Professionals in high-demand industries are accustomed to receiving messages from job recruiters. Often the messages are generic offers sent en masse without any apparent regard for whether the recipient has the requisite experience. Since the pandemic normalized remote work across the globe, tech workers have been getting recruited for a different type of job entirely: doing interviews under fake names for foreign companies.
“Fraudulent candidates have increased after COVID in 2020 because remote work [has] become the standard rather than a nice to have,” said Gabe Greenberg, founder of G2i, a talent marketplace matching remote engineering teams with freelance software developers. “So it’s increased the opportunity level for folks to take advantage of a system that wasn’t ready for the almost overnight shift to remote work.”
In May 2022, U.S. Departments of State and Treasury and the Federal Bureau of Investigation issued an advisory to alert the international community, the private sector, and the public to attempts by North Korea and North Korean information technology (IT) workers to obtain employment while posing as foreigners.
The advisory states that North Korea:
- abused the entire ecosystem of freelance work platforms to surreptitiously obtain IT development contracts from client companies around the world—as well as abuse many social media platforms—to communicate with clients and payment platforms to receive payment for their work; and
- misrepresented themselves as U.S.-based teleworkers, including by using virtual private networks (VPNs), virtual private servers (VPSs), purchased third country IP addresses, proxy accounts, and falsified or stolen identification documents.
The Daily Dot has found evidence that software companies, primarily in South Asia where the practice appears to have begun, hire people to pose as American engineers and tech workers to interview for remote jobs at large, privately owned tech companies. They purportedly either fabricate identities for this purpose or impersonate real people. In the latter scenario, companies provide their direct hires with the names, addresses, social security numbers, and other personal information about actual Americans then direct them to apply for U.S.-based remote engineering roles.
If the applicant lands the job, sources say the actual engineering work is typically done by a four to five person team who split roughly 30% of the actual salary. The remaining 70% is purportedly either kept by the company that employs them or split with a recruiter who matches remote engineering teams with freelance software developers.
Based on interviews, research, and discussions across Reddit, Fishbowl, Hacker News, and LinkedIn, this practice is prevalent across the world and has only grown, in part due to the global artificial intelligence (AI) boom increasing demand for computer engineering talent. The exact scope is unknown, but insiders say that there are thousands of workers involved.
In June 2022, the FBI Internet Crime Complaint Center released a public service announcement about cybercriminals using deep fakes and stolen personally identifiable information (PII) to apply for a variety of remote positions.
“The remote work or work-from-home positions identified in these reports include information technology and computer programming, database, and software related job functions,” the FBI wrote. “Notably, some reported positions include access to customer PII, financial data, corporate IT databases and/or proprietary information.”
A few months ago a man who describes himself as a senior backend engineer in the Netherlands said he’d received a message from a recruiter claiming to be hiring a software engineering business partner. The job description had little to do with software engineering, he wrote in a public post on LinkedIn, which set his alarm bells ringing.
“In this role, you will conduct interviews with personal information of our U.S. engineers to win jobs. We will set up a professional LinkedIn or Indeed account for you and upload your photos (Your information is ONLY your photos),” Boris Rostovskiy said the purported recruiter wrote.
Rostovskiy also said that the recruiter told him they’d apply for the jobs, schedule the interviews, and, if hired, “handle the projects 100% from end to end.” All he had to do, they wrote, was go to the interviews and attend meetings. They also reportedly promised to provide “technical support” during interviews, presumably to improve the chance the company would hire “him.”
“Is this even legal???” Rostovskiy wondered.
A person who describes themselves as a java developer commented that they’d had the same experience a few months prior. “Obviously refused. If it’s not illegal it should be,” they said.
Neither people responded to inquiries.
Who are these companies?
In March 2023, podcaster Syed Muzamil Hasan Zaidi interviewed software company Devsinc founder and CEO Usman Asif. An Instagram post promoting the episode described Devsinc as the fastest growing tech company in Pakistan. Tale of Asif’s rags to riches story was very well received by Zaidi’s audience of over 300,000 YouTube subscribers.
“This podcast was truly inspiring! It’s amazing to hear the story of a young man who, despite humble beginnings and countless challenges, managed to make his way to the USA and still chose to return to Pakistan for the betterment of his country,” one wrote on Asif’s LinkedIn post promoting the episode. “His dedication to uplifting the economy and transforming the tech industry into a billion-dollar powerhouse demonstrates his unwavering commitment to Pakistan and its people.”
Shortly after the episode of Thought Behind Things was published, Zaidi announced that he would join Devsinc as their chief strategy officer. Less than a week later, he informed his followers that he would not be joining the software company after all.
“After having detailed discussions with the team, we realized there are logistical issues and some differences in vision that we were not expecting to come up,” Zaidi wrote on LinkedIn. “So I had to reconsider and decided that it is not the best time for me to take up this role.”
Zaidi also made the episode private on his YouTube channel.
Sources close to Zaidi told the Daily Dot that he backed out after learning more about Devsinc’s business model. They said Zaidi wanted no part in it. They also said that he deleted the episode to negate any claims that he endorsed the business and its practices.
Zaidi did not respond to an emailed inquiry sent Tuesday morning.
Glassdoor reviewers who describe themselves as both current and former employees of Devsinc accuse the company of lying to clients and requiring employees to pretend they were working from the United States.
“Everything about your company is fake, there are no office timings which means you basically live at the office and sometimes visit home, if the company calls for authentication of past experience the call lands to another devsinc employee that will verify the fake experience,” one wrote last year. Others called it “exploitative” and potentially “illegal.”
Overall, Devsinc has 3.9 out of five stars with many reviewers describing it as a great place to work.
Maria Sadaf, lead business strategist with Devsinc, said the company “adheres to strict hiring practices” and employs people from a variety of backgrounds. Sadaf said they “absolutely and categorically deny” hiring workers who pose as U.S. residents to secure employment with companies there.
“We operate transparently with both our clients and employees,” Sadaf said via email.
On Instagram and X (formerly Twitter), Devsinc describes itself as “Pakistan’s fastest growing IT company” that’s “[o]n a mission of hiring 80,000 people by 2030.” Its website and LinkedIn page give an address in California, however. On LinkedIn, Devsinc says it is headquartered in California where it purportedly “integrate[s] global leaders in web development with passionate Asian talent.” Its website gives an address in San Jose, California; the X account an address in San Francisco, some 50 miles away. Devsinc’s website includes links to the Instagram and X profiles where it describes itself as a Pakistani company as well as the LinkedIn page stating it’s headquartered in California. Records show that there is no business by that name registered in California. The address given on its website includes a coworking space.
According to Sadaf, Devsinc has operations in Pakistan, the United Arab Emirates, Saudi Arabia, and the U.S.
“Our business mechanics are pretty simple and transparent; we hire Asian talent to serve the technological needs of our clients in North America and the Middle East,” she said.
Devsinc isn’t the only company accused of using this business model.
Earlier this month, an X user posted a screenshot of a message they reportedly received from an employee of Kinetic Hire. The message said they were seeking skilled developers and offered to pay $1,000 a month in base compensation plus an hourly rate of $25-$40 for interviews and a $500 bonus each time they got hired, the screenshot shows. “You will use the personal information of our US engineers to secure jobs and represent them during interviews,” the message read. “Ready to take the next step?”
The X user was appalled. “What the falooda kind of a job is this? Apply for others and represent them during interviews too???” they wrote. They did not respond to multiple comments on the post requesting additional information.
According to the Google form link, the role at Kinetic Hire is called “Software Engineering Technical Consultant.” It further reads, “…[O]ur engineers are fully occupied with their current responsibilities and are not available for new job interviews. Therefore, we need a dedicated representative who will be responsible for conducting these interviews. We are seeking an individual with outstanding communication and technical skills to bolster our competitive edge.”
The job description stated that the applicant “will conduct interviews with personal information of our US engineers to win jobs.” It said that the company will set up LinkedIn or Indeed accounts for the interviewee, apply for jobs, schedule interviews, and, if they were hired, “will handle the projects 100%.” It required applicants to be fluent in English and have certain technical skills.
Wajahat Ahmad, founder of Kinetic Hire, said that the role was “not accurately represented” in the description. Via email, Ahmad told the Daily Dot that they were seeking a consultant to manage client calls and take on other responsibilities, such as assisting them with business operations. Ahmad characterized having what he described as “subject matter experts” handle certain client-facing roles as “standard practice” in recruitment and consulting.
“Kinetic Hire does not engage in the practice of hiring or placing so-called ‘ghost employees’ as described,” Ahmad added.
Kinetic Hire’s website gives an address in Orlando, Florida. The phone number listed, however, has Pakistan’s country code. The LinkedIn profile embedded on its site says it’s in the Punjab province of Pakistan. The recruiter who purportedly messaged the X user lists their location in the same city in Punjab. There is no business with the name Kinetic Hire registered in the state of Florida, records show.
After the Daily Dot asked about the discrepancy between the company’s addresses on its website and LinkedIn, its website was changed to an address in Pakistan.
Ahmad said that Kinetic Hire was founded in Pakistan but is expanding globally and that they are in the process of registering as a business in Florida.
Kinetic Hire and Devsinc are far from the only companies apparently engaging in this practice, sources say. Industry insiders told the Daily Dot that at least 400 IT companies in Pakistan use the same business model—and that’s just in one country.
In response to an inquiry from the Daily Dot, a spokesperson from the U.S. Justice Department sent links to information about its efforts to disrupt an allegedly state-led effort by North Korea to get U.S. tech companies to unwittingly hire North Koreans living abroad for jobs intended for people in the U.S.
In a release this May, the department said North Korea was using their salaries for its weapons program. It previously said that it seized 17 domains that were designed to look like they were U.S. companies and that this followed seizures in 2022 and 2023 of $1.5 million the same group of North Korean IT workers had been paid by the U.S. companies that unwittingly hired them.
“Today’s announcement reveals the complex web of deception and facilitators that is central to the North Korean regime’s schemes to evade international sanctions to finance its weapons program,” Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division said in a release.
Court documents allege that North Korea sent thousands of IT workers to live abroad, primarily in China and Russia, with the goal of tricking American and other foreign businesses into hiring them as freelancers. The scheme reportedly involved “pseudonymous email, social media, payment platform and online job site accounts, as well as false websites, proxy computers located in the United States and elsewhere, and witting and unwitting third parties.”
These enterprises are purportedly becoming more common.
“This scheme is so prevalent that companies must be vigilant to verify whom they’re hiring. At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities. Without due diligence, companies risk losing money or being compromised by insider threats they unknowingly invited inside their systems,” Special Agent in Charge Jay Greenberg of the FBI St. Louis Division said in a release.
The Justice Department spokesperson told the Daily Dot that it does not have any similar cases out of Pakistan.
Sources in Pakistan say the companies engaging in this practice have a combined workforce of hundreds of thousands of people. If each job secured is performed by four or five people, there could be tens of thousands of jobs meant for the U.S.-based engineers/tech workers secretly being done by people in foreign countries.
If so, the economic impact would be significant.
How does it work?
According to Usama Latif, the founder of RemotelyHire.co, Devsinc has fake profiles and identities of software engineers and developers in the U.S. who apply for remote engineering roles at various American companies.
The fake identity is either conjured or based on the identity of an actual American, Latif said. Latif said that the person posing as the prospective employee applies for remote roles and provides an address that matches the time zone or location requirements of the role. Each identity’s curriculum vitae typically includes roles at notable Fortune 500 companies and provides references.
Latif added that if they get an interview, a Devsinc employee with an American accent does the interview while using a VPN to match the address on the fake resume.
Devsinc insists it is transparent and adheres to “strict hiring practices.”
Faizan Sajid is purportedly a former growth executive at Devsinc. According to Sajid and Latif, should the hiring manager or recruiter call any of the references, another Devsinc employee, also with an American accent, will answer and provide a glowing referral. This reference check pipeline is similar to one employed by a diploma mill.
“Employees working in Pakistan are not authorized to tell their real name, [while they] hide their identity, and use VPNs, along with very hectic rotational shifts, [secondly] strict monitoring via spy cams on computers taking snaps here and there,” said Latif.
Earlier this year, Sajid took to LinkedIn to call Devsinc out.
“Please tell me, is creating fake US profiles Shariah-compliant?” Sajid wrote. “Is scamming people by creating fake LinkedIn [profiles] Shariah-compliant? Is conducting interviews with fake individuals Shariah-compliant? Is attributing the reasons for on-site visits to the death of parents or the pregnancy of a spouse Shariah-compliant? Is deceitfully asking foreigners for money Shariah-compliant? Is presenting one person under 10 names and then including conditions like taking help from friends in contracts Shariah-compliant?”
Devsinc claims to be a Shariah-compliant company, which requires it to adhere to ethical business practices that uphold Islamic values, such as honesty, transparency, and accountability.
He said that this system is why “Pakistanis have never been able to earn respect anywhere.”
Sajid subsequently deleted his LinkedIn profile. The Daily Dot was unable to reach him for comment.
Who are the victims?
Sajid shared screenshots of correspondence with his Devsinc colleagues that indicates they use companies such as G2i to connect firms with people they believe are vetted and specialized software developers ready to work on demand.
G2i CEO Greenberg said they have various protocols in place to detect fraud during the hiring process.
“For low volume hiring we tend to focus on having our team perform live soft skill interviews and live technical interviews. You can often tell in video based interviews if someone is cheating or if they aren’t who they say they are by the way they are answering the questions and sometimes there is a delay between their video/audio. LinkedIn profiles also contain clues to fraudulent candidates,” Greenberg said.
Greenberg added that for high volume hiring, G2i focuses more on asynchronous testing and requires video submissions from the candidates. He said the company reviews the videos to match Linkedin profiles and also does full background checks and ID verification.
He characterized people deceptively working multiple full-time jobs as a greater risk, saying that’s “the hardest to detect.”
“We usually see a drop in performance after a few weeks of work and that often is a sign the candidate may be working multiple jobs,” Greenberg said. “Our community manager checks in regularly with candidates to see how they are doing and this has recently come up.”
Per screenshots Sajid shared, one of the companies targeted by foreign companies that employ ghost workers is U.S.-based Scale AI, which recently secured $1 billion in funding at a $14B valuation. According to internal correspondence Sajid posted, Scale AI has unknowingly hired or contracted engineering roles to people who they’ve been led to believe are engineers in the U.S., but are in fact foreign staff at Devsinc.
Via email, a Scale spokesperson told the Daily Dot that it is “deeply committed to maintaining high trust and safety standards.”
“All contributors for our generative AI projects are required to follow our community guidelines which prohibit the use of VPN or other technologies to mislead about location or identity,” they added. “In addition, our working location policy requires that contributors work on the platform only from their primary country.”
The spokesperson said that the company thoroughly vets contributors.
“We have a comprehensive set of safety practices, including detection measures specifically designed to identify and mitigate various forms of fraudulent activity. Our onboarding process includes ID vetting processes,” they said. “Contributors working on generative AI must have a valid ID from the country in which they are located, and we conduct ongoing checks throughout the contributor lifecycle to continuously verify identities and location.”
In September 2023, Scale AI joined several companies that made voluntary commitments to the White House to promote safe, secure, and transparent development and use of generative AI foundation model technology. The commitments included investing in safeguards against insider threat to protect intellectual property.
Scale AI and the other companies agreed to limit “access to model weights to those whose job function requires it and establish a robust insider threat detection program consistent with protections provided for their most valuable intellectual property and trade secrets.”
What are the harms?
Sources say that companies justify the remote IT worker fraud schemes by saying everyone does it. They also argue that it creates jobs and helps local talent get experience on advanced projects they normally wouldn’t get a chance to work on.
Ethics and legality aren’t the only issues with this practice, however. Tech companies typically require employees to sign non-disclosure agreements (NDAs) to protect their intellectual property. Such NDAs are only enforceable if the person signing the contract is who they hold themselves out to be—so in the case of identity theft, a contract wouldn’t be valid. Further, the worker would not be vetted via a background check or potentially be qualified for security clearances.
This creates the potential for industrial espionage, an ongoing issue in the tech industry and a focus of the federal government. Last year, the Biden administration announced that leading AI companies had agreed to multiple commitments intended to make the industry safer and more transparent.
One of the three commitments requires the companies to build systems “that put security first,” including safeguards against insider threats, i.e. industrial espionage.
Syed Ahmad is the founder and CEO of DPL, a 20-year-old Pakistani software development company. He has been the chairman of the Pakistan IT Industry Association (P@SHA) for two separate terms, was the chair of the IT and telecom task force under former Prime Minister Imran Khan, and has held several board positions which give him oversight on the Pakistan tech market.
P@SHA describes itself as “the voice of the industry.”
Over the past several months, Ahmad has been posting about the prevalence of the above practices—without naming names. On LinkedIn, Ahmad wrote that “scams” in the industry include social security number fraud; using proxy candidates to interview on behalf of subpar applicants; and setting up shell companies under a parent company in which employees pose as freelancers to evade taxes.
“Looks like [the] whole Lahore is now in on it. NOT all but many. They say, ‘it’s not a scam because everyone is doing it!!!’ They say ‘we have to do it because others are doing it too, and we will be uncompetitive if we don’t do this fraud,’” Ahmad wrote.
“Unfortunately [P@SHA] is quiet on these kinds of cancer in our industry. Also Pakistan Software Export Board (PSEB) and MoITT are quiet. Unfortunately [it’s creating] a slow spiral of death for our industry’s long-term sustainability. And killing careers of so many bright and talented youth.”
(The Ministry of IT & Telecom, aka MoITT, has a mandate to regulate IT companies in Pakistan and is reportedly aware of which companies are involved in remote IT worker fraud schemes.)
Devsinc CEO Usman Asif commented on the post to express concern and offer to discuss it in a live LinkedIn session.
“Upholding legal and ethical values is extremely important, and as industry leaders, we should openly discuss this pressing topic,” Asif wrote.
Ahmad accepted. “It will be interesting to have your take directly on these business models,” he replied.
The livestream never happened.
Sources told the Daily Dot that after a private conversation, Asif backed out because Ahmad had no intention of choosing his words carefully. It’s worth pointing out that their companies compete for the same technical talent in their hiring and are indirect competitors in that sense.
In response to questions swirling about these issues, P@SHA issued a vague statement saying that it condemns illegal activities, without specifying which practices it was referring to.
Sources inside P@SHA told the Daily Dot that the association opened an internal investigation into companies accused of fraudulent use of personally identifying information (PII). They said that leaders at one company admitted they were doing this and requested time to rectify its business model.
Sources at P@SHA said that this delay was designed to give them time to lobby MoITT to refrain from taking action. It also reportedly intended to lobby nominees for the upcoming Central Executive Committee (CEC) elections at P@SHA. Insiders said that its executives anticipate no actions will be taken against them due to backdoor alliances the company is creating with both P@SHA and MoITT.
Neither P@SHA nor MoITT responded to emailed inquiries.
One month from now Pakistan will be named “Tech Destination of the Year” at the international computer expo GITEX. Insiders believe Pakistan’s IT regulators don’t want to risk creating negative publicity for the country. They say that the IT regulators don’t understand how taking action against companies engaged in remote IT worker fraud schemes will actually instill credibility and create an environment for ethical business practices.
Sources with inside knowledge believe that P@SHA and MoITT plan to stall regulatory action, spread conspiracies, and play the blame game if the remote IT worker fraud and regulatory negligence is exposed. At the same time, U.S. Consul General Karachi Scott Urbom is working to improve relations with Pakistan. If he asks about this report, they say, regulators intend to feign ignorance.
Claire Goforth contributed to this report.
Internet culture is chaotic—but we’ll break it down for you in one daily email. Sign up for the Daily Dot’s web_crawlr newsletter here. You’ll get the best (and worst) of the internet straight into your inbox.
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.
The post EXCLUSIVE: Inside the global ghost worker industry that’s taking thousands of American tech jobs appeared first on The Daily Dot.
WATCH VIDEO
DOWNLOAD VIDEO
