Q&A highlight
Posted25 days ago
Key Takeaways
There's multipronged benefit for them: Access to company infrastructure to potentially cause harm or ransom in the future, access to technology / intelligence, but also simply foreign currency.
Especially when the recruiting process of big companies becomes predictable and well documented online, candidates will just perfect the targeting and cheating of that specific system.
Cat and mouse.
Anyone in a very low income area can benefit from pretending they're in a high income area and negotiating US-like pay.
Although the cancer stuff does look very scammy.
Recently my friend was approached by one Telugu broker stating that he would pay 10k for a part time job ... My friend agreed to a tech stack and he was connected with one of the US client and he started sharing his screen and gave him his entire sprint's work.
There are thousands of such NRIs especially from Andhra, Telangana going to USA not learning anything about industry, these people have no coding knowledge, can't even explain their work properly to [3rd parties]. They [earn] 6 digit USD [and pay] these brokers some 40-50K Rupees [$6000] every month and outsourcing it to a jobless Indian. Brokers eat away most of the money and pay the end person around 10K.
The worst part, my friend said it would take around 40 hrs a month (2 hrs everyday) to complete this US client's sprint tasks, that's all (client works for a major MNC and is paid around 120k USD/year, while my friend gets 10k rupees/month, almost 1 percent of what client makes).
What the hell is even going in this industry? This is beyond fucked up.
Happy Labour's day
"Arizona woman to serve 8 years for identity theft scheme benefiting North Korea": https://www.npr.org/2025/07/25/nx-s1-5479906/north-korea-ide...
There are a few different angles to this. Other people have already mentioned the North Korean state-sponsored espionage, but honestly I think this is a small minority of this market.
The other two big ones are visa fraud and employment fraud. With the first one, you have a developer, possibly even skilled in a low-wage overseas company (say Thailand) that wants to make American wages. If he applies as who he actually is, he makes Thai wages, which can be as low as $10K/year. If he uses your identity to apply, he makes American wages, say $200K+/year. He can split that with you and make 10x what he would otherwise, while you get $100K/year for doing nothing (assuming he's honest enough to pay out, which is not a guarantee. There's no honor in thieves).
With the second, they use his interview skills and your identity to get the job, and then do nothing except get other jobs. It's remarkably hard to fire a U.S. employee without risks of lawsuits. If the employer does seem to catch on, he has a lawyer and a psychiatrist on the payroll too. The psychiatrist produces a doctor's note that you are disabled, the lawyer threatens to sue if you are fired. "You" go on disability, where you can stay for up to a year and they can't fire you. Collect the salary, move on after the year. In the meantime, "you" (or the organization using your identity) has done the same thing to hundreds of other corporations. I personally know 2 managers that have been victimized by this scam.
In all 3 cases, you're not the direct victim of the scam. They're using your identity as a shield to legitimize the scam. When it's discovered, it's you who suffer the reputational risk and/or criminal charges.
The explanation was fine until this point (
That’s… not really true.
Multiple statements can be true at once:
An ordinary employee who is just doing their job and hoping to continue doing their job can be laid off for any number of reasons that are outside of their control. The most common of these is company financial performance, which is both completely invisible and completely uncontrollable for an ordinary employee. Behind the scenes, the decision-makers in these layoffs have very scrupulously designed them to ensure that the people deciding who is laid off have no knowledge of an employee's membership of anything that might be construed as a protected class. This is why they often look so illogical.
A manager who has a problem employee can have a terribly difficult time getting rid of that employee in a way that is legal. My boss had one such problem employee, who did literally zero work after being hired. When my manager had an experienced engineer pair program with him, he literally had to be told what to type, keystroke by keystroke, to get him to produce anything. When my boss called him on this, he produced a doctor's note saying he was depressed and went on disability. Short-term disability can last up to a year, and you cannot fire someone on disability without a paper trail that says "You fired someone on disability, you knew they were on disability, and that is a protected class." Now your lawyers have to argue in court that the fact they were on disability had no bearing on why they were fired.
A person who takes the law as a tool with which to screw others over will do a better job screwing people over than the employee who is just trying to do their job and incidentally wants to keep it, or the manager who is just trying to provide a supportive environment for their reports to do their best work. Because that's what they're paying attention to. If you've got a lawyer combing over case law and statutes to understand the fine points of what you can and cannot be fired for, you can act in ways that ensure that you will win a big payout if you are ever fired. These ways probably bear no resemblance to what our notions of a "good employee" or even a "decent human being" are. But they are effective at collecting a paycheck, potentially from multiple employers at once, and being able to collect a bigger paycheck if your employer tries to get rid of you.
Sadly people really do think that your story (which I'm sure is true) is more common.
It is like saying that it is hard to go swimming without risk of shark attack.
Mostly wrong until you share a bunch of cherry-picked scenarios to support your own beliefs.
“Well yes I knew a guy who liked to splash around in the ocean at sunset wearing his seal costume after ladling chum into the water all afternoon.”
In the US, you don't just get paid for disability. No. The closest thing is FMLA, which:
- is unpaid - only granted after 1 year of work, and - does not guarantee your position
Obviously it’s fraud so don’t do it.
This is absolutely not true. The amount of remote tech jobs with right to work protection is so close to zero to be a rounding error.
You can sue anyone/company at any time for any reason. The case will be dismissed if it has no merit but there is no way to stop the filing aka "suing" which is why legal departments exist.
For individuals, The threat of criminal convictions only works in very limited circumstances, and is limited to people within the same jurisdiction as the buyer.
As other have pointed out, there are multiple types of scammers here.
The most benign are people who just want US salaries. The most malicious is North Korea who will go as far as installing ransomware and infiltrating financial institutions (especially crypto) to steal user money.
We know North Korea is much of the problem since the FBI gets involved in the malicious cases that I described and they publish reports. It’s hard to tell though because companies want to keep news they are infiltrated as quiet as possible.
I’m not sure which type of fraudster sent you this email other than the rate they are saying they will pay (50%) is exceptionally high. We know the North Koreans pay 10% for using your identity for ID verification etc, and 20% if you are the front man.
Nostrademons wrote a great comment about how they can use your identity here in problematic ways. I’m not sure how much this has happened since I have yet to hear about it in private stories from employers, who tend to be pretty candid. From what I can tell the fraudsters want to stay under the radar and be employed as long as possible. A lot are great engineers so they pull it off.
That said, rarely do people want to talk about this topic who are involved so it’s hard to tell what fully happens in each scenario.
I know, working in a large corporation that has been fairly successful at playing realpolitik amongst state-level actors, that whenever we don't know something and have a reasonable belief that nobody else knows it either, the usual exec response is "Well then put out the statement that gives us the most PR advantage." It is a reasonable extension to believe that governments operate like this as well.
Logically, if I were the FBI and were unable to solve a very public crime, there is no way that I would publish that we were unable to solve it. Doing so would weaken the reputation of the FBI and invite copycat criminals. The most advantageous way to handle it is to simply blame it on the adversary of the U.S. that everybody already hates and distrusts. It makes for a good story, it weakens that adversary, if they deny it nobody will believe them anyway, and it keeps the myth of infallibility going. It can also happen at lower levels of the organization without an explicit conspiracy going on to hide the truth. Low-level analyst sees a Chinese IP in the chain used by the hackers, can't trace it beyond that, says "Well North Korea is next to China and an ally, we know their hackers use Chinese ISPs, it must be North Korea!" That way they don't have to admit defeat, don't have to do any additional work, get to keep their job, they're happy, their boss is happy, and they get to go home and have dinner with their family.
The type of crimes that I most commonly see blamed on North Korean hackers are cryptocurrency heists, ransomware, intrusions into computer systems, botnets, employee infiltration, etc. I don't know a whole lot about North Korea; it is entirely possible that their state does sponsor this. But I do know a fair bit about technology, and one thing these crimes all have in common is that if you do them well, and have a modicum of knowledge about what's commonly logged and what's sent over the wire, it is almost impossible to trace them back to you. And they're all things where people globally have an obvious financial or commercial motive to complete - not just states, but ordinary devs living in Nigeria or Ukraine or Vietnam or Turkey. Occam's razor suggests to me that a good number of these "North Korea did it!" crimes are actually other citizens abroad that the FBI can't trace, but rather than admit fallibility, they just blame it on the convenient enemy.
* malicious: hostile actors want to gain footholds into companies - North Korea, etc
* benign: people in lower income countries want to do the job and can make good profit even when giving half the salary to you.
For the second option, some are scams and only want to pocket a month or two of salary without delivering before the company fires them. Others actually deliver and can keep the arrangement going long-term.
Be careful they might try and use your identity to then commit more fraud.
Not affiliated with Hacker News or Y Combinator. We simply enrich the public API with analytics.