Amazon has recently blocked more than 1,800 job applications from people suspected of working for North Korea. These applications were primarily for remote IT jobs. The company discovered that the applicants used stolen or fake identities in an attempt to gain employment.
The main goal of these suspicious applicants is straightforward. Once hired, they receive wages and then funnel the money back to North Korea, where it often funds the country’s weapons programs. Experts warn that similar activity is likely taking place across many other companies in the United States.
Over the past year, Amazon observed a nearly one-third increase in job applications coming from North Korean sources. Stephen Schmidt, Amazon’s chief security officer, explained that the company uses a combination of artificial intelligence tools and manual verification by staff to detect and block these fraudulent applications.
AI Didn’t Kill Jobs — It Quietly Made Them More Valuable
How the Scheme Operates
The operatives usually work through what is called “laptop farms”. These are computers located in the U.S. but controlled remotely by North Korean workers abroad. Using this setup, the workers appear to be legitimate employees based in the United States.
Fraudsters have become increasingly sophisticated. Some hijack dormant LinkedIn accounts using leaked passwords to appear credible. Others target genuine software engineers’ profiles to make their applications look authentic.
Authorities and experts have warned employers to watch out for red flags in suspicious applications. These include phone numbers that are incorrectly formatted, mismatched education histories, and other inconsistencies that do not align with the applicant’s claimed identity. Companies are urged to report any suspicious applications to the relevant authorities immediately.
McKinsey faces sweeping job cuts as consulting giant confronts slowing growth at 100
In June, U.S. authorities disclosed the discovery of 29 laptop farms being operated illegally across the country by North Korean IT workers. These operations used stolen or forged identities of Americans to secure jobs within the U.S. The Department of Justice (DOJ) also indicted U.S. brokers who helped arrange jobs for the North Korean operatives.
Illegal Gains and Enforcement Actions
One high-profile example involved a woman from Arizona who ran a laptop farm. She assisted North Korean workers in securing remote jobs at over 300 U.S. companies. Her scheme generated more than $17 million in illicit earnings, which were divided between her and the North Korean regime. She was sentenced to more than eight years in prison for her role in the operation.
Authorities in both the U.S. and South Korea have issued warnings about North Korean operatives carrying out online scams and exploiting remote work opportunities to make money. These scams demonstrate how modern technology and remote work arrangements can be manipulated for illegal purposes.
Food Giants Call It “Efficiency” — Workers Call It Tens of Thousands of Layoffs
Amazon and other companies are now on high alert. By combining AI-powered detection tools with staff verification processes, they are stopping fraudulent job applications before they can result in financial loss or security breaches.
Experts say the trend is growing in scale, with operatives finding new ways to bypass standard hiring procedures. Employers are advised to remain vigilant, paying close attention to mismatched information in resumes, unusual activity in applications, and other signs of fraudulent behavior.
The discovery at Amazon highlights a major cybersecurity and national security concern, showing how international actors can attempt to exploit even everyday processes like job applications for illicit purposes.
