hires.

While early crackdowns focused on the US, experts warn the UK is now a prime target. Google’s Threat Intelligence group says that due to the facing pressure in the US, the most extensive North Korea IT operations in Europe are happening in the UK.

Here’s how it works:

• Fake CVs and identities: Stolen or fabricated documents.
• Multiple personas: One operator may use dozens or more identities.
• Deepfake assisted interviews: AI generated images, voice filters, even facial overlays fool live video calls.
• Tool assisted deception Generative AI helps with resume creation, polished portfolio sites and realistic communications.
• Laptop farms: Devices housed locally make operatives seem domestic.
• Post hire exploitation: Some staff access sensitive systems, steal IP, or even extort companies after termination.

These AI infused tactics raise the stakes, making traditional checks even less effective.

Protecting your Workplace

1. Verify in person or video interviews: Wherever possible, conduct interviews live or in person to reduce the risk of deepfake or AI assisted impersonation.
2. Check multiple references: Contact former employers directly and look for patterns that may indicate multiple personas.
3. Limit access initially: Restrict sensitive systems and data until trust and identity are fully verified.
4. Monitor unusual activity: Keep an eye on unexpected downloads, access attempts, or file transfers.
5. Train HR and IT teams: Make awareness of these scams part of onboarding for recruiters and IT staff.
6. Update policies for remote work: Include clear procedures for verification, onboarding, and offboarding remote staff.
7. Use technology wisely: AI driven tools can help detect anomalies in behaviour or documents, complementing human checks.

The Bottom Line

Remote work has opened incredible opportunities, but it has also widened the door for those who see trust as a weakness to exploit.

By tightening hiring practices and staying alert, UK and European companies can stop being soft targets in a scam that’s been running for years.