If you’re looking to hire virtual assistants to help with day-to-day tasks, you’ve probably noticed the benefits of remote work—more flexibility, lower costs, and a wider talent pool. But with these advantages comes a hidden risk: cybercriminals, including North Korean hackers, posing as legitimate workers to gain access to your company’s sensitive information.
Recently, there’s been a surge in cases where companies have accidentally hired fake, often North Korean, workers who use their access to steal data and extort their employers. These cybercriminals are very skilled at creating fake profiles, faking job histories, and even using AI to appear convincing in interviews. For small businesses that want to or need to rely on virtual assistants, especially in financial sectors such as insurance and mortgage, this can be a serious threat.
Why This Is Important
Even though it might seem like something that happens only to big corporations, smaller businesses—like yours—are just as much at risk. Hackers don’t just go after large tech companies. In fact, small to medium sized companies can be easier targets because they often do not have updated security systems in place.
How to Spot Fake Candidates
The first step in protecting your business is recognizing the red flags when hiring virtual assistants. Here’s what to watch out for:
- Unverifiable Credentials: If a candidate lists degrees or certifications from foreign universities that are hard to check, take extra precautions. Make sure to verify all educational and employment history with legitimate sources. If you can’t confirm their background, be cautious.
- Reluctance to Be on Video Calls: Many fake candidates avoid video calls. They might give excuses like bad internet connections or “camera issues.” Always insist on a video interview to see the person you’re hiring and make sure they’re who they say they are.
- Poor English or Inconsistent Communication: Pay attention to the quality of communication. If their written English seems excellent, but their spoken English is noticeably different, it could be a sign of a fake profile that’s been crafted with AI tools.
- Suspicious Requests for Equipment: If a virtual assistant asks for their company laptop to be sent to a different address or shows reluctance to use standard security measures like Multi-Factor Authentication (MFA), that’s a major red flag.
Human Verification Is Only Step One of Two
Sometimes, even thorough baseline verification isn’t enough to protect against sophisticated threats. This was the case for cybersecurity firm KnowBe4, which followed every standard hiring protocol—conducting interviews, background checks, and reference verification. You can read our previous blog on it here: https://motiva.net/knowbe4
However, the person hired turned out to be a North Korean hacker using a stolen U.S. identity. Despite the exhaustive pre-hiring checks, the hacker attempted to install malware on their system the moment they received their company laptop. Fortunately, KnowBe4’s cybersecurity defenses, particularly their Endpoint Detection and Response (EDR) software, caught the attack in progress and alerted their Security Operations Center (SOC). This quick response allowed them to shut down the internal threat before any damage was done, proving that even the most diligent hiring practices need to be backed by strong cybersecurity measures to truly safeguard a company.
Step Two; Cybersecurity Measures You Must Have in Place
Even if you’ve never had to think about cybersecurity before, it’s important to start now. Here are some basic steps that can make a big difference:
- Use Multi-Factor Authentication (MFA): MFA requires employees to verify their identity through a second method, such as a text message code or an app. This ensures that even if a fake worker gets a password, they can’t log in without the second layer of security.
- Limit Access for New Hires: Don’t grant full access to your systems right away. Allow new virtual assistants access only to the tools and data they need, and monitor their activity closely in the initial weeks. You can also utilize a sandbox environment for testing and isolating any potentially suspicious activities before giving broader access.
- Regularly Update Software and Security Patches: Keep your systems and programs up to date. Hackers exploit outdated software, so make sure everything is current to prevent vulnerabilities.
- Endpoint Detection and Response (EDR): EDR software continuously monitors your systems for malicious activity and threats. As seen in the KnowBe4 case, EDR was crucial in identifying malware attempts from a fake worker before damage was done.
- Use Virtual Machines for Remote Workers: A virtual machine (VM) isolates the remote worker’s activities from your core systems, making it much harder for any malware or unauthorized access to spread across your network.
How to Stay Safe While Hiring Virtual Assistants
Here are some practical steps you can take as a business owner to protect yourself from falling victim to these scams:
- Ask Detailed Questions: During the interview, ask specific questions about their work experience, tools they use, and how they handle certain tasks. If they seem hesitant or give vague answers, it could be a sign they’re not who they claim to be.
- Stay Informed About Common Scams: Cybercriminals are always finding new ways to trick businesses, so it’s important to stay updated on the latest threats. Regularly check trusted cybersecurity sources or work with an IT provider who can keep you informed.
- Lean on Your IT and Cybersecurity Team: Your IT and cybersecurity teams are your first line of defense. Involve them in the hiring process to help vet new hires, ensure systems are properly secured, and set up measures like sandboxes or virtual machines to isolate any suspicious activity.
- Train Your Employees: Make sure that everyone in your company knows the signs of a cyber scam and understands the importance of following security protocols, especially if you’re working remotely. Awareness is the first line of defense.
Protecting Your Business and Your Clients
By taking these simple steps to strengthen your hiring process and secure your business, you can avoid the costly mistakes that come with hiring a fake virtual assistant.
Remember, the risk of hiring a fake worker is real, but with the right precautions, you can protect your business from these emerging threats. Don’t wait until it’s too late—review your hiring and cybersecurity practices today.
Your company’s safety—and your clients’ trust—depends on it.
Have A Suspicion That Your Current IT Needs An Update?
Get a No-Obligation, Confidential Cybersecurity Checkup for your small or medium sized businesses today. We can help you find out where your security stands. Our team will assess your current security measures, identify any potential vulnerabilities, and provide actionable steps to strengthen your defenses—all at no cost to you. It’s a simple way to make sure your business is safe from cyber threats and finally has a concrete, no-jargon plan to protect your customer’s sensitive information.
Reach out today at 646-374-1820 or CLICK HERE to schedule your no-obligation cybersecurity checkup and get the peace of mind you deserve!