We sat down with Nisos CEO Ryan LaSalle, who breaks down the most common types of employment fraud surfacing in today’s remote-first environment. He offers actionable insights for detecting red flags early, explains why employment fraud poses a serious security threat, and shares how companies can tighten their defenses before becoming the next target.
How has the shift to remote work changed the landscape for employment fraud, and what types of fraud are you seeing emerge as a result?
“Remote work has been a development that delivers unprecedented flexibility and opportunity for some employees and companies, but it has also brought along with it a new set of challenges - many which companies are only now beginning to understand. Never meeting your employees in person is a quirk of remote employment, but one that can also open up the door to fraud and abuse. If you never meet your employer, then it is easy to hide your identity from them. We’re seeing growth in four types of employment fraud as a result: foreign country or criminal fraud; outsourcing fraud; identity fraud; and polywork fraud. All are dangerous issues that if ignored could lead to a security issue, reputational damage, or worse.”
What are the primary motivations driving individuals to commit employment fraud, from financial gain to identity theft?
“The motivations are different for each individual, although financial gain of some sort is usually the core motivation to commit employment fraud. Let’s break it down by category:
With foreign or criminal fraud, the employee is seeking to infiltrate a company to channel payroll back home while avoiding sanctions (for example, if the individual was North Korean and was working against a bounty target set out by their organization). We also see similar schemes set up, to gain access to critical company systems (to conduct future nefarious actions such as IP theft).
In the case of outsourcing fraud, an employee actually outsources their job to another gig worker who will complete their tasks for payment. This often enables the employee to work a second job and still profit from the first.
Identity fraud is when an employee creates a false identity to hide who they really are, either because they lack qualifications or have legal issues. It may be as simple as falsifying credentials, or more elaborate such as swapping in others to interview for them, or even co-opting entire work profiles of others.
A growing type of fraud is polywork, where the employee works several full-time jobs at the same time, without approval. In some cases, employees have been found working for competing companies in parallel - exposing those companies to IP ownership risk and more.”
What proactive measures or red flags can organizations look for to detect fraudulent applicants before they gain access to sensitive systems?
“This is where it gets interesting. You really have to take a multi-dimensional approach to both protect the business and respect your employees.
That said, there are several red flags that companies should keep an eye out for regarding potential employment fraud. Three of the biggest ones are: a difference in skill sets, information inconsistencies, and a lack of personal contact.
When it comes to skill sets, we’ve seen many candidates claim to have relevant experience, only for it to be discovered after the fact that they cannot perform the tasks indicated on their resume or interview. There could be valid reasons for this, for sure, but it is a red flag that perhaps you should investigate further.
Another red flag that is often missed is inconsistencies in employee information, or sudden changes in that information after being hired. A common action by fraudsters is to update mailing addresses right before company materials and equipment are shipped to them, but after being hired. Coming across several different accounts with the same name and photo, or different names but similar information are also red flags.
A last one to be aware of is the lack of personal information available on the internet. Those committing employment fraud are typically very thorough when it comes to employment websites and software or messaging tools, but if there are no instances of personal content anywhere on the web, it is a big red flag.
One of these alone doesn’t give a clear indication of fraud - but two or more certainly makes it worth it to dig in a little further and make sure. Your ‘spidey-sense’ should be tingling.”
How does employment fraud pose a broader security risk to organizations, and could it potentially lead to insider threats?
“Employment fraud is a danger that many companies simply don’t have on their radar - until it’s too late. Many take the attitude that they’re not important enough to be a victim, or that it could never happen to them because of their vetting process. The reality is that it takes only one breach, one infiltration to have data stolen, to disrupt operations and to ruin a company’s reputation.
While some fraudsters are just looking for a job, some are ultimately looking to gain access to information and systems - either yours, or a partner network that you’re connected to. They are exposing your data, assets, and people. If they’re successful, the resulting financial, business, reputational, and legal issues can be significant.”
Looking ahead, what immediate steps would you advise companies to take to mitigate employment fraud risks, especially for those newer to remote hiring practices?
“In our work, we’ve been able to discover some repeated tactics, techniques and procedures (TTPs) that are used in employment fraud schemes. A combination of newer management best practices, internal investigation techniques and reviews of Open Source Intelligence (OSINT) can usually turn up any fraudsters.
With that in mind, there are some actions that employers can take to improve your chances of catching employment fraud early:
Applicant screening - insist that the applicant interview process include an on-camera and/or in-person interview. Many hiring for remote work have allowed off-camera interviews, which makes fraud easier.
Confirm documentation - ensure that the applicant provides identification documentation in-person. This can deter anyone suspected of fabricating a persona. This gets tricky with remote workplaces, but can be something to request if you suspect foul play.
Review public information - what is available online already about the applicant? Is the information - such as name, appearance, work history, location and education - consistent?
Call the references and be thorough - many organizations skip this or only contact one reference. Make sure the references are who they say they are, and can verify details about the applicant and their work history. Hesitation or discrepancies - or the inability of a reference to join by camera - are red flags.
Confirm identity and details during onboarding - require mandatory in-person onboarding and/or that equipment is only given out in-person. Many fraudsters try to change addresses to another when it comes time for equipment and payroll - and that is an indicator of employment fraud as well.
The other action is a more basic one, but just as important. Collaborate. Make sure that your security, legal, and HR teams all work together on the issue, especially as suspicions escalate. There are often nuances that one team will detect, understand, and be able to bring to the table that others might be unaware of. For example, an employee could have a very valid reason for changing information or failing to be successful at a task.
Employment fraud can be a serious matter - and being aware of the problem and warnings, and working together with colleagues in key departments businesses can reduce their risk.”